Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Change of data processor/GDPR compliance
Answer:
This depends whether or not you are a controller or a processor. If you are a processor and want to change one of your sub processors you will need to at least notify the respective data controllers about the change. If you are a controller you don't need to inform the data subjects about such a change.
If you want to find out more about the EU GDPR check out our EU GDPR Foundation Course (https://advisera.com/training/eu-gdpr-foundations-course//) -
Planning information security continuity
Answer:
We're sorry about this confusion - reference to Business Impact Analysis (BIA) in the Statement of Applicability is needed only for companies that want to be compliant with ISO 22301 together with ISO 27001. If you are going for ISO 27001 only, we do not recommend you to do the BIA because it will complicate the whole process - instead, for the control A.17.1.1 we recommend that you refer to Procedure for Identification of Requirements and List of legal, regulatory and other requirements.
If you decide to go for Business Impact Analysis, you can find the template here: https://advisera.com/27001academy/documentation/business-impact-analysis-questionnaire/ -
ISO45001 Context of the organization
Answer:
External issues that can affect your ability to achieve OH&S outcomes can take many forms. One example of an external issue that would qualify for this would be the knowledge that a supplier who gives you the least hazardous cleaning chemical is unable to supply you any longer and you will need to find another chemical to do your cleaning which will be more hazardous to your employees. The cause of this could be economical with the supplier going out of business, but it could also be political in that they are located in a country that no longer allows exports to your country.
These were only examples to think about, and the real thing to consider is what are the issues that affect our ability to safeguard worker H&S.
For a better understanding of the ISO45001:2018 context of the organization, see this article: Defining the context of the organization according to ISO 45001, https://advisera.com/45001academy/blog/2016/02/03/defining-the-context-of-the-organization-according-to-iso-45001/ -
ISO 45001 Design Process Requirements
Answer:
There are no specific ISO 45001 requirements for the design process, however, like all other processes within your company you would need to assess the hazards and risks that are present in the design processes just as you would for any other process. This is true of many other requirements such as assessing legal requirement, etc.
For a better understanding of the ISO45001:2018 clauses, see this whitepaper: Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001 -
AS9100 Equipment for reference measurement
Answer:
Clause 7.1.5.2 on measurement traceability requires calibration for any equipment that is essential to providing confidence of the validity of measurement results, or in other words measuring equipment used to make official measurements. If the tools you are speaking of are used to make the final measurements that are ensuring final validation measurement on a product then they would need to be calibrated. If they are only reference measurements to ensure that future official measurements are correct then deeming them as calibration not required would not be against AS9100 requirements.
For a better understanding of the AS9100 Rev D clauses, see this whitepaper: Clause-by-clause explanation of AS9100 Rev D, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d -
EMS Manual content
Answer:
ISO 14001:2015 does not require an EMS Manual. So, organizations are free to include whatever they consider relevant. Personally, I recommend looking into this infographic - Infographic: ISO 14001:2015 vs. 2004 revision – What has changed? - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/knowledgebase/infographic-iso-140012015-vs-2004-revision-what-has-changed/ I recommend adding a reference to those major changes and an updating of the others.
The following material will provide you information about the EMS Manual:
- ISO 14001 – What is an environmental management system manual? - https://advisera.com/14001academy/knowledgebase/what-is-an-environmental-management-system-manual/
- List of mandatory documents required by ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-mandatory-documents-required-by-iso-140012015/
- Free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-foundations-course/
- book - THE ISO 14001:2015 COMPANION – A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Separate MR?
Answer:
With the 2015 versions, either ISO 9001 and ISO 14001 no longer require or mention the role of a Management Representative (MR). Being so, organizations wanting to keep these functions are free to consider the best option for their own case.
The following material will provide you information about the future of the management representative:
- ISO 9001 – What will be the destiny of the management representative in the new ISO 9001:2015? - https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/
- ISO 14001 - Is the management representative still the best option to coordinate EMS according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/02/08/is-the-management-representative-still-the-best-option-to-coordinate-ems-according-to-iso-140012015/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Risks and evaluation of compliance
Answer:
You can determine risks related with: the compliance obligations you will have identified as relevant to your EMS and business; the environmental aspects you have identified for your EMS; and the stakeholders and interested parties identified when you considered the scope and context of the organization on establishment and review of your EMS. For each determined risk you should evaluate if there is the need for taking action. That means, you should evaluate if the risk is critical. Each organization should define its own way of evaluating environmental risks. For example, an organization can set as evaluating parameters: probability of risk occurrence and impact of risk occurrence. Each parameter can be evaluated as LOW, MEDIUM or HIGH and set a matrix like the following one:
“In clause 9.1.2 evaluation of compliance the returns submitted as per compliance register is to be checked in auditing EMS. Please explain.”
Answ er:
While auditing an EMS, evaluation of compliance according to clause 9.1.2 of ISO 14001:2015, is audited. As an audit, a sample will be taken and verified by the auditors. The implementation of clause 9.1.2 must ensure that all items included in the compliance register are verified. Once audits work with samples, audits cannot be used to perform evaluation of compliance according to clause 9.1.2.
The following material will provide you information about risks and evaluation of compliance:
- ISO 14001 – ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
- Risks and opportunities in ISO 14001:2015 – What they are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
- Risk Management in ISO 14001:2015 – What, why and how? - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/risk-management-in-iso-140012015-what-why-and-how/
- Compliance requirements according to ISO 14001:2015 – What has changed? - https://advisera.com/14001academy/blog/2015/09/14/compliance-requirements-according-to-iso-140012015-what-has-changed/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Reporting of AE to FDA
MDR 3500 doesn't contain a qty field.
Answer:
You should submit one report of this product if the all the 200 individually wrapped product belongs to a single lot . You should also refer to your local regulatory guideline for clarification.
For more information, please refer to :
How to comply with ISO 13485:2016 requirements for handling complaints
https://advisera.com/13485academy/blog/2017/03/21/how-to-comply-with-iso-134852016-requirements-for-handling-complaints/ -
Deviation from requirements for batch identification
What I mean is: what will happen in an audit if the batch codification does not accomplish the requirements?
can you help me with this?
Answer:
During an audit, when there is a finding, the auditor would first want to know look at your documented procedure and followed by checking with you whether any appropriate justification can be provided for the deviation.
In the case of a minor deviation from the requirement, they would want to know whether any correction has been taken and documented in the form of CAPA. If this has been addressed appropriately, the auditor would likely put it as an observation.
In the case where no corrections are taken, the auditor would require a justification as to why no actions are being taken. A non conformity will be raised in which the auditee would be given a reasonable period of time to perform the corrections.
To know more about corrective actions please look at the following article:
-ISO 13485 continual improvement: Seven-step process for corrective and preventive actions- https://advisera.com/13485academy/knowledgebase/iso-13485-continual-improvement-seven-step-process-for-corrective-and-preventive-actions/