Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Declaring compliance without certificate

    Working on a contract to distribute MRI's in the US for a 13485 certified overseas manufacturer. While specific metrics will serve best, wondering if adding "Manufacturer agrees to fulfill the minimum standards outlined in ISO 13485 regarding replacement parts, remote support and on -site service" will provide added protection? As you know, competitors and customers in the US are pretty demanding.

    Answer:

    The statement itself doesn't change much in this situation. If the manufacturer has ISO 13485 certificate, then you are OK, although the customers can even require you as a distributor to have the certificate. If you are performing some activities other than distribution (e.g. servicing, installation, etc.), the customers would certainly require you to obtain ISO 13485 certificate. The good news are that the implementation wouldn't be that hard and the certification would not cost too much.

    For more information on the ISO 13485 implementation process, see: Six key benefits of ISO 13485 implementation https://advisera.com/13485academy/knowledgebase/six-key-benefits-of-iso-13485-implementation/

  • Content of the product safety procedure


    Answer:

    SOP (Standard Operating Procedure) for Product Safety should describe the way the organization defined the process of managing the product-safety. The clause 4.4.1.2 has 13 bullets and all the procedure should explain how these requirements are met.

    For example, you need to define who will identify statutory and regulatory product-safety requirements and how, where this information will be kept, and this is for the requirement 4.4.1.2 a). The same should be done for the rest of the requirements. For more information, see: Ensuring product safety according to IATF 16949 https://advisera.com/16949academy/blog/2017/09/20/ensuring-product-safety-according-to-iatf-16949/

    Also, you can take a look at free preview of our Product Safety Procedure https://advisera.com/16949academy/documentation/product-safety-procedure/

  • Incident and workaround

    the third level support group found a Workaround for the Incident. Following IT
    Service Management Best Practice, what will the Service Desk do?
    1. Record the details of the Workaround in the Incident record so that they are
    available for review should the Incident occurs again.
    2. Send the details of the Workaround to Problem Management for analysis.
    3. Record the symptoms of the Incident and the details of the Workaround in the
    Frequently Asked Questions so that users can understand what actions they
    can take should this Incident affect their work.

    Answer:
    Your approach is quite correct. Here are few small additions:
    For #2. – Problem record should be opened. In that way, you'll have recording of activities and you'll be able to overview problem resolution
    For #3 – If that workaround is relevant for end-users then this approach should be used. If not, it will be overhead for them.

    Here are few articles that may provide further information:
    How to ma ke your ITIL/ISO 20000 Problem Management more effective with a Problem Record https://advisera.com/20000academy/blog/2017/02/14/how-to-make-your-itiliso-20000-problem-management-more-effective-with-a-problem-record/
    How to resolve the problem ticket/record according to ITIL/ISO 20000 https://advisera.com/20000academy/blog/2016/04/05/how-to-resolve-the-problem-ticketrecord-according-to-itiliso-20000/

  • Using personal data

    If you get the candidate profile from LinkedIn or another similar platform the candidate should have the option to make his/her information unavailable by blocking a certain member (https://www.linkedin.com/help/linkedin/answer/2839) you can do the same on your end. You can choose to be proactive and suggest the candidate to block you out as well since he/she have that possibility.

    However, you can also inform the candidate that you need to be keeping some minimal information so that you don`t engage him again and deleting all information might mean that he/she might be contacted again if the profile is visible to all.

  • Data Protection Officer


    Answer:

    The responsible person to ensure that the inventory of processing activities would be the Data Protection Officer is the organization is bound to have one based on its processing activities.

    Appointment of a DPO is necessary if (a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; or (b) the core activities of the legal entity consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the legal entity of processing on a large scale of special categories of data pursuant to Article 9 of the EU GDPR - “Processing of special categories of personal data” ( https://advisera.com/eugdpracademy/gdpr/processing-of-special-categories-of-personal-data/) and personal data relating to criminal convictions and offences referred to in Article 10 of the EU GDPR – “Processing of personal data relating to criminal convictions and offences”( https://advisera.com/eugdpracademy/gdpr/processing-of-personal-data-relating-to-criminal-convictions-and-offences/).

    If you don’t need a DPO and don’t want to appoint one, then the task of managing the data inventory can be undertaken by another person within the organization.

  • EU GDPR requirements


    Answer:

    Usually the main establishment will be the place of central administration. In case the place of central administration is not located in the EU, the main establishment will be the establishment in the EU where the main processing activities take place.

    In your case based on your description I would suggest to setup a repres entative in Germany because you will be dealing most with German data subjects but also because the German Supervisory Authority is quite active in providing advice to controllers and processors alike.

  • Cross border personal data transfer procedure


    Answer:

    First of all I would like to mention that cross border transfer refers to the situation where personal data is stored or accessed from outside the EEA. So in your case if the data is stored in UK but it can be accessed from the US than it is definitely a cross border data transfer.

  • ISO 9001 certification


    Answer:

    Any organization can implement a quality management system according to ISO 9001. What results does your organization intends to meet by being certified? If your customers value being also ISO 14001 perhaps you should implement an integrated system (quality and environmental).

    The following material will provide you information about the benefits of certification:

    - ISO 9001 – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
    - ISO 14001 - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • ISO 27001 and EU GDPR


    Answer: ISO 27001 is a standard which focus on protection of information, and EU GDPR is a regulation defining requirements for protection of privacy, so ISO 27001 can be used as basis to achieve compliance with ca 50% of EU GDPR.

    These articles will provide you further explanation about ISO 27001 and EU GDPR:
    - ISO 27001 implementation checklist https://a dvisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    - 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/
    - Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/

    These materials will also help you regarding ISO 27001 and EU GDPR:
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - Free online training EU GDPR Foundations Course https://advisera.com/training/eu-gdpr-foundations-course//

  • Vulnerability scanning periodicity


    Answer: ISO 27001 specify only which objectives must be achieved when performing a vulnerability scanning (see control A.12.6.1 Management of technical vulnerabilities). The frequency should be defined by each organization, considering the perceived risks and the sensitiveness of the information and information systems involved.

    These articles will provide you further explanation about penetration testing:
    - How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
    - How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

    This material will also help you regarding penetration testing:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Page 779-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +