Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • New EU MDR - Technical File new document format

    The most important point is to define which of the suppliers are critical suppliers because with them you need to have a quality agreement. This quality agreement must cover: mutual responsibilities, how the manufacturer will control the supplier, how it will behave in case of a complaint, and the critical supplier must agree to any audits by the manufacturer's notifying authority (if the auditor considers that the manufacturer does not have sufficient control over the supplier).  

    Another important is for the suppliers of outsourced processes. With those suppliers, there is also the necessity of the quality agreement, but this quality agreement must, in addition to the above, also include the supplier's consent to the statutory audit of the manufacturer's notifying authority, but also to unannounced audits.   

    In ISO 13485&MDR Documentation toolkit, we have quality agreements for both types of suppliers, and on this link, you can find the preview:

    • Quality Agreement for Subcontractor https://advisera.com/13485academy/documentation/quality-agreement-for-subcontractor/
    • Quality Agreement for Critical Supplier https://advisera.com/13485academy/documentation/quality-agreement-for-critical-supplier/ 

    • Mapping of requirements categories to ISO 27001 Human Resource controls (Conformio)

      This requirement for a background check can be linked to “Specifying mandatory safeguards” because it requires a specific security practice to be implemented.

    • Question on Creating a Business Case for ISMS ISO 27001:2013

      1. Is the creation of an ISO 27001 ISMS Implementation Business Case document mandatory?

      ISO 27001 does not require the development of a business case for ISMS implementation, although the elaboration of such material can be very useful to help you to identify business objectives related to information security and buy in the top management support for this project, and to define top-level objectives for the ISMS (which are mandatory for the standard).

      These articles will provide you with a further explanation about getting top management support:

      These materials will also help you with top management support:

      2. What components should the business case contain?

      Basically. you need to cover why an ISO 27001 ISMS is needed and what benefits the organization can achieve with its implementation.

      Generally speaking, an ISO 27001 business case would cover these four benefits: assured compliance, enhanced marketing edge, decreased expenses, and improved organizational structure. You can see more detailed information in this article: Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/.

      In our free materials, you can find these two templates that present a general framework to organize the information needed to present a business case:

      3. When is the Business Case document created? before starting the ISMS planning phase? after the gap analysis, after the risk analysis, etc.?

      Generally, the business case is developed to get authorization for starting an ISMS project, i.e., even before the planning phase.

      4. As in the initial phase of an ISO 27001 ISMS implementation project, the cost and/or the investments required for the implementation of the controls for the treatment of risks are not yet known, how is the financial budget of an ISO 27001 ISMS project to add it to the Business Case?

      Since the budget for controls implementation is not yet known at the beginning of the project, in the business case you need to state this issue and that after the risk assessment and treatment process is concluded financial information about the controls can be presented.


      Please note that ISO 27001 does not require all controls to be implemented, and that business context, together with risks and legal requirements are inputs for deciding which controls to implement, so you can adjust your implementation plan according to the available budget and acceptable risks.

      This article will provide you with further explanation:

    • More questions on Additions to Conformio

      First is important to note that setting multiple internal audits to cover smaller parts of the ISMS scope with each one is worthy only for larger companies. For smaller ones, the most efficient approach is to perform a single audit.

      Regarding the identification of risks in the Risk Treatment document, besides the risks from its own unit it should consider at least the risks from other units that refers to assets the business unit is responsible for.

      For example, if a HR unit has a risk related to an IT asset, then the IT unit should read this risk.

    • ISO 27001 question

      ISO 27001 does not prescribe document code to be used in ISMS documents, only that appropriate identification is used.

      This article will provide you with further explanation about document management:
      - Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

      In Conformio, the following information is used to identify documents:
      - Document Version
      - Last Update
      - Author
      - Reviewers
      - Approver
      - Owner

    • Acceptable or Not Acceptable

      hello quick question, Acceptable or Not Acceptable When taping an entry in a lab notebook, Is hash marks (") acceptable on the taped entry. I'm used to name and date, but I am at a new company and they use (")

    • Question regarding ISO27001 implementation - Interested parties

      Your understanding is correct.

      This template is to be considered for laws, regulations, and contracts that can impact information security and the ISMS objectives (e.g., the WEEE directive). Legal requirements related to other subjects do not need to be considered for this template, they would only make the document unnecessarily complex.

      Regarding providers, their contracts and services agreements are handled by means of the Supplier Security Policy.

      For further information, see:

    • Change of GDPR document

      While the Regulation remained the same, we kept improving our GDPR Toolkits with new and improved documents. At this moment the most comprehensive toolkit is the EU GDPR PREMIUM DOCUMENTATION TOOLKIT. There are over 70 document templates that you can use to boost your GDPR compliance project, video tutorials on how and when to use these templates as well as email support and expert review of documents. A full list of documents can be consulted here: https://advisera.com/wp-content/uploads//sites/15/2021/12/List_of_documents_EU_GDPR_Premium_Documentation_Toolkit_EN.pdf .

      Please check out our EU GDPR PREMIUM DOCUMENTATION TOOLKIT: https://advisera.com/eugdpracademy/eu-gdpr-premium-documentation-toolkit/

       

       

    • Should ISO 17025 accredited laboratory be certified with ISO 9001?

      No it is not necessary unless a large organisation wishes to go for ISO 9001 ceritifcation for support departments like HR and Finance. A laboratory that is accredited to ISO 17025 conforms to the requirements of ISO 17025 clause 8, Management requirements for laboratory activities. As these are the clauses covered in ISO 9001 management, It is considered that the laboratory fulfils the intent of ISO 9001. 
Page 83-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +