Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • GDPR applicability

    So if we are a non-EU based organization and offer products/services (not SAAS) to a few EU based companies (not all customers in EU) would GDPR apply to us ? Especially if we maintain EU-customer information like email, address and phone number? We are not collecting customer data based on any controller instructions, we have their data because they take subscriptions of our products/services. The only data we retain are email id, phonenumbers and physical addresses.

    Article 3 GDPR - Territorial scope states the following: “This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union”. So in this case GDPR applies to you.

    Many US-based companies find GDPR compliance a little difficult to handle. Advisera's EU GDPR Documentation Toolkit can help you comply with GDPR as a U.S. company - it has all the necessary documents for controllers and processors, as well as support from our GDPR experts.

    Please also visit these links:

  • MDR vs CFR 21

    There are some differences between documentation. You can find it in the following article:

    For any other questions, do not hesitate to contact us. 

  • Direct part marking for reusable devices class I

    In Annex VI of the MDR 2017/745, PART C is stated that 

    "Devices that are reusable shall bear a UDI carrier on the device itself. The UDI carrier for reusable devices that require cleaning, disinfection, sterilisation or refurbishing between patient uses shall be permanent and readable after each process performed to make the device ready for the subsequent use throughout the intended lifetime of the device. The requirement of this Section shall not apply to devices in the following circumstances: (a) any type of direct marking would interfere with the safety or performance of the device; (b) the device cannot be directly marked because it is not technologically feasible."

    So it means, that UDI must be on the device if it is technically possible, otherwise all other information can be separately prepared. 

  • Using ISO 9001 policies for ISO 27001

    You can use the same documents you developed for ISO 9001 that are also required by ISO 27001, you only need to ensure that the documents are updated according to the results of the information security risk assessment and applicable information security legal requirements (e.g., laws, regulations, and contracts).

    These articles will provide you with a further explanation about integrating management systems:

  • Question about privacy notification

    From the details you provided, most likely company A is a Data Controller and company B is a Data Processor for company A. However company B, for its own public website, is a Data Controller so that’s why they have a Privacy Notice. The Data Controller needs to take all technical and organizational measures to demonstrate compliance with GDPR, per Art 25 - Data protection by design and by default. That is why, according to Article 5.1.a – the principle of lawfulness, fairness and transparency – and to Article 13 – Information to be provided where personal data are collected from the data subject – company A is accountable for how it informs its own data subjects about the processing operations carried out by company B on its behalf. So company A should take, with the help of company B, all steps to make sure that the data subjects using the company B services purchased by company A, are informed. Also, according to Article 28 – Processor – company A needs to sign a Data Processing Addendum with company B, after they have performed a minimum due diligence on the supplier to make sure that company B offers the same level of protection for personal data as it is offered by company A.

    At Advisera we have a great EU GDPR Premium Documentation Toolkit that can help you achieve compliance in this case. We have templates for Privacy Notice, Supplier Privacy Notice (that should be sent by Company A to Company B’s employees), Processor GDPR Compliance Questionnaire, Supplier Data Processing Agreement etc.

    Please consult these links as well:

  • Common challenges in accreditation process

    If you are referring to the process of application and accreditation assessment, typical gaps include:

    • Method Validations not extensive enough
    • Internal auditing program not fully established
    • Reporting of results not compliant
    • Internal and External (PT Scheme) Quality checks not sufficient
    • Ineffective handling of Nonconformances and corrective action.

    These often arise due to organisational structure issues; where responsibilities and authorities are not clear and personnel do not understand the true intention of the QMS, purpose of ISO 17025, how the various activities link and how to take a risk based approach to decision making.

    For more information have a look at the question and Answer Accreditation duration at https://community.advisera.com/topic/accreditation-duration/ and the 

    Webinar What are the steps in the ISO 17025 accreditation process?  at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar

  • Audit Scope

    The Audit scope covers the requirements, area (department), activity and depth of what your will be auditing.

    Your Internal Audit Schedule must over the assigned period, cover all departments, activities and all test test methods for which you are seeking accreditation. .e are all the processes, documents and records of information in place  to ensure impartiality, competence and consistent operations.

    Then for the Scope of each planned audit in that schedule , you plan

    • Which department – e.g organic chemistry
    • Which activity – Internal Quality Control (clause 7.7.1)
    • What depth – all test methods that must comply with ISO 17025

    The following will provide more information on Internal Audits:

    How to perform an internal audit using ISO 19011 at https://info.advisera.com/free-download/how-to-perform-an-internal-audit-using-iso-19011
    ISO 17025 document template: Internal Audit Procedure at https://advisera.com/17025academy/documentation/internal-audit-procedure/
    The Five Internal Audit Procedure appendices Internal Audit Program, Internal Audit Checklist, Audit Nonconformity Report, Internal Audit Process Checklist and Internal Audit Report are available separately from the procedure link above; or included in the toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/
    Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
    The Book - ISO internal audit: A plain English guide at https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Records of training, skills, experience and qualifications

    These records are required for those who perform work that can impact information security performance, so they cover not only those involved in implementing ISO27001 Project, but also in the Information Security Management System, operation, maintenance, and improvement.  

    This article will provide you with a further explanation of competencies:
Page 91-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +