Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • 27001 question

    ISO 27001 can help your strategy by helping:
    - identify information security business and legal requirements that need to be fulfilled
    - identify and prioritize information security risks that need to be treated
    - develop information security controls to treat relevant risks

    For further information, see:
    - ISO 27001 Implementation Guide: Checklist of Steps, Timing, and Costs involved https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

    To see how documents compliant with ISO 27001 looks like, please take a look at our ISO 27001 Documentation Toolkit: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

  • Numbering system

    You asked

    I was hoping you could give advice on a numbering system for cross reference between the different documents ?

    The naming convention and file structure is up to you, guided by your document management system platform. We find the folder structure we use for the ISO 17025 toolkit works well for small to medium laboratories. You could as an alternative, if you prefer, use the clause numbers as a folder number, e.g 6.4 Equipment however this can become unclear when you combine procedure together that cover multiple clauses, e.g. the recommended Complaint_Nonconformity_and_Corrective_Action_Procedure. Either way use your Quality Manual and Procedures to cross reference and or hyperlink to your files. Also use the List of Documents and records registers for cross referencing and control.

    You also asked

    Also do you have experience with 510K application at the FDA ? I have a local manufacturer who is busy the process."

    If you are interested in requirements for Medical devices, please visit the Advisera ISO 13485 Academy at https://advisera.com/13485academy/ and ISO 13485 & EU MDR - Expert Advice Community from https://community.advisera.com/ The experts answer to the subject Differences between EU MDR and US FDA regulations may be of assistance. Available at https://community.advisera.com/topic/differences-between-eu-mdr-and-us-fda-regulations/ 

  • IATF ll electric vehicle

    1) IATF is required for electric vehicle manufacturing company?(2 wheeler)

    According to IATF 16949:2015 rules 5, no additional requirement has yet come for electric vehicles.

    As you know Automotive means for IATF rules ‘’ shall be understood to include the following: Passenger Cars, Light Commercial Vehicles, Heavy Trucks, Buses, Motorcycles, and to exclude the following: Industrial. Agricultural, Off-Highway (Mining, Forestry, Construction, etc.). Aftermarket parts are excluded.

    2) If IATF certification not taken by electric 2 wheeler manufacturing company than what will be the outcomes company will face it is growing?

    I think there will be additional requirements in the near future as the number of electric vehicles (for example electric cars) will increase.

    3) is there any standards or information available for 2 wheeler electric manufacturing industry?

    I don't know if there is a special standard for 2-wheeled vehicles, but I think the highway regulations should be valid. IATF rules apply to motorcycle manufacturers. If the motorcycle is electric; I think that those who produce parts for this vehicle can get an IATF certificate.

    4) Apart from IAF certification need for 2 wheeler electric vehicle?

    I think the highway regulations should be valid.

  • Data controllers

    The definition of the data controller as it is presented in Article 4 GDPR – Definitions – is the following: “natural or legal person, […] which, alone or jointly with others, determines the purposes and means of the processing of personal data”. European Data Protection Board in its Guidelines 07/2020 on the concepts of controller and processor in the GDPR states the following related to the “determines” building block in the definition: << A controller is a body that decides certain key elements about the processing. This controllership may be defined by law or may stem from an analysis of the factual elements or circumstances of the case. One should look at the specific processing operations in question and understand who determines them, by first considering the following questions: "why is this processing taking place?” and “who decided that the processing should take place for a particular purpose?”>>

    So the questions you need to ask are “who designed the questionnaires”, “who benefits from the answers in the questionnaires”, “who decides what happens with the personal data in the questionnaires”, etc. If these entities have some degree of autonomy/ independence, then they are controllers or joint controllers. If they just provide forwarding service for other entities, then they should be considered processors.

    Please also consult these links:

  • EU GDPR Status

    The GDPR text did not modify in the past months or years, so the course remains very relevant and up-to-date. Please restart the course whenever you like, and if you have questions, don’t hesitate to contact us!

    Meanwhile, we developed more resources to help you:

  • What are the main areas of ISO 17025 that most Laboratory miss?

    When considering gaps in the implementation there are two types of issues. The first is a deficiency, where a mandatory requirement is not met. For example, external proficiency testing to meet clause 7.7.2. The second is where there is a process implemented, but it is not achieving the intended result. An example here is ineffective Management Review.

    In my experience the requirements for monitoring and evaluation is often not achieved. For example all the requirements for Management Review input (clause 8.9). Another area is method validation / verification (clause 7.2), where it is often not to the extent required. Furthermore labroatories often underestimate the effort and requirements for the management of personnel (clause 6.2), equipment (clause 6.4); and quality control (clause 7.7.1 and 7.7.2) to ensure competency and validity of results.

    The following may be useful to you:

    The article What is ISO 17025? at https://advisera.com/17025academy/what-is-iso-17025/
    The webinar – What are the steps in the ISO 17025 accreditation process? at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar/
    Also have a look at other articles at https://advisera.com/17025academy/blog/

  • ISO 27001 Integration

    We're not experts in PCI DSS, but generally, we recommend ISO 27001 documentation toolkit as a way to contribute to achieving PCI compliance, because PCI-DSS has some requirements that can be fulfilled by ISO 27001 controls from Annex A, such as access control policy, back up policy, etc.

    These articles will provide you with a further explanation of PCI DSS and ISO 27001:

    This material will also help you regarding ISO 27001 implementation:

    This article from ISACA can provide you with a comparison between ISO 27001 and PCI DSS: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-1/comparison-of-pci-dss-and-isoiec-27001-standards

  • Qualifications of EU-rep from May 26th

    Yes, you are correct. You must have an EU rep according to the requirements from the IVDR when you will be ready for the certification with IVDR. For more details please see Article 110 from the IVDR 2017/746 Transitional provisions. There is stated that the requirements of this Regulation relating to post-market surveillance, market surveillance, vigilance, and registration of economic operators, and devices shall apply and replace the corresponding requirements in that Directive 98/79/EC.

  • Do we need ISO 13485 if we have IEC 62304?

    If you are on the EU market then ISO 13485 is mandatory for all manufacturers of medical devices, no matter the type of device. It is stated in Article 8 of the MDR 2017/745 that all manufacturers need to be in compliance with standards that are published by the EU Commission and are called harmonized standards. On that list is more than 300 different standards, but the only standard that covers the quality management system is the ISO 13485:2016/A11:2021.

    For more information, see:

    • EU MDR Article 8 Use of harmonised standards https://advisera.com/13485academy/mdr/use-of-harmonised-standards/

    • Internal audit on Sampling & Analysis

      You asked

      We made a procedure for 7.3 and I am now realizing that 7.3 only needs to be a "plan". I was wondering if we should keep these two requirements separate or possibly roll them together into one procedure that covers both 7.3 and 7.4.  What do you think?"

      It all depends on the activities and scope of work for the laboratory. Clause 7.3 isn't applicable to laboratories that are not involved in sampling. If the laboratory is responsible for sampling, clause 7.3 requires more than just a plan. It requires a sampling plan and method, and a number of forms and records. It is recommended to document a sampling procedure and to keep the procedures separate. 

      Clause 7.4 is applicable for any processing and  “sub sampling” of the sample, for example grinding and splitting into a test portion.

      For more information see the links and my response to a question on the topic Sampling at https://community.advisera.com/topic/sampling-clause-7-3/  and  https://community.advisera.com/topic/cab/ 
Page 96-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +