Search results

Teleworking Policy and IT Security Policy

Considering that the rules specified in the IT Security Plicy are the same as the ones n case of teleworking and that all our applicatins and SaaS is in the cloud, could we avoid to write a Telewroking Policy and state that the Teleworking is regulated by the IT Security Policy?

Thanks

Risk treatment plan

Is it necessary to implement a treatment plan for all identified risks, or is it only necessary to apply a treatment plan if a medium or high-risk is detected?

I am asking this question because in my risk assessment, all the residual risks are low, and according to my policy, only medium and high risks should receive a risk treatment plan. I want to know if it's appropriate to leave low risks without a risk treatment plan or if I should create one despite all risks being low.

CQI 17

Hi experienced men

Could you please share me the CQI17 implement experiences, including: Checklist template, Procedure,...?

I'm learning to prepare it for IATF audit and certification.

Thanks and Best regards

3.4. Handling classified information

In the Information Classification Policy,, to be more specific in 3.4. Handling classified information what exactly you want me to write down?

Custom Edit Documents

I am just getting started with Conformio and I see a problem. The wizard shows a document with text stating a policy on something we do not do.  I see where I can add a paragraph, but how might I go about removing the text in the wizard that is not relvant to us?

Specifically, it is the Procedure for Document and Record Control stating what we do with phyisical documents.  We are fully remote, and cloud-collaborative.  We do not have phyisical documents (or locations) in the ISMS scope.  And knowing our auditor, if he sees text about physical documents and how we handle them, he will want evidence.  

Multiple scope in one certification

Our company is certified for meeting ISO 13485 requirements for the scope of design, development, manuafcture and sales of product for brand A. Our Parent company has requested to get certified for their brand (i.e Brand B) with the scope of manufacture aand sales of products. Would this be treated as a spearate certification and would require both stages of audits? or can be integrated with existing one as an extension of scope

Recovery

I just want to know if, in best practices, and according to ISO 22301, it is preferable, in case of need for recovery, to perform it fully automatically or require human intervention step by step.

Is there a clause in the ISO 22301 documentation that specifies or describes this fact.

Zeiss CMM Users

Hello.  I am a certified AS9100 internal auditor and was told something recently by another employee at my shop that I am not aware of and would like input.  We have Zeiss CMM's at our shop.  We want to have our programmers have MAaster rights, which means you can do just about anything to the machine.  Then, we wnat to have operators and non-programmers ahve right to run just programs, but make no edits or save changes to the programs.  To do this, we need to set up passwords for both.  I was told that this violates AS9100 with the NIST requirements.  Is this true?  I was not aware of that anyplace.  Thanks for the help with this.

Repackaging of a medical device

The company, which is a distributor of medical devices but not an authorised representative, plans to purchase medical devices in various EU countries and supply them repackaged to other EU countries. The repackaging operations would be as follows: replace the outer packaging (box), stick a new label on the container and adding instructions for use. The package, sticker and instructions would be in the language of the country to which the medical device is to be supplied.  The integrity of the inner container would not be compromised. Do I understand correctly that according to the requirements Article 16 of MDR, such a distributor would have to apply to a Notified Body to have its quality management system assessed by NB?

Contract Review Scope

What is the scope of contract review?  What triggers a contract review?  We are currently reviewing all POs regardless whether they are for existing parts or for new parts.  It seems like overkill and basically contract review has become a production planning process rather than a contract review process.  The focus is purely on do we have the material and capacity to meet the customers due date. By doing this this, we miss a thorough review of new part requirements because we are overloaded with existing part contract reviews that need to be quickly.