Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Audit Question Stage 1 with FDA compliance
I recently had a client going through Stage 1 and the registration auditor commented on their procedures containing a reference to the CFR 820 as it pertains to their organization as a Distributor and a Servicer. They also were told they need to take an exclusion to Medical Device Reporting, it is not a requirement for a third party servicer, however it is required they have a documented process to record any adverse reporting. The auditor suggested this leaves them open for a more in depth "Audit". However - they distribute, install, service and repair the medical device. FDA would most likely audit this procedure if they were to come to their facility. Has anyone ever had an auditor from the registrar comment on this? -
Do we need an incident management procedure?
Our company has a good incident response plan in place, however it's a requirement of the ISO27001 that we also have an incident management procedure? Do we need this in addition?
-
Independent review
Can this requirement for 'Independent Review' be satisfied internally? That is, review of the ISMS policies and procedures by an in-house team that is not directly attached to the ISO 27001 effort?
Can this requirement be satisfied through the ISO 27001 Certification process, citing the 2 minor audits between major certification as our Independent Review?
Otherwise, what is the best course of action to meet this requirement, and could we gain and keep certification without using this control?