The document discusses proposed changes to ISO13485:201X from ISO13485:2012. Key changes include a stronger emphasis on risk management, more requirements for outsourced processes and supplier control, expanded regulatory requirements, and increased focus on validation, verification, and design transfer. There will also be greater requirements for feedback and tying nonconformities to corrective and preventive action programs. The numbering system will stay the same but some changes from ISO9001:2015 will be adopted and the standard will more closely align with medical device regulations.
PECB Webinar: Overview of ISO 13485 - Medical DevicesPECB
The webinar covers:
• The key section of ISO 13485
• The benefits of ISO 13485
• In brief how ISO 13485 & ISO 9001 correlate
Presenter:
This webinar was presented by Raza Shah, Chief Editor and Owner of Bitehqeeq.
Link of the recorded session published on YouTube: https://youtu.be/gZlhUlqgo1g
Differences Between ISO 13485 and ISO 9001riteshreddych
ISO 13485:2003 includes specific requirements for quality management systems in the medical device industry. It harmonizes with regulatory requirements like the Quality System Regulation (QSR). Key differences from ISO 9001:2000 include a stronger focus on regulatory compliance, process documentation, traceability, and risk management in product design. The document discusses the reasons for adopting ISO 13485 over ISO 9001 for medical device manufacturers.
This document provides information about a presentation on quality management systems that comply with ISO 13485:2016. The presentation will be led by Lena Cordie, who has over 20 years of experience in quality and project management for medical device companies. The presentation will provide an overview of ISO 13485:2016 requirements and help companies understand how to implement quality management systems that achieve compliance. It will also discuss changes from the previous version of the standard and address related standards and regulations from FDA and EU. The target audience includes executives and managers in quality, regulatory, and other relevant roles for medical device companies.
The document provides an overview of key differences between ISO 13485:2016 and ISO 9001:2015 quality management standards for medical devices. ISO 13485 focuses specifically on safety and regulatory requirements for medical devices, while ISO 9001 takes a more general risk-based approach. Some key differences highlighted include ISO 13485 retaining its requirement for documented procedures and a management representative, while ISO 9001 no longer requires these. The document also provides more detail on specific ISO 13485 clauses such as management review, document control, and feedback.
ISO 13485 is an international quality management standard for medical device companies. It is based on ISO 9001 and specific to ensuring product safety and effectiveness. Key requirements include effective quality management systems, management responsibility, resource management, product realization, measurement and improvement. Companies must implement ISO 13485 through a process approach focusing on customer requirements, continual improvement, and meeting regulatory requirements. Successful implementation requires support from top management and a focus on processes rather than just procedures.
How to Prepare Your Organization for the Transition to ISO 13485:2016Greenlight Guru
The much anticipated revision to ISO 13485, the global medical device quality management system (QMS) standard, was released late February 2016.
The new ISO 13485:2016 ushers in a whole new wave of changes and requirements medical device manufacturers must adhere to, which we covered on our previous webinar here.
ISO tells us that there will be a three year transition period after which the guidance says, “any existing certification issued to ISO 13485:2003 will not be valid.”
The time to start planning your organization's transition to ISO 13485:2016 is now. Or face playing expensive catch up later.
In this presentation, you'll learn:
-What your organization needs to be doing to prepare for the transition to ISO 13485:2016
-Why the transition presents an opportunity for your organization to implement better processes
-An overview of the specific changes coming with ISO 13485:2016
-The actions you should be taking now and how to plan for the implementation of the standard
Access full presentation here: https://www.greenlight.guru/webinar/iso-13485-2016-transition-planning
PECB Webinar: Overview of ISO 13485 - Medical DevicesPECB
The webinar covers:
• The key section of ISO 13485
• The benefits of ISO 13485
• In brief how ISO 13485 & ISO 9001 correlate
Presenter:
This webinar was presented by Raza Shah, Chief Editor and Owner of Bitehqeeq.
Link of the recorded session published on YouTube: https://youtu.be/gZlhUlqgo1g
Differences Between ISO 13485 and ISO 9001riteshreddych
ISO 13485:2003 includes specific requirements for quality management systems in the medical device industry. It harmonizes with regulatory requirements like the Quality System Regulation (QSR). Key differences from ISO 9001:2000 include a stronger focus on regulatory compliance, process documentation, traceability, and risk management in product design. The document discusses the reasons for adopting ISO 13485 over ISO 9001 for medical device manufacturers.
This document provides information about a presentation on quality management systems that comply with ISO 13485:2016. The presentation will be led by Lena Cordie, who has over 20 years of experience in quality and project management for medical device companies. The presentation will provide an overview of ISO 13485:2016 requirements and help companies understand how to implement quality management systems that achieve compliance. It will also discuss changes from the previous version of the standard and address related standards and regulations from FDA and EU. The target audience includes executives and managers in quality, regulatory, and other relevant roles for medical device companies.
The document provides an overview of key differences between ISO 13485:2016 and ISO 9001:2015 quality management standards for medical devices. ISO 13485 focuses specifically on safety and regulatory requirements for medical devices, while ISO 9001 takes a more general risk-based approach. Some key differences highlighted include ISO 13485 retaining its requirement for documented procedures and a management representative, while ISO 9001 no longer requires these. The document also provides more detail on specific ISO 13485 clauses such as management review, document control, and feedback.
ISO 13485 is an international quality management standard for medical device companies. It is based on ISO 9001 and specific to ensuring product safety and effectiveness. Key requirements include effective quality management systems, management responsibility, resource management, product realization, measurement and improvement. Companies must implement ISO 13485 through a process approach focusing on customer requirements, continual improvement, and meeting regulatory requirements. Successful implementation requires support from top management and a focus on processes rather than just procedures.
How to Prepare Your Organization for the Transition to ISO 13485:2016Greenlight Guru
The much anticipated revision to ISO 13485, the global medical device quality management system (QMS) standard, was released late February 2016.
The new ISO 13485:2016 ushers in a whole new wave of changes and requirements medical device manufacturers must adhere to, which we covered on our previous webinar here.
ISO tells us that there will be a three year transition period after which the guidance says, “any existing certification issued to ISO 13485:2003 will not be valid.”
The time to start planning your organization's transition to ISO 13485:2016 is now. Or face playing expensive catch up later.
In this presentation, you'll learn:
-What your organization needs to be doing to prepare for the transition to ISO 13485:2016
-Why the transition presents an opportunity for your organization to implement better processes
-An overview of the specific changes coming with ISO 13485:2016
-The actions you should be taking now and how to plan for the implementation of the standard
Access full presentation here: https://www.greenlight.guru/webinar/iso-13485-2016-transition-planning
Specific Detailed Changes to the New ISO 13485:2016Greenlight Guru
Today's medical device regulatory environment is changing faster than ever. Keeping up can be daunting. The new quality management standard ISO 13485:2016 was published in Q1 of 2016.
greenlight.guru has partnered with special guest and consultant, Mark Swanson, to keep you ahead of these changes.
Mark spent the last 4 years on the working group that revised the new ISO 13485.
Mark has all the exclusive insider knowledge on the changes you want. And he's going to be sharing it with you for free.
(You can view the full webinar here: http://www.greenlight.guru/webinar/iso-13485-2016-changes)
In this webinar you'll learn specifically:
-How to prepare for the coming regulatory changes with ISO 13485:2016
-How to apply risk based thinking to your quality processes to ensure compliance
-What you need to know about the design control updates
-How to incorporate ISO 9001:2015 and 13485:2016 to your supplier controls
-A general overview of the standard and its most significant changes (before anyone else)
Explanation of ISO standard 13485 (QUALITY MANAGEMENT SYSTEM OF MEDICAL DEVICES) in a clarified way to understand it well in a simplified way through this mode. Your comments are appreciated.
ISO 13485 is an international quality management standard for medical devices. It specifies requirements for a quality management system including design, development, production, installation, and servicing of medical devices. The standard aims to demonstrate safety and quality of medical devices and services. Key requirements include control of documents, records, risk management, design and development processes, purchasing, product identification and traceability, monitoring and measurement, handling of nonconforming products, corrective and preventive actions, and a feedback and vigilance system.
This document has been prepared to provide a summary on the changes between ISO 13485:2003 and ISO 13485:2016. The documents contains the following:
a. Benefits of the new version of the standard.
b. Few key definitions
c. Mapping between the versions as per ISO.org.
d. Summary of key changes between the versions of the standard
ISO 13485 has been revised in 2016 to expand its scope to external suppliers and service providers in addition to medical device manufacturers. Key changes include requiring a risk-based approach to device safety and performance, controlling all changes to processes, and validating computer software used in quality management systems. The standard also places more emphasis on handling customer complaints, controlling nonconforming products, and maintaining design and development files. Organizations must comply with the new ISO 13485 requirements starting in March 2016.
Training Academy Schedule - August 2016 -July 2017Fraser Hickman
This document provides information about training courses offered by the BSI Training Academy. It begins with an overview of BSI and its role in developing standards and providing training. It then discusses the benefits of training, BSI's experience and values when it comes to delivering high quality training. The document provides details on the various courses offered, categorized by topic area, and describes which courses would be suitable for different roles within an organization. It emphasizes that BSI's training aims to help organizations embed best practices and excellence.
The document discusses ISO 13485:2016 which is an internationally recognized quality management system standard for medical device organizations. It outlines the key requirements for establishing a quality management system including determining processes, documenting procedures, managing documents and records, ensuring management responsibility and review, controlling purchasing and product realization, and conducting internal audits. The standard aims to help organizations consistently meet regulatory requirements and customer needs for medical devices.
PECB Webinar: Proposed changes for medical device quality management systems ...PECB
We will cover:
• Overview of proposed changes to ISO 13485:201X, MDSAP
• New EU regulations and unannounced audits
• New directions for QMS and regulatory audits
Presenter:
This webinar will be presented by Danny Kroo, the founder and principal consultant at Docusys Corporation.
ISO 13485 outlines quality management system requirements for medical device manufacturers. It requires organizations to establish documented processes for planning and managing key activities like risk management, product realization, and quality improvement. Records must be maintained to demonstrate conformity to standards. Management is responsible for ensuring adequate resources, communication of quality policies, and regular reviews of the quality system and opportunities for improvement.
Medical devices – Quality management
systems – Requirements for regulatory
Purposes. ISO is an organization that develops Standards for use
worldwide.
ISO 13485 helps companies do their share in protecting
consumers and users of medical devices.
ISO 13485 Outlines criteria for a good Quality
Management System (QMS).
QMS criteria are good business practices ...
for example:
• Set Quality goals
• Ensure that regulations and other requirements are
understood and met
• Train employees
• Control your production processes
• Purchase from suppliers that can provide products that
meet your requirements
• Correct problems and make sure they do not happen again
ISO 13485 is the medical industry's optimal medical device standard, which ensures that all medical devices meet the proper regulatory compliance laws and customer needs. ISO 13485 certification is a valuable credential put in place to keep professionals and customers safe in clinics, hospitals and other medical settings.
ISO 13485:2016 is based on the ISO 9001 process model approach and is a management systems standard specifically developed for the manufacture of medical devices. Its primary objective is to facilitate harmonized medical device regulatory requirements.
This implementation guide will help you run through the benefits and clauses in detail for implementing ISO 13485.
Find out more or get a quote for certification here – https://www.nqa.com/en-gb/certification/standards/iso-13485
siddhartha consultancy services
www.scsuniversal.com
HR Consulting
Competency Mapping
Assessment Center
Mentoring
Performance Evaluation and Linking
with Reward Systems
Designing HR Processes
HR Outsourcing
Training Need Analysis
Training Evaluation
Psychometric Testing
Personality Profiling
Individual, Team and Organizational Tests
Organizational Survey
Recruitment for National and Overseas
Skills and Competency based selection
Competency Assessment for short listed candidates to fulfill the exact needs of jobs
Training Programmes at SCS
Managerial Skills
Communication Skills
Presentation Skills
Team Building
Leadership
Emotional intelligence
Time and Task Management
Creativity and Problem Solving
Analytical Thinking and Decision Making
Soft skill training for management trainees
Stress Management
HR for Line Managers
Interviewing Skills
Mentoring and Coaching
Counseling
Competency Mapping
Psychometric Testing
ISO 9001 /- Quality Management System
ISO 14001 - /Environment Management System
OHSAS 18001 - /Occupational Health & Safety
ISO 22000 / HACCP / BRC - /Food Safety Management
ISO 27001 - /Information security Management System
Software Management , Risk Assessment/ Design Management, Audit Services
The document summarizes changes between the 2003 and 2016 versions of ISO 13485, which provides requirements for quality management systems for organizations involved in the design and manufacture of medical devices. Some key changes include new requirements for risk management, supplier controls, feedback and verification/validation. The 2016 version also clarifies concepts, adds new definitions, and includes additional documentation requirements for areas like design and development and purchasing processes.
Understanding the New ISO 13485:2016 RevisionGreenlight Guru
he much anticipated revision to ISO 13485, the global medical device quality management system (QMS) standard, was released late last month (Feb, 2016).
The new ISO 13485:2016 ushers in a whole new wave of changes and requirements medical device manufacturers must adhere to, which we covered on our previous webinar here (http://www.greenlight.guru/webinar/iso-13485-2016-changes).
ISO tells us that there will be a three year transition period after which the guidance says, “any existing certification issued to ISO 13485:2003 will not be valid.”
The time to start planning your organization's transition to ISO 13485:2016 is now. Or face playing expensive catch up later.
(You can view the full webinar here: http://www.greenlight.guru/webinar/iso-13485-2016-transition-planning)
In this webinar, you'll learn specifically:
What your organization needs to be doing to prepare for the transition to ISO 13485:2016
Why the transition presents an opportunity for your organization to implement better processes
An overview of the specific changes coming with ISO 13485:2016
The actions you should be taking now and how to plan for the implementation of the standard
ISO 13485 is an international standard for quality management systems for the design and manufacture of medical devices. It supersedes earlier standards and has been harmonized with European medical device directives. Certification to ISO 13485 proves advantageous, and sometimes essential, for medical companies exporting products globally as it demonstrates compliance with regulatory requirements. i3 Consulting is an experienced consulting firm that can help organizations implement an ISO 13485-compliant quality management system and achieve certification.
ISO 13485 Lead Implementer - One Page BrochurePECB
This five-day intensive course provides participants with the expertise to implement and manage a Quality Management System based on ISO 13485. The course covers QMS concepts, planning an ISO 13485 implementation, executing the implementation, controlling and monitoring the QMS, and prepares participants to take the PECB Certified ISO 13485 Lead Implementer exam.
PCD provides quotations to users based on supplier prices by filling out a quotation form. If the user approves the quotation, PCD issues a purchase order that is signed by the SE PCD and Mgr Admin. Goods are then sent to the warehouse after incoming orders with invoices and delivery orders are processed by finance.
PECB Webinar: ISO 29001:2010 – Supplemental Requirements & Impact of ISO 9001...PECB
If you have wondered what are the similarities and differences of ISO 29001 and ISO 9001, this is your chance to learn it. You will also see the requirements and what impact does Quality Management System has in Oil and Gas industry, especially the requirements of ISO 29001.
You will learn all this in two sessions, which will be presented by PECB trainer David Smart, Managing Director of Smart ISO Systems / Smart Mentoring. David’s personal experience spans more than 40 years as a Manager, Auditor and Consultant, specializing in multiple fields related to ISO standards. He is a Lead auditor for ISO 27001, ISO 13485, ISO 9001, ISO 14001, ISO 29001, ISO 17025 and OHSAS 18001, and an active member of various institutes.
This document outlines the key sections and processes of an ISO 9001:2015 quality management system for an organization. It includes sections on leadership and commitment, planning, support, operation, performance evaluation, and improvement. The operation section specifically addresses control of externally provided processes and products, customer communication, design and development, production and service provision, and control of nonconforming products. Planning processes incorporate determining requirements, reviewing requirements, managing changes to requirements, and controls. Performance is evaluated through monitoring, measurement, internal audits and management reviews. Improvement involves nonconformity corrective action and continual improvement.
Specific Detailed Changes to the New ISO 13485:2016Greenlight Guru
Today's medical device regulatory environment is changing faster than ever. Keeping up can be daunting. The new quality management standard ISO 13485:2016 was published in Q1 of 2016.
greenlight.guru has partnered with special guest and consultant, Mark Swanson, to keep you ahead of these changes.
Mark spent the last 4 years on the working group that revised the new ISO 13485.
Mark has all the exclusive insider knowledge on the changes you want. And he's going to be sharing it with you for free.
(You can view the full webinar here: http://www.greenlight.guru/webinar/iso-13485-2016-changes)
In this webinar you'll learn specifically:
-How to prepare for the coming regulatory changes with ISO 13485:2016
-How to apply risk based thinking to your quality processes to ensure compliance
-What you need to know about the design control updates
-How to incorporate ISO 9001:2015 and 13485:2016 to your supplier controls
-A general overview of the standard and its most significant changes (before anyone else)
Explanation of ISO standard 13485 (QUALITY MANAGEMENT SYSTEM OF MEDICAL DEVICES) in a clarified way to understand it well in a simplified way through this mode. Your comments are appreciated.
ISO 13485 is an international quality management standard for medical devices. It specifies requirements for a quality management system including design, development, production, installation, and servicing of medical devices. The standard aims to demonstrate safety and quality of medical devices and services. Key requirements include control of documents, records, risk management, design and development processes, purchasing, product identification and traceability, monitoring and measurement, handling of nonconforming products, corrective and preventive actions, and a feedback and vigilance system.
This document has been prepared to provide a summary on the changes between ISO 13485:2003 and ISO 13485:2016. The documents contains the following:
a. Benefits of the new version of the standard.
b. Few key definitions
c. Mapping between the versions as per ISO.org.
d. Summary of key changes between the versions of the standard
ISO 13485 has been revised in 2016 to expand its scope to external suppliers and service providers in addition to medical device manufacturers. Key changes include requiring a risk-based approach to device safety and performance, controlling all changes to processes, and validating computer software used in quality management systems. The standard also places more emphasis on handling customer complaints, controlling nonconforming products, and maintaining design and development files. Organizations must comply with the new ISO 13485 requirements starting in March 2016.
Training Academy Schedule - August 2016 -July 2017Fraser Hickman
This document provides information about training courses offered by the BSI Training Academy. It begins with an overview of BSI and its role in developing standards and providing training. It then discusses the benefits of training, BSI's experience and values when it comes to delivering high quality training. The document provides details on the various courses offered, categorized by topic area, and describes which courses would be suitable for different roles within an organization. It emphasizes that BSI's training aims to help organizations embed best practices and excellence.
The document discusses ISO 13485:2016 which is an internationally recognized quality management system standard for medical device organizations. It outlines the key requirements for establishing a quality management system including determining processes, documenting procedures, managing documents and records, ensuring management responsibility and review, controlling purchasing and product realization, and conducting internal audits. The standard aims to help organizations consistently meet regulatory requirements and customer needs for medical devices.
PECB Webinar: Proposed changes for medical device quality management systems ...PECB
We will cover:
• Overview of proposed changes to ISO 13485:201X, MDSAP
• New EU regulations and unannounced audits
• New directions for QMS and regulatory audits
Presenter:
This webinar will be presented by Danny Kroo, the founder and principal consultant at Docusys Corporation.
ISO 13485 outlines quality management system requirements for medical device manufacturers. It requires organizations to establish documented processes for planning and managing key activities like risk management, product realization, and quality improvement. Records must be maintained to demonstrate conformity to standards. Management is responsible for ensuring adequate resources, communication of quality policies, and regular reviews of the quality system and opportunities for improvement.
Medical devices – Quality management
systems – Requirements for regulatory
Purposes. ISO is an organization that develops Standards for use
worldwide.
ISO 13485 helps companies do their share in protecting
consumers and users of medical devices.
ISO 13485 Outlines criteria for a good Quality
Management System (QMS).
QMS criteria are good business practices ...
for example:
• Set Quality goals
• Ensure that regulations and other requirements are
understood and met
• Train employees
• Control your production processes
• Purchase from suppliers that can provide products that
meet your requirements
• Correct problems and make sure they do not happen again
ISO 13485 is the medical industry's optimal medical device standard, which ensures that all medical devices meet the proper regulatory compliance laws and customer needs. ISO 13485 certification is a valuable credential put in place to keep professionals and customers safe in clinics, hospitals and other medical settings.
ISO 13485:2016 is based on the ISO 9001 process model approach and is a management systems standard specifically developed for the manufacture of medical devices. Its primary objective is to facilitate harmonized medical device regulatory requirements.
This implementation guide will help you run through the benefits and clauses in detail for implementing ISO 13485.
Find out more or get a quote for certification here – https://www.nqa.com/en-gb/certification/standards/iso-13485
siddhartha consultancy services
www.scsuniversal.com
HR Consulting
Competency Mapping
Assessment Center
Mentoring
Performance Evaluation and Linking
with Reward Systems
Designing HR Processes
HR Outsourcing
Training Need Analysis
Training Evaluation
Psychometric Testing
Personality Profiling
Individual, Team and Organizational Tests
Organizational Survey
Recruitment for National and Overseas
Skills and Competency based selection
Competency Assessment for short listed candidates to fulfill the exact needs of jobs
Training Programmes at SCS
Managerial Skills
Communication Skills
Presentation Skills
Team Building
Leadership
Emotional intelligence
Time and Task Management
Creativity and Problem Solving
Analytical Thinking and Decision Making
Soft skill training for management trainees
Stress Management
HR for Line Managers
Interviewing Skills
Mentoring and Coaching
Counseling
Competency Mapping
Psychometric Testing
ISO 9001 /- Quality Management System
ISO 14001 - /Environment Management System
OHSAS 18001 - /Occupational Health & Safety
ISO 22000 / HACCP / BRC - /Food Safety Management
ISO 27001 - /Information security Management System
Software Management , Risk Assessment/ Design Management, Audit Services
The document summarizes changes between the 2003 and 2016 versions of ISO 13485, which provides requirements for quality management systems for organizations involved in the design and manufacture of medical devices. Some key changes include new requirements for risk management, supplier controls, feedback and verification/validation. The 2016 version also clarifies concepts, adds new definitions, and includes additional documentation requirements for areas like design and development and purchasing processes.
Understanding the New ISO 13485:2016 RevisionGreenlight Guru
he much anticipated revision to ISO 13485, the global medical device quality management system (QMS) standard, was released late last month (Feb, 2016).
The new ISO 13485:2016 ushers in a whole new wave of changes and requirements medical device manufacturers must adhere to, which we covered on our previous webinar here (http://www.greenlight.guru/webinar/iso-13485-2016-changes).
ISO tells us that there will be a three year transition period after which the guidance says, “any existing certification issued to ISO 13485:2003 will not be valid.”
The time to start planning your organization's transition to ISO 13485:2016 is now. Or face playing expensive catch up later.
(You can view the full webinar here: http://www.greenlight.guru/webinar/iso-13485-2016-transition-planning)
In this webinar, you'll learn specifically:
What your organization needs to be doing to prepare for the transition to ISO 13485:2016
Why the transition presents an opportunity for your organization to implement better processes
An overview of the specific changes coming with ISO 13485:2016
The actions you should be taking now and how to plan for the implementation of the standard
ISO 13485 is an international standard for quality management systems for the design and manufacture of medical devices. It supersedes earlier standards and has been harmonized with European medical device directives. Certification to ISO 13485 proves advantageous, and sometimes essential, for medical companies exporting products globally as it demonstrates compliance with regulatory requirements. i3 Consulting is an experienced consulting firm that can help organizations implement an ISO 13485-compliant quality management system and achieve certification.
ISO 13485 Lead Implementer - One Page BrochurePECB
This five-day intensive course provides participants with the expertise to implement and manage a Quality Management System based on ISO 13485. The course covers QMS concepts, planning an ISO 13485 implementation, executing the implementation, controlling and monitoring the QMS, and prepares participants to take the PECB Certified ISO 13485 Lead Implementer exam.
PCD provides quotations to users based on supplier prices by filling out a quotation form. If the user approves the quotation, PCD issues a purchase order that is signed by the SE PCD and Mgr Admin. Goods are then sent to the warehouse after incoming orders with invoices and delivery orders are processed by finance.
PECB Webinar: ISO 29001:2010 – Supplemental Requirements & Impact of ISO 9001...PECB
If you have wondered what are the similarities and differences of ISO 29001 and ISO 9001, this is your chance to learn it. You will also see the requirements and what impact does Quality Management System has in Oil and Gas industry, especially the requirements of ISO 29001.
You will learn all this in two sessions, which will be presented by PECB trainer David Smart, Managing Director of Smart ISO Systems / Smart Mentoring. David’s personal experience spans more than 40 years as a Manager, Auditor and Consultant, specializing in multiple fields related to ISO standards. He is a Lead auditor for ISO 27001, ISO 13485, ISO 9001, ISO 14001, ISO 29001, ISO 17025 and OHSAS 18001, and an active member of various institutes.
This document outlines the key sections and processes of an ISO 9001:2015 quality management system for an organization. It includes sections on leadership and commitment, planning, support, operation, performance evaluation, and improvement. The operation section specifically addresses control of externally provided processes and products, customer communication, design and development, production and service provision, and control of nonconforming products. Planning processes incorporate determining requirements, reviewing requirements, managing changes to requirements, and controls. Performance is evaluated through monitoring, measurement, internal audits and management reviews. Improvement involves nonconformity corrective action and continual improvement.
Major changes brought in by companies bill 2012Vinay Singhania
Major changes by the Companies Bill as passed in Lok Sabha on 8th August, 2013. The focus of this presentation is mainly to bring out the Improved Corporate Governance through this new Corporate legislation
The document provides an overview of proposed changes to the Renewable Fuel Standard (RFS) program as required by the Energy Independence and Security Act of 2007. Key changes include significantly increased renewable fuel volumes, separation of volumes into four categories, new lifecycle greenhouse gas reduction thresholds, restrictions on renewable biomass feedstocks and land. The proposal outlines the new standards, methodology for assessing lifecycle greenhouse gas emissions, provisions for grandfathering existing facilities, and changes to the renewable identification number system for compliance.
Back to the Future... Will CMS' Proposed Provider-Based Rules Reshape the Fut...Polsinelli PC
Polsinelli's Reimbursement Institute presents a special 2-part webinar series, in which it will provide an in-depth analysis of the provider-based changes enacted in the Bipartisan Budget Act of 2015 (Act) and CMS' proposed rules implementing those changes. Virtually overnight, Section 603 of that Act imposed sweeping changes that effectively shut down the development and implementation of new off-campus provider-based hospital outpatient departments.
To implement Section 603, CMS is issuing changes to Medicare's provider-based regulations as part of the CY 2017 Hospital Outpatient Prospective Payment System proposed rule – the first such changes since 2003. This webinar will review the newly proposed regulatory changes, address the practical implications of the proposed rule, and present ideas on how to operationalize CMS's proposals, should they be finalized. This webinar will also highlight potential comment areas that stakeholders should consider.
On our agenda:
-Practical and operational implications flowing from CMS' proposed rule
-Review of hypothetical scenarios impacted by CMS' proposed rule and those that remain unsolved, including relocation of existing facilities, facilities in development, service line expansions, adding services to an otherwise exempt emergency department, space-sharing, and time-sharing
-Review of potential 340B implications
-Overview of critical comment areas
The document discusses the ratification of the US Constitution and the addition of the Bill of Rights. It notes that ratification was only achieved when the framers promised to add a Bill of Rights. The first 10 amendments, addressing individual rights and freedoms, were thus added in 1791 as the Bill of Rights. These amendments established rights that could not be taken away by the government like freedom of speech, religion, press, assembly, and the rights in criminal cases.
Presentation for Rockend\'s Melbourne Strata Users Day - June 2011francescoandreone
The document summarizes a presentation given at a strata users seminar in Melbourne, Australia. It discusses upcoming two-stage reforms to Victorian strata law, compliance issues commonly seen in strata schemes, existing and emerging trends expected to influence strata over the next 10-20 years, and a brief 50-year history of the development of strata title in Australia from its beginnings in the 1960s to the present. The presentation concludes by inviting questions and providing contact information for the presenter.
The Competition Amendment Act No. 1 of 2009 - by director Dominique ArteiroWerksmans Attorneys
The document provides background information on the Competition Commission's new powers to conduct market inquiries in South Africa. It summarizes the objectives and scope of the Commission's ongoing private healthcare market inquiry, including examining rising prices, levels of costs and competition issues. It also outlines the Commission's powers during the inquiry, such as summoning information, and potential outcomes like complaints, consent orders or policy recommendations. The inquiry may uncover issues around information asymmetry, roles of medical agents, and concentrations of market power among key players.
THE LABOUR MARKET IN ITALY: WILL REFORMS ALONE CREATE EMPLOYMENT?telosaes
The document discusses labour market reforms in Italy from 2012-2014, including the Fornero Reform law of 2012 and the Jobs Act law of 2014. The reforms aimed to increase flexibility around hiring and firing while providing more protections for unemployed workers. Key changes included making fixed-term contracts easier for employers but with limits, expanding apprenticeships, and reducing reinstatement of unjustly fired workers to compensation. Critics argue this may increase precarious employment without addressing lack of economic growth and demand. The full effects of the reforms on unemployment are still unclear.
Direct Tax Amendments Applicable From 1st April 2017Amarpal Jakhar
As Financial Year is ending, tax proposals in the Budget 2017 have now become law. This Budget focused on rewarding honest taxpayers, taxing the rich and bringing to task economic offenders. Here we are listing some of the major changes in direct taxation that would apply from April 2017.
The new federal education law gives greater control to states and local school districts. This deck outlines what changes the bill provides in the areas of standards, assessments, accountability and school improvement. It also outlines when these changes go into effect.
The document summarizes proposed changes to simplify and expedite the process of enforcing adjudication determinations in Western Australia. Currently, parties must seek leave from the relevant court to enforce a determination, which can cause delays. The proposed Construction Contracts Amendment Bill would remove this requirement, allowing parties to simply file and serve a certified copy of the determination and affidavit stating the outstanding amount. This is intended to make the enforcement regime more efficient while still allowing judicial review. The changes are expected to be introduced in late 2016 and early 2017.
The document discusses the need for a new Motor Vehicles Act in India to improve road transport. It notes that while India has expanded its road network significantly, road transport faces issues with road safety, speeds, and traffic conditions. The new Act aims to provide a framework for safe, fast, cost-effective movement of passengers and freight to support economic development. Key proposed changes include establishing an independent regulatory authority, bringing more uniformity and use of technology to regulations, and improving infrastructure development and multimodal integration.
PSCSG response before the JSC on the PP & DPP (Amendment) Bill 2015Nigel Campbell
The Private Sector Civil Society Group (PSCSG)
response to the Public Procurement and Disposal of Public Property (Amendment) Bill, 2015 before the Joint Select Committee
Companies act-2013-key-highlights-and-analysisMumbaikar Le
The document provides an overview of key changes and concepts introduced in the Companies Act 2013 relating to definitions, company types, roles and responsibilities, financial reporting, auditing, regulators, and other areas. Some of the major changes discussed include the introduction of new entity types like one person companies and small companies, expanded definitions of terms like independent director and promoter, mandatory requirements for consolidated financial statements, auditor rotation and secretarial audit, and provisions relating to corporate social responsibility, class action suits, and insider trading.
The document discusses amendments made to South Africa's Employment Equity Act of 2014. It aims to further prohibit unfair discrimination and impose harsher penalties for non-compliance. Key changes include new protected groups, new grounds of discrimination, and defining "equal pay for equal work" based on international standards. It also examines a 2014 Constitutional Court case regarding whether an employer's failure to promote an employee constituted unfair discrimination.
Ey nursing-reforms-paradigm-shift-for-a-bright-futureanshuman0309
This document discusses the growing healthcare needs in India and the demand-supply gap in nursing. It notes that India's population is growing and lifestyle diseases are increasing, placing greater demand on the healthcare system. However, India lags in healthcare spending and availability of infrastructure and qualified workforce. Specifically, there is a significant gap between the demand and supply of nurses. India needs an additional 2.4 million nurses to meet the growing demand. Strengthening nursing education and reforms are needed to close this gap and help India's healthcare sector meet the country's growing needs.
Finance bill 2015 16_Changes Proposed in Sales Tax Act, 1990Muhammad Ijaz Syed
The document summarizes proposed amendments to Pakistan's Finance Bill 2015-16 related to sales tax. Some key changes include: defining "active taxpayer"; allowing monitoring of goods via barcodes; reducing time to file returns/pay tax from 15 to 10 days; introducing special audit panels comprising tax officers and private auditors; allowing information sharing with foreign governments; and proposing a reward system for whistleblowers providing credible information leading to tax detection.
QMSR Harmonization: The Future of FDA's Quality Management System RegulationGreenlight Guru
Learn about the future of FDA's Quality Management System regulation.
This presentation originally aired during the 2022 Future of QMS Requirements Virtual Summit.
This document provides a detailed comparison of the changes between ISO 13485:2003 and ISO 13485:2016 for quality management systems in the medical device industry. It outlines numerous additions and clarifications to requirements for areas such as documentation, risk management, design and development, purchasing, production, complaints handling, nonconforming products, and data analysis. Organizations must transition to the new 2016 standard and undergo an audit to ensure compliance with the new requirements before March 2019.
From May 2017, NQA is able to carry out transition audits to the revised medical device standard as a part of your next assessment.
Every organization which wishes to maintain certification to this standard must undergo a transition audit before March 2019 including resolution of any/all non-conformances raised during
the transition audit. To help get you started, the helpful annexes in the new standard have been expanded to give you more detail on where to focus your attention to understand and implement the
required changes. The work required will of course depend on your products/services and the nonapplicable cause specific to your QMS.
Significant changes are underway that impact the quality and regulatory systems of medical device companies and their suppliers. ISO 13485:2016 adds new requirements to address risk management and to better align the standard with global regulatory requirements (FDA, MDD, JPAL, etc.). With the release of ISO 9001:2015, the ISO 9001 and ISO 13485 standards are no longer integrated. A new single audit MDSAP program will be in effect beginning 2017 that incorporates applicable FDA, Canadian, Brazilian, Australian and Japanese quality system requirements into the annual ISO 13485 audit cycle. The presentation will provide an overview of these changes and the steps required to incorporate these changes into existing quality management systems.
This document provides a gap analysis of an organization's quality management system against the requirements of the IATF 16949:2016 standard. It analyzes the organization's implementation of various clauses and requirements, identifying areas that need to be expanded, changed, or implemented for the first time to be fully compliant with the updated standard. The analysis is conducted clause by clause, with explanations of differences between the earlier and current requirements. It will help the organization prioritize and plan changes needed to meet the new standard.
This document discusses the changes between ISO 9001:2008 and ISO 9001:2015 quality management system standards. Some key changes include reorganizing clauses into a 10 clause structure for better alignment, adding requirements for determining organizational context and risks/opportunities, expanding the process approach, and changing terminology like replacing "preventative actions" with "risks and opportunities". Each clause is also analyzed in detail highlighting revisions and additional requirements in the 2015 version.
Use this checklist to record evidence of conformance to the new and enhanced requirements of ISO/IEC 27001:2013. You may complete it
during one or more visits.
The document discusses the changes being made to the ISO/TS 16949 standard for quality management systems in the automotive industry. The standard is being changed to IATF 16949 and will be based on and require compliance with ISO 9001:2015. Some key changes include a new high level structure for management systems, greater emphasis on risk-based thinking and process approach, more leadership requirements, and addressing risks and opportunities rather than just preventative actions. The transition to the new standard focuses on integrating quality management into business strategies and emphasizing top management's responsibility for continual improvement.
The document summarizes the key changes between ISO 27001:2022 and the previous 2013 version. Some of the main changes include:
1. A new name that includes cybersecurity and privacy protection.
2. Shorter at 19 pages compared to 23.
3. New terminology and structure for some clauses around objectives, communication, monitoring and management review.
4. A new annex with 93 controls categorized by type and security properties, compared to the previous 114 controls.
5. Organizations will need to evaluate their existing ISMS and make updates to address the new requirements and structure of ISO 27001:2022.
This document provides an overview of the key changes between the 2005 and 2018 version of ISO 22000 – there are several new requirements in addition to changes to key definitions. You will need to prepare for these changes and adapt your food safety management system to meet the new requirements within the transition timeline.
This document provides guidance on the key changes between ISO 22000:2005 and ISO 22000:2018. Some of the main changes include new requirements to consider the context of the organization, risks and opportunities, and interested parties. There are revised clauses addressing leadership commitment, risk-based thinking, and enhanced documentation requirements. Organizations will need to adapt their food safety management systems to meet the new requirements of ISO 22000:2018 by the transition deadline of June 2021.
ISO 13485:2016 Transition Are You Prepared - OMTEC 2017April Bright
ISO 13485:2016 will apply across the whole supply chain and will address the entire lifecycle of a medical device. Key changes to the standard include harmonization of regulatory requirements; inclusion of risk management throughout the QMS; additional clarity with regard to validation, verification and design activities; strengthening of supplier control processes; increased focus regarding feedback mechanisms; software for QMS; manufacturing and the medical device. These changes require a well-thought-out plan for implementation by March 2019 and continuation of the standard thereafter.
This presentation will highlight the actions you should take now in order to successfully transition to the updated standard.
Presentation Updating the Manufacturing Principles TGA Australia
The document discusses updates to the PIC/S Guide to GMP (PE009). It provides an overview of the processes used by the EMA, PIC/S, and TGA to adopt and implement GMP updates. It outlines some of the key changes between PE009-13 and the previous version, and discusses future revisions including changes expected in PE009-14 regarding premises and equipment, production, complaints and recalls. The speaker emphasizes that GMPs are updated regularly to address risks to patient health and ensure international equivalence, and that manufacturers should follow the TGA's transition plan to adopt the latest requirements.
Awareness session on iatf 16949 2016 standardAmit Mishra
This document provides an agenda for training on IATF 16949. The training will cover an overview of IATF 16949 and how it relates to ISO 9001:2015. It will discuss the key changes between ISO/TS 16949:2009 and IATF 16949, including 14 specific changes. It will also cover the IATF structure, goals of IATF 16949, high level structure, notable changes in terminology, and clause-wise additions and explanations. The training will identify 17 documented processes required by IATF 16949 and certain frequency requirements.
ISO 9001:2008 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits. This presentation will guide you in upgrading your quality management system to the latest version of the standard
Awareness training on HACCP & ISO 22000Farid Ud Din
The document outlines the requirements and documentation needed for three quality management systems: ISO 9001, ISO 22000, and HACCP. It provides tables comparing the clauses and requirements for documented procedures for each system. It also includes descriptions of key aspects of each system such as mandatory documentation, HACCP principles, food safety hazards, and ISO 22000 requirements. The goal is to establish an integrated management system that meets the documentation needs for all three standards.
ISO13485 Awareness Training (9-10th November 2021).pptxssuserd5e406
This document provides an overview and summary of the requirements for ISO 13485:2016 quality management systems. It discusses the typical processes required for any company, the system compliance requirements, documentation requirements including the quality manual and medical device file, and management responsibilities such as management review and commitment. Key clauses from ISO 13485:2016 are summarized, including design and development, risk management, and documentation control.
Typical Quality Management System Based On Iso 9001 2008Isidro Sid Calayag
This document outlines the key elements of a quality management system (QMS) based on ISO 9001:2008. It discusses the objectives of implementing a QMS, including achieving organizational success and meeting requirements. The QMS focuses on customer focus, leadership, involvement of people, process approach, and continual improvement. It addresses management responsibility, resource management, product realization, measurement and improvement to ensure a process-based approach that meets customer needs and enhances supplier relationships.
Similar to PECB Webinar: ISO 13485:201X - Dis 2 - Proposed changes (20)
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
The global implications of DORA and NIS 2 Directive are significant, extending beyond the European Union.
Amongst others, the webinar covers:
• DORA and its Implications
• Nis 2 Directive and its Implications
• How to leverage directive and regulation as a marketing tool and competitive advantage
• How to use new compliance framework to request additional budget
Presenters:
Christophe Mazzola - Senior Cyber Governance Consultant
Armed with endless Excel files, a meme catalog worthy of the best X'os (formerly twittos), and a risk register to make your favorite risk manager jealous, I swapped my computer scientist cape a few years ago for that of a (cyber) threat hunter with the honorary title of CISO.
Ah, and I am also a quadruple senior certified ISO27001/2/5, Pas mal non ? C'est francais.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Date: April 25, 2024
Tags: Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: Digital Operational Resilience Act (DORA) - EN | PECB
NIS 2 Directive - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
In an era where digital transformation is inevitable, the landscape of cybersecurity is constantly evolving.
Amongst others, the webinar covers:
• DORA and its Implications
• ISO/IEC 27005: Risk Management in Information Security
• Leveraging Artificial Intelligence for Enhanced Cybersecurity
Presenters:
Geoffrey L. Taylor - Director of Cybersecurity
Geoffrey Taylor brings a wealth of experience from multiple roles within various industries throughout his career. As a Certified ISO 27001 Implementer and Auditor, as well as certified ISO 27005, CISM and CRISC, he brings a unique perspective on cybersecurity strategy, risk management and the implementation of an Information Security Management System, having helped multiple organizations in aligning their strategy based on their threat landscape.
Martin Tully - Senior Cyber Governance Consultant
Martin is a Senior Consultant at CRMG with over twenty years of experience, and has previously been employed at two of the ‘Big Four’ professional services firms. Martin has worked across most industry sectors in the development of the best practice guidance and risk analysis methodologies. Martin is also accomplished at: leading the implementation of an ISMS; delivering a number of information risk assessments; reviewing information security policies; assessing security requirements across the supply chain; and updating a complete framework of supporting standards. Prior to the ISF, Martin’s roles have included delivering operational risk reporting, running research projects and benchmarking information security investments for major clients. Martin holds a Bachelors degree from Royal Holloway University of London.
Date: March 27, 2024
Tags: ISO, ISO/IEC 27005, ISO/IEC 42001, Artificial Intelligence, Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27005 Information Security Risk Management - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/ffX-Xbw7XUk
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 42001 and their key components
• Latest trends in AI Governance
• Ethical AI practices
• Benefits of Certification
Presenters:
Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001
Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001).
Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001
Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations.
Date: February 28, 2024
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/DujXaxBhhRk
The importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27002 and ISO/IEC 27032 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• CMMC Frameworks
Presenters:
Dr. Oz Erdem
Governance, Risk and Compliance (GRC) consultant, trainer, auditor, and speaker
Dr. Erdem has over 25 years of experience in information security, trade compliance, data privacy, and risk management. He took leadership roles in governance and compliance at various Fortune 100-500 companies and SMBs, including Siemens Corporation, Siemens Industry, Linqs, Texas Instruments, Rtrust, ICEsoft Technologies, NATO C3A, and BILGEM. In addition, successfully managed software development (i.e., embedded, cloud, and SaaS) and digital product projects involving information security, mobile networks, and IoT networks. Further, Dr. Erdem led several non-profit organizations, such as National Association of District Export Councils (NADEC), Government Contractors Council (GovConCouncil), and Central-North Florida District Export Council as the Chairman of the Board.
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
George Usi - CEO of Omnistruct
An internet pioneer and award-winning leader in internet governance with over 25 years of experience, George Usi knows that getting hacked is not a matter of ‘if’ but, ‘when’ and the fiscal and reputational effects that has on a business, the executives, and the board. George is the Co-Founder of Omnistruct, a cyber risk company. Omnistruct protects and expands revenue creation, reputation, and customer retention through cyber risk transference, governance, and compliance. We ensure that security and privacy programs work.
Date: January 24, 2024
YouTube Video: https://youtu.be/9i5p5WFExT4
Website: https://bit.ly/3SjovIP
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
As we approach the new year, the importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 27035 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• Best practices for building a resilient cybersecurity strategy in 2024
Presenters:
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Loris Mansiamina
A Senior GRC Professional consultant for Small, Medium and large companies. Over 10 years, Loris has been assisting clients in both public and private sectors about various matters relating to Gouvernance, Risk Management and Compliance (GRC), Digital transformation, cyber security program management, ISO 27k & ISO 20k implementation, COBIT & ITIL implementation, etc.
Date: December 19, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27035, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27035 Information Security Incident Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/yT8gxRZD_4c
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27005 and ISO/IEC 27001 and their key components
• The standard’s alignment
• Identifying AI risks and vulnerabilities
• Implementing effective risk management strategies
Presenters:
Sabrina Feddal
With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams.
Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation.
Her values: excellence, discretion, professionalism.
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Date: November 22, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27005 Information Security Risk Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/TtnY1vzHzns
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
In today's digital age, cybersecurity is more critical than ever. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27032:2023 and ISO/IEC 27701 and their key components
• The standard’s alignment
• Emerging Cybersecurity Threats
• What is new to the ISO/IEC 27032:2023
Presenters:
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Jeffrey Crump
Mr. Jeffrey Crump is the Principal Consultant at Arizona-based Cyber Security Training and Consulting LLC and a graduate of the Certified NIS 2 Directive Lead Implementer course. He is a Certified CMMC Assessor, Certified CMMC Professional, and Instructor. Mr. Crump is also the author of Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. His book has been expanded into a triad of certification courses on cyber crisis planning, exercises, and leadership.
Date: October 25, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/a21uasr8aLs
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
Cybersecurity is an ongoing journey. The regular update and improvement of security measures is essential to stay ahead of evolving threats.
Amongst others, the webinar covers:
• Benefits of Compliance
• Digital Transformation: Why
• ISO/IEC 27001 and ISO/IEC 27032
• ISO/IEC 27001: Information Security Management System (ISMS)
• ISO/IEC 27032: Cybersecurity Framework
Presenters:
Douglas Brush
Douglas Brush is a federally court-appointed Special Master, and Court Appointed Neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery.
He is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues.
He is the founder and host of Cyber Security Interviews, a popular information security podcast.
Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, diversity, equity, and inclusion, in the information security industry.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Carole Njoya
Founder in 2018 of Alcees, a Paris-based management consulting fabric specialized in cybersecurity, data privacy governance and digital trust, Carole Njoya provides independent, tailored and expert advisory to companies doing business in European markets and serving both B2B and B2C customers. With more than 100 cybersecurity projects delivered, she assists entities in preparing, implementing and maintaining the right best practices under the ISO 27001 compliance framework and GDPR article 25 obligation (Privacy by design) for their vendors. Carole Njoya featured in the « Women Know Cybersecurity » 2019 Twitter list edited by Cybercrime Magazine. Carole Njoya is committed in science and engineering since pre-teen period.
Date: September 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
YouTube video: https://youtu.be/U7tyzUrh8aI
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
The management of AI systems is a shared responsibility. By implementing the ISO 31000 Framework and complying with emerging regulations like the EU ACT, we can jointly create a more reliable, secure, and trustworthy AI ecosystem.
Amongst others, the webinar covers:
• Understanding AI and the regulatory landscape
• AI and the threat landscape
• A risk driven approach to AI assurance - based on ISO 31000 principles
• Stress testing to evaluate risk exposure
Presenters:
Chris Jefferson
Chris is the Co-Founder and CTO at Advai. As the Co-Founder of Advai, Chris is working on the application of defensive techniques to help protect AI and Machine Learning applications from being exploited. This involves work in DevOps and MLOps to create robust and consistent products that support multiple platforms, such as cloud, local, and edge.
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG. Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant. In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense that prioritized key risks to the organisation and helped minimize disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicist in the Oil and Gas Industry.
Date: August 24, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/MXnHC6AvjXc
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
Generative AI offers great opportunities for innovation in various industries. Hence, by adopting ISO/IEC 27032, you can enhance your cybersecurity resilience and efficiently address the risks associated with generative AI.
Amongst others, the webinar covers:
• AI & Privacy
• Generative AI, Models & Cybersecurity
• AI & ISO/IEC 27032
Presenters:
Christian Grafenauer
Anonymization expert, privacy engineer, data protection officer, LegalTech researcher (GDPR, Blockchain, AI) Christian Grafenauer is an accomplished privacy engineer, anonymization expert, and computer science specialist, currently serving as the project lead for anonymity assessments at techgdpr. With an extensive background as a senior architect in Blockchain for IBM and years of research in the field since 2013, Christian co-founded privacy by Blockchain design to explore the potential of Blockchain technology in revolutionizing privacy and internet infrastructure. As a dedicated advocate for integrating legal and computer science disciplines, Christian’s expertise in anonymization and GDPR compliance enables innovative AI applications, ensuring a seamless fusion of technology and governance, particularly in the realm of smart contracts. In his role at techgdpr, he supports technical compliance, Blockchain, and AI initiatives, along with anonymity assessments. Christian also represents consumer interests as a member of the national Blockchain and DTL standardization committee at din (German standardization institute) in ISO/TC 307.
Akin Johnson
Akin J. Johnson is a renowned Cybersecurity Expert, known for his expertise in protecting digital systems from potential threats. With over a decade of experience in the field, Akin has developed a deep understanding of the ever-evolving cyber landscape.
Akin is an advocate for cybersecurity awareness and frequently shares his knowledge through speaking engagements, workshops, and publications. He firmly believes in the importance of educating individuals and organizations on the best practices for safeguarding their digital assets.
Lucas Falivene
Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards.
Date: July 26, 2023
YouTube Link: https://youtu.be/QPDcROniUcc
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
The EU has implemented a range of regulations aimed at strengthening its cybersecurity posture. In this context, the ISO/IEC 27001 standard offers a comprehensive framework for managing and safeguarding sensitive information, such as personal data.
Amongst others, the webinar covers:
• Quick recap on the ISO/IEC 27001:2013 & 2022
• ISO/IEC 27001 vs legislation
• The EU Cyber Legislation landscape
• Some considerations and consequences
• How to stay on top of the ever changing context
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Jean-Luc Peters
Jean-Luc Peters brings 25 years of IT technology, information and cybersecurity expertise to boards, executives, and employees. Since the younger age he has held management positions in the private and government sector. He is currently the Head of the Cyber Emergency Response team for the National Cybersecurity Authority in Belgium. In addition to this, he is also a trainer, coach and trusted advisor focusing on enhancing cyber resilience.
Jean-Luc has helped in the technical implementation of the NIS 1 (Network and Information Security) Directive transposition in Belgium, defining the Baseline Security Guidelines governmental ISMS framework and many other projects. He holds several certifications, including ISO/IEC 27001 Lead Implementer, ISO/IEC 27005 Auditor, CISSP, GISP, Prince 2 Practitioner, ITIL etc.
Date: May 31, 2023
Tags: ISO, ISO/IEC 27001, Information Security, Cybersecurity
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/rsjwwF5zlK8
This document provides information about an informative student session hosted by PECB University and their academic partner Kaizen Training & Management Consultants Limited (KTMC) on May 18, 2023. It introduces Mustafë Bislimi of PECB University and Jacob A. McLean of KTMC. PECB University offers Executive MBA programs in cybersecurity, business continuity management, and governance, risk and compliance. Blocks 1 and 4 are offered by PECB University, while blocks 2 and 3 are offered by KTMC. The session discusses cybersecurity management and KTMC's partnership, training, and consulting services. Studying with KTMC provides advantages of cost, convenience, and expertise.
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
Integrating ISO/IEC 27001 and ISO 31000 can help organizations align their information security and risk management efforts with their overall business objectives, leading to more effective risk management and better decision-making.
Amongst others, the webinar covers:
• Aligning the ISMS process with ISO/IEC 27001
• Using ISO 31000 within the ISMS
• Aligning the RM process with ISO 31000
• How/where does ISO/IEC 27001 fit?
Presenters:
Nick Riemsdijk
As a highly experienced and multi-skilled leader in Information and Physical Security, Nick is known as a collaborative, focused, driven and highly analytical individual with a broad portfolio of successes in client engagements. His expertise spans devising, implementing, managing and delivering information security, physical security, organizational resilience and facilities management solutions for organizations. He is certified as a Certified Information Security Manager (CISM), Certified Protection Professional (CPP), in Project Management (Prince2), ISO 22301 (Business Continuity), ISO 27001 (Information Security), and ISO 31000 (Risk Management).
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Date: March 23, 2023
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/Xj0U2mbpZUs
Student Information Session University CREST ADVISORY AFRICA PECB
This document provides information about an informative student session on March 9, 2023 for PECB University's Executive MBA programs. PECB University offers Executive MBA degrees in cybersecurity, business continuity management, and governance, risk and compliance. The session will discuss simulations that place students in realistic business scenarios, as well as core courses in strategic management and leadership. Crest Advisory Africa is introduced as the academic partner that will deliver specialization and elective courses using various modes including on-site, online and self-study, and provide opportunities for South African students. Contact information is provided for representatives from PECB University and Crest Advisory Africa.
IT Governance and Information Security – How do they map?PECB
Effective IT Governance requires proper Information Security practices to ensure that the organization's data is secure. On the other hand, Information Security policies and procedures must be aligned with the organization's overall IT Governance framework to ensure that security measures do not negatively impact business operations.
Amongst others, the webinar covers:
▪ Bring Governance and InfoSec Together
▪ Answering WIIFM
▪ Business Terms
Presenters:
Dr. Edward Marchewka
Dr. Edward Marchewka is a seasoned executive that has come up through the ranks in the IT vertical, expanding into information security, quality management, and strategic planning.
Edward founded and serves as the Principal for 3LC Solutions, enabling YOU to Tell a Better Story in business, with our vCIO, vCISO, quality, and strategy consulting services, through metrics and relating risk to the business with our CHICAGO Metrics® SaaS solution.
He has also held several roles leading information technology, most recently with Gift of Hope Organ and Tissue Donor Network, leading the Information and Technology Services department as the Director of IT, Data, and Security Services. Prior to Gift of Hope, he ran information security for Chicago Public Schools.
Edward has earned a Doctorate of Business Administration from California Southern University and Masters’ degrees in Business Administration and Mathematics from Northern Illinois University. He earned Bachelors’ degrees in Liberal Studies and Nuclear Engineering Technologies from Thomas Edison State College, N.J. Edward maintains several active IT, security, and professional certifications from (ISC)2, ASQ, ITIL, PCI, PMI, ISACA, Microsoft, and CompTIA. He has held legacy IT certifications from Cisco and HP, and a designation from the National Security Agency.
Date: February 22, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-38500
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/2bSbAdL5Idg
This document provides information about an information session held by PECB University and their academic partner EGYBYTE. PECB University offers Executive MBA programs in Cybersecurity, Business Continuity Management, and Governance, Risk and Compliance. The programs consist of 48 credits delivered through a blended model of distance learning and classroom sessions. EGYBYTE will provide support through Arabic-speaking subject matter experts, various delivery models like online and on-site training, and access to specialization and elective courses. The document outlines the program structures and lists available electives. It also discusses PECB University's accreditations and status as an active institution in the District of Columbia.
Student Information Session University Digital Encode.pptxPECB
oin us as our Director for Business Mustafe Bislimi teams up with Dr. Obadare Peter Adewale, our academic partner Digital Encode Limited, to provide valuable information about our programs, admissions process and specialization and elective courses.
Discover the opportunities available to you as a student at PECB University and get a firsthand look at what makes us a top choice for education.
Whether you're a prospective student or simply curious about PECB University, don't miss this informative session! Subscribe to our channel and stay tuned for more videos.
For inquiries regarding admission process contact us: university.studentaffairs@pecb.com
-EMBA in Cybersecurity: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHJQUUpjMmY2NmcyeURhTzE5VlRSNjg2Y1hwd3xBQ3Jtc0tuLTZqdmZyWkc2VVNQV21YRTlKZUQ2SEtUenNXbzYyb1ZianV5cldDYTViWjZ1eVhCNWtxWHI3VTNwRS1BOE4wTERkZ3BtcndwM0sxdVoydWZYSXBkV2hYd2lwU0NLSTk5WERWMlhtVk1Ud2tuWTRjTQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fcybersecurity&v=3YJbbr708pk
-EMBA in Business Continuity Management: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3JQTGVhd1VfeG1weWNzUzRrMmg2bk0tc3kxUXxBQ3Jtc0tsOVF5VG82TkhRU3R5TVRWWmdhMzBrSTU2eW9wby1OYWN4VTg5bkJBY0lhTmNsOFhETzB5cVp0WU8zbTQwTlZkdk9Dby1fSXdhWmRpZFFPUmk3NS1QOGpMOVBlaDFhVVpwa2JZMkxKNGRnTnppMm93SQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fbusiness-continuity-management&v=3YJbbr708pk
-EMBA in Governance, Risk, and Compliance: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUplMGtjOFRWbzdGWERmdTR2QjdSbTBuQUxCd3xBQ3Jtc0tsNVdOU1p6UERWM3ZySE55V2FlWlJ1aFlzUU85VEt0aVRoR0hyTjNHbUNVYVMyb0lzTkZycUtJRzNxazlDWGRqTHZQMWJPZEYwbG1xWjVJN1JNOW1QUjJBZDY3NkU5LVl0b2xxOFpkZW1ZX2F3QmF5cw&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fgovernance-risk-compliance&v=3YJbbr708pk
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏)-𝐏𝐫𝐞𝐥𝐢𝐦𝐬
𝐃𝐢𝐬𝐜𝐮𝐬𝐬 𝐭𝐡𝐞 𝐄𝐏𝐏 𝐂𝐮𝐫𝐫𝐢𝐜𝐮𝐥𝐮𝐦 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐡𝐢𝐥𝐢𝐩𝐩𝐢𝐧𝐞𝐬:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
𝐄𝐱𝐩𝐥𝐚𝐢𝐧 𝐭𝐡𝐞 𝐍𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐚𝐧 𝐄𝐧𝐭𝐫𝐞𝐩𝐫𝐞𝐧𝐞𝐮𝐫:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
3. PROPOSED CHANGES - NOTES
ISO9001:2015 & ISO13485:201X are going in divergent
directions.
ISO13485:201x is moving in the direction of more closely aligning
with the Medical Device Directives.
The clause numbering system will stay the same as it currently is
and will not follow the new numbering of Annex SL. However
some of the changes in ISO9001:2015 are going to be adopted.
The emphasis throughout the proposed new ISO13485 will be
risk based for all of the processes
4. AGENDA
Projected timeframe for issue quarter 1 2016
Affect of ISO9001:2015 on ISO13485:201X
Main proposed changes to ISO13485:201X
5. CLAUSES 0.1 & 0.2– GENERAL REQUIREMENTS
0.1 - There are 7 expectations of your quality system
0.2 – 4 New goals
6. CLAUSE 1.2 – GENERAL REQUIREMENTS
Has been expanded to include the option of non-applicability to
clauses 6 & 8
7. CLAUSE 3 – GENERAL REQUIREMENTS
A number of new definitions have been added
8. CLAUSE 4.1 – GENERAL REQUIREMENTS
“The roles must be defined and documented for regulatory
authority requirements
9. CLAUSE 4.1.3 GENERAL REQUIREMENTS
4.1.3 – Records are required to demonstrate compliance with the
Standard and appropriate regulatory requirements shall be
established and maintained.
11. CLAUSE - 4.1.6 GENERAL REQUIREMENTS
Clause 4.1.6: software must be validated prior to initial use and when
changes are made to it
There is also a new note that defines areas
18. CLAUSE 5.5.2 - MANAGEMENT REPRESENTATIVE
Note added regarding liaison with regulatory and other external bodies
19. CLAUSE 5.6 – MANAGEMENT REVIEW (GENERAL)
“”The rationale for the frequency will require to be documented”
“any new or revised regulatory authority requirements will now be a
topic at the management review meeting
“ The management review meeting will also have a risk based
approach to it”
“The risk based analysis will also come under the competency
assessment criteria under clause 6,2,2“
“
21. CLAUSE 5.6.3 – MANAGEMENT REVIEW OUTPUT
5.6.3 – Review Output: The DIS states that Outputs of the Management
Review shall include improvement needed to maintain the suitability and
adequacy of the quality management system and its processes,
22. CLAUSE 6.2.1 HUMAN RESOURCES
Competency based: Broader areas covered regarding personnel performing product
quality safety or effectiveness
23. 6.2.2 – COMPETENCE, TRAINING AND AWARENESS
There is now a requirement to check the effectiveness of training whrether it is
conducted internally or external to the organisation
24. 6.3 – INFRASTRUCTURE:
Infrastructure
Order handling methods
Information security systems
25. 6.4 – WORK ENVIRONMENT
A lot of emphasis is now being placed on monitoring of cleanliness
26. 6.4.2 - SPECIFIC REQUIREMENTS FOR
STERILE MEDICAL DEVICES
There is greater emphasis placed on control of micro organisms
27. 7.1 – PLANNING OF PRODUCT REALIZATION:
IIncreased focus on risk management
28. 7.2.1 – DETERMINATION OF REQUIREMENTS RELATED TO THE PRODUCT
Risk based approach
Customer information protection
29. 7.2.3.2 – COMMUNICATION WITH REGULATORY
AUTHORITIES
new clause: Regulatory authorities communication must be documented in four areas
30. 7.3.1 – DESIGN AND DEVELOPMENT PLANNING
More robust approach on documenting design planning activities
Resources & competences
Separate design reviews of verification & validation of design
31. 7.3.5 DESIGN & DEVELOPMENT VERIFICATION
Documented verification acceptance criteria, including sample sizes
32. 7.3.7 DESIGN & DEVELOPMENT TRANSFER
New clause - requiring a documented plan on how you are going to
transfer the design to another facility or outsource it
33. 7.3.9 DESIGN & DEVELOPMENT RECORDS
New clause – Types of records required kept in a file
34. 7.4.1.1 – SUPPLIER APPROVAL
Supplier approval criteria including a risk assessment
35. 7.4.1.2 – MONITORING OF SUPPLIERS
Supplier ongoing performance measurement and re-evaluation with emphasis
on improvement where delinquent – including risk assessment reviews
50. 8.4 – ANALYSIS OF DATA
Audit – resource utilization
Reviews of service reports
51. 8.5.2 – CORRECTIVE ACTION
Corrective action plan commensurate with risks involved
Reviews of product & process data
Documentation updating
Management review of corrective action effectiveness
52. 8.5.3 – PREVENTIVE ACTION
Tie up between corrective & preventive action programmes
53. SUMMARY
• Regulatory requirements
• Risk management
• Validation, verification and design transfer
• Outsourced processes & supplier control
• Feedback
The “X” in the year header denotes that no date has been set for the release of this updated Standard. The stage we are at at the moment is that DIS 2 has been issued this is the second Daft information standard put out for discussion and comment on.
In this presentation I am going to outline my understanding of what the proposed changes might be and their impact.
Note: Only applies to devices sold within European union which carry CE markings
Annex Z The change was made to the 2012cStandard as a number of European countries objected to the inference that ISO 13485 inferred compliance to the Medical Device Directive (MDD). To solve this problem, annexes at the beginning of the new standard have now been expanded to link the clauses of ISO 13485 to the Medical Device Directive
There are three annexes as follows: -
Annex ZA: Relationship between this European Standard and Requirements of EU Directive 93/42/EEC on Medical Devices
Annex ZB: Relationship between this European Standard and Requirements of EU Directive 90/385/EEC on Active Implantable Medical Devices
Annex ZC: Relationship between this European Standard and Requirements of EU Directive 98/79/EC on In Vitro Diagnostic Medical Devices
There was no textual change to the Standard. The foreword was changed and annex z added to the front of the existing 2003 version
Divergent direction: The proposed new standard is an interim measure to more closely align with the medical device directives which apply to the sales and distribution of medical devices within EU countries. The new SL high level structure of ISO9001:2015 will not apply to this standard. Tradionally it has closely followed the development of ISO9001, but a split has occurred and ISO13485 is aligning more with the MDD, however some of the changes adopted in ISO9001:2015 appear to going to be adopted..
Clause Numbering: The current numbering system will remainwith 8 clauses addressed not the 10 as is now required by ISO9001:2015..
Risk based approach: In the proposed new standard much more emphasis is placed on the risks, so you will constantly have to assess and justify your approach to the risks you are exposed to throughout the whole of the Standard
4
Update to Quality Manual: The Quality manual will need updating to address these new requirements.
0.1 – Seven expectations:: There is one additional expectation g) which covers the need to take cognisance of regulatory requirements
0.2 – New goals: Improvements to processes will be based on objective measurement tying in objective with process improvement:
Expansion on Non-applicability: You now have the option to exclude other parts of clauses 6 & 8 not just clause 7, but you have to document your rationale behind each of your exclusions.
Changes to definitions: This will require the creation of a glossary of terms in your quality manual or updating of your definitions in line with these proposed changes
The changes are as follows:
Removed: Supply chain explanation
Added: Clinical evaluation, Distributer, Life-cycle, Manufacturer, Post-market surveillance, Performance evaluation, Pre-clinical evaluation, Risk, Risk management
Modified: Active medical device, Complaint, labelling, Medical device
Regulatory authority: There is a change here where the management representative will have responsibility for handling regulatory affairs. This responsibility and authority must be documented along with the associated competencies. This may change the role of the qualified person if there are two functions existing.
Record keeping: The main changes here will be risk management records and evidence of meeting the regulatory requirements. In later slides we will see the impacts in greater detail
4.1.5 – General Requirements: When you outsource processes, the standard requires that you look at the controls that are going to be put in place for that supplier, from a risk perspective.
Examples of the things that need addressing are – “What happens if the supplier doesn't meet the specifications you provided?” “How will that affect your production cycle or anything that's related to that component?”
The proposed standard will require organizations to consider those things ahead of time, so that they have controls in place to mitigate the risk as soon as possible.
Software validation: The standard will require validation of all computer software that is used as part of the quality system. While it has never been a requirement of ISO 13485, software validation has long been discussed in the industry,. For example, questions arise like, “What if you use an Excel spreadsheet to control a process? Do you have to validate that spreadsheet?” Sometimes organizations don't even know where to begin with software validation — what to validate and how to validate it.
Under these revisions, computer software can be used for, but is not limited to, product design, testing, production, labelling, distribution, inventory control, data management, complaint handling, equipment calibration and maintenance, and corrective and preventive action.
If software involves or affects the quality system, you need to validate it. Plus, you need to have a very specific justification for how you validated that software, keeping records associated with what you did and demonstrating that the software is doing what it's supposed to.
This validation also applies when changes or updates are made to the software
Note: This note provides guidance on the areas that are involved in the validation process
Outsourced processes risk assessments: Any outsourced processes must have a risk assessment done on the suppliers ability to produce. This is not just an assessment of the initial sample/batch but their ongoing ability to supply over time
Technical file documents: There is a list of items A-Z which is not exhaustive and can be used as a guideline as applicable to meet the regulatory requirements It lists 26 elements that ISO expects manufacturers to keep as part of the file, including product description, drawings, specifications, procedures, packaging specifications, instructions for use (IFU), labelling, clinical data, etc. This technical file concept is not new, but the standard now will specifically require you to have it.
In the past this was addressed through the relevant medical device directive, but is now made explicit in ISO13485
Outsourced processes: Any outsourced processes must have a risk assessment done on the suppliers ability to produce. This is not just an assessment of the initial sample/batch but their ongoing ability to supply over time
4.2.1.2 – Documentation Requirements: Another addition is the requirement to keep a file for the device that you're manufacturing, basically a technical file. In the past, this was addressed through the Medical Devices Directive, but it’s being added as part of ISO 13485. It lists 26 elements that ISO expects manufacturers to keep as part of the file, including product description, drawings, specifications, procedures, packaging specifications, instructions for use (IFU), labelling, clinical data, etc. This technical file concept is not new, but the standard will specifically require you to have it.
Patient records: Where for example data is captured and sent over the internet and also maintained in medical centres it will have to be protected from hacking and theft
Quality policy: This is not a change but a personal observation All too often quality policies are cribbed from the internet and do not reflect the values and ethics of the company. The top team should all be involved with putting the quality policy together as that is the core of the QMS. Also they should all approve it, not just get the quality manager to write one cand then get the MD to sign and date it. It is a key document and should be regularly reviewd to ensure that it still meets with the values and ethics the company has.
It is important also to test the understanding by employees of how the quality policy impacts on their jobs and their contribution to ensuring the policy is adhered to. All to often it is a set of “fancy words that have no resinence to the rank and file employees never mind the management team
Section 5 — Management Responsibility
5.4.2 – Quality Management System Planning: This section contains a note clarifying what quality systems planning normally includes, namely quality objectives consistent with quality policy, action items to accomplish objectives, monitoring progress, and revision.
5.4.2 – Quality Management System Planning: There is a note clarifying what quality system planning is and includes, quality objectives that are consistent with the quality policy. You will require to demonstrate action on items to accomplish those objectives, monitor their progress, and review and update them in a timely manner.
5.5.1 – Responsibility and Authority: This clause has been expanded to include all staff rather than the narrow definition of “those affecting quality”. It seeks to clarity how those specific individuals are nominated as being responsible for monitoring of the product, and also for post-production activities.
If we accept the premise that “quality is everybody's business” then we must broaden our thinking to include everybody, not just those directly associated with quality. It is to get away from the thinking of “We make it, you inspect it” . The role of QC is increasingly becoming a production responsibility with the quality department taking the role of quality assurance.
This will have the knock-on effect on the defining along with the demonstration of competence levels. You are going to be required to determine what kinds of skills and there levels that will be needed by personnel and what responsibilities and authorities they will need to have.
5.5.2 – Management Representative: The management representative will require to have the knowledge to deal with regulatory bodies along with other external bodies, They will not just be a point of contact
ISO9001:2015 No management representative requirement: Unlike the new version of ISO9001:2015 which does not require a management representative as the intention is to broaden the responsibilities and authorities for quality across the management team, this standard is sticking to having a MR and possibly broadening the role to cover regulatory matters.
5.6.1 – Management Review; General: There is a lot of discussion around how often management reviews should takes place in standards in general
This is often interpreted as covering the whole Standard over a 3 year period doing the minimum amount of reporting. I Myself I take the viewpoint that it should be done every quarter. My thinking is if the financial performance is reported quarterly which is standard practice then the QMS performance should also be reported on every quarter. This is an additional source of data to manage the business around.
The broader base and source the data is taken from will result in better quality of decision making to manage the business around. You can compare apples with apples and if the financial vary from the quality data it should be investigated especially as the financial reports are all lagging indicators i.e “how we performed over the previous 3 months
Frequency rationale: If you are going to say “I'm going to have them once a year.” then you have to explain logic behind your thinking on why you consider this timeframe is appropriate for your organization.
Risk based approach: Again we see the emphasis on risk assessment, both from a documentation and training standpoint
The header in the table is 2003 there is no textual difference between the 2003 & 2012 standards. The only main change was alignment with the EU Medical Device Directives
Management review output: Management reviews will only be effective if data is recorded correctly in the first place. If the culture in the organisation is a blame one then the issues will be covered up and not recorded so there is nothing to analyse and report on. The culture in the organisation needs to be that “errors” are an opportunity to improve not be used to apportio0n blame.
5.6.3 – Review Output: The DIS states that Outputs of the Management Review shall include improvement needed to maintain the suitability and adequacy of the quality management system and its processes, the current standard only requires improvement to maintain effectiveness of the quality system and its processes.
The current standard only requires improvement to maintain effectiveness of the quality system and its processes.
6.2.1 – Human Resources, General: The emphasis is broadened to include all personnel performing work affecting product quality, safety, or effectiveness to be “competent,”
The draft now breaks down the type of personnel to which this refers. For example, it is very specific about personnel who are involved with fulfilling process requirements, regulatory requirements, and quality system compliance.
It also requires the organization to define what education, skills, and training those individuals need to have to perform each role.
If we accept the premise that “everybody is responsible for quality” rather than having the mind-set of “we make it” “you inspect it”. There is a general acceptance now that the production personnel will be responsible for the QC function and the traditional quality department having responsibility for QA. This breaks down the make it/inspect it mentality which was introduced when mass manufacturing started at the beginning of the industrial revolution. Before that quality was built into the product by the artisan who made it, he had a pride in his work. Current thinking is self-managed teams who collectively take responsibility for the product’s quality
6.2.2 – Competence, Training and Awareness: There is now a requirement to check the effectiveness of any training undertaken whether internal or external
The organization needs to have a methodology to evaluate if the effectiveness of the training is commensurate with the risks associated with the work that the individual is performing.
Keeping a record saying they have been trained will no longer be acceptable in its own right. Now, you need to conduct a risk assessment. Some of the questions to be answered during the risk assessment are “What happens if the training was not clear enough?” “What are the resulting consequences?” “What mitigation activities do we have in place to prevent mistakes from happening?”
6.3 – Infrastructure: Planned maintenance is now a consideration we must take into account, this is similar to the old QS9001 for the automotive industry. You will need to have very clearly documented procedures that specify how those activities are being performed, the planning maintenance intervals and have records to demonstrate what maintenance activities have occurred.
Order handling methods: This clause also now requires you to consider ways for ensuring that you handle orders in a way to so as to prevent mix-ups that affect the product supply chain.
information security systems: are now viewed as infrastructure, which was not the case in the current version of ISO 13485. Information Security is something that can affect the quality of your product, so you need to have procedures in place to train your personnel to manage those activities.
6.4 – Work Environment: The last part under section 6 deals with the work environment. A lot of stress has been place on cleanliness and monitoring within clean rooms and manufacturing areas that deal with sterilized products, to ensure that monitoring for particles is carried out that could have an adverse effect on the product. They reference ISO 14644, the Standard used for controlled environments, as guidance for medical device companies to use in managing clean rooms.
This clause contains more clarity on what is meant by the term “work environment.” which was always difficult to define exactly where the boundaries were. Examples are provided on conditions to be considered such as noise, temperature, humidity, lighting, or weather, and areas of infrastructure such as inspection areas, storage and distribution areas — but it can be any area within an organization that is dealing with product manufacture.
6.4.2 – Specific Requirements For Sterile Medical Devices: There is now a sub-clause on sterile medical devices. The Standard requires that you take additional measures for these types of products, where there is a need to prevent contamination with particulate matter or micro-organisms, and maintain the degree of cleanliness during assembly and packaging operations.
7.1 – Planning of product realization:
Here again there is an increased focus on risk management.
One of the biggest changes to section 7.1 is a requirement to document how the risk management activities are being handled for product planning. The draft guidance highlights several areas where risk management should be incorporated: verification, validation, revalidation, monitoring, testing, and traceability. You will need to conduct an assessment considering the risk as you’re planning for those activities, and that process has to be documented.
A note was also added requesting organizations to look at IEC-62304, which is guidance related to software lifecycle processes. If your device incorporates software, then the guidance requires you to look at all the different lifecycles of that software, so you're planning ahead of time for future changes.
Risk based approach: The word “risk appears 19 times throughout the Standard. This shows a new emphasis whereby risk management is the key approach
7.2.1 – Determination of requirements related to the product: The main elements that changed in this section, which is under 7.2 – Customer-related processes, is the addition of a requirement to determine user training to ensure that the product will be used in a safe and effective manner. (By user, it means the physician or the person who will install the device.) While training is sometimes taken into account by manufacturers, it's not always done consistently. This change seeks to ensure that the training process gets firmed up, and that there are more controls in place when it comes to training.
Customer information protection: The other element that's new in section 7.2.1 is the requirement that organizations protect confidential health information from their customers. This information could arrive in two ways: It could be customer-provided feedback for the organization to incorporate into the requirements for making the product, or it could be post-market surveillance data. Any kind of information that comes from the customer needs to be protected in a confidential manner.
7.2.3.2 – Communication with regulatory authorities:
This is a new clause. Documented arrangements must be in place for communicating with regulatory authorities regarding the following four areas:
product information,
regulatory inquiries,
complaints,
advisory notices.
There must be a documented procedure explaining how you intend handling these communications.
7.3.1 – Design and development planning: This draft standard requires that you now require document your planning. In previous versions it was mandated that you plan design- and development-related activities, but this revision insists upon a more robust approach to documenting those activities.
Another addition to this sub-clause requires that you to have a process in place to ensure traceability of your design and development outputs to design and development inputs.
In addition you need to look at the resources that you will need for design and development stages, including the competence of the personnel who will be involved with those activities. Evaluation of the personnel conducting the design activities must be demonstratable, not just appoint someone without the appropriate background
A new note clarifies that design and development review, verification, and validation have distinct purposes and can be conducted and recorded separately or in any combination that is suitable for the product and the organization.
7.3.5 – Design and development verification:
There is more emphasis in this clause on developing a documented process for planning the design and development verification activities.
It also specifically indicates that verification plans should cover the acceptance criteria and sample sizes utilized in the design, along with the rationale behind the selection of them.
if the intended use requires the device to be connected with other devices, then the design verification activities must confirm that the design outputs still meet the design inputs when connected — you have to evaluate at the verification (check) and validation (prove) stages, not just the device itself but how it performs with other devices or systems. The question to ask is “Will the device continue to do what it’s supposed to do once it's connected to another device or another system?”
7.3.7 – Design and development transfer:
This is a new clause, requiring a documented plan, if you are going to transfer your design to another facility or an outsourcing partner, for example. You must ensure that your design and development outputs are suitable for the production specifications. In other words, if you move your product, will the new site be able to use your specifications and manufacture the products the same way you would have at the existing site? Can this be demonstrated with objective evidence to support your product?
There are eight aspects the organization needs to consider as follows
supplier quality and capability,
manufacturing personnel capability and training,
manufacturing process and process validation,
materials,
manufacturing tools and methods,
manufacturing environment,
installation,
service.
You need to have a process in place that explains how each of these items will be addressed if you transfer the design to another supplier.
7.3.9 – Design and development records:
Again a new clause added, this explains the types of records you need to keep in a file as part of your design and development activities. Previously, it was up to the manufacturer to decide how they were going to manage their records and provide evidence that the device was meeting all the requirements. Now, the draft standard is very prescriptive about the types of documentation required to be kept in the file. Examples include:
Results of preclinical tests related to the device and its conformance with specifications
Biocompatibility studies
Electrical safety and electromagnetic compatibility (EMC)
Software verification and validation
Report on clinical evaluation
Post market clinical follow-up plan and evaluation report
While manufactures are required to keep a file, they may determine what is important to include in their file, so they can have records available. For example, biocompatibility may not applicable to all devices, so it will not appear in every device’s file.
7.4.1.1 – Supplier approval:
This clause clarifies the types of criteria to consider before approving a supplier. You need to have a plan on how you will select suppliers — how you will evaluate, re-evaluate, and then approve them based on their ability to meet your requirements.
Yet again, we see an emphasis on risk analysis. You will be required to demonstrate whether you will have strict controls, depending on how important the vendor products are to your manufacturing operations. In cases where the product is extremely important, you will possibly want to audit those supplier more frequently, requiring them to be ISO 13485 certified, and have periodic meetings to assess how they are performing. If, on the other hand, the supplier is not as critical, you might not be so stringent. The expectation is that you show that you performed a risk assessment to justify requirements for all of your critical suppliers.
7.4.1.2 – Monitoring of suppliers: Organizations must demonstrate that they are checking in on how their suppliers are performing and are utilizing that data as part of the re-evaluation process. If a supplier is not meeting your requirements, you have to show what you are doing to help the supplier improve their performance, or that you are disqualifying them, or that you are engaging in other activities that take into account your risk assessment. You need to have evidence that you are reviewing the data.
7.4.1.3 – Supplier documentation: Following up on 7.4.1.2, this new requirement requires you keep records of your supplier evaluations, including any actions taken as a result of these evaluations.
7.4.2 – Purchasing information: This again is a new requirement requiring you to have quality agreements with your suppliers. If as an example, a supplier makes a change relating to your product or deviates from the original plan — then there are very specific roles and responsibilities that need to take place there.
The supplier needs to communicate with you these amendments to your contracts. Suppliers can't simply change something without letting you know. This is not a new concept, but now the draft standard requires this to be documented and communicated to you from your suppliers.
-
7.5.2 – Validation of processes for product and service provision:
There is now an added requirement to include procedures for validation of sterilization and packaging. If you comply with the European Medical Device Directive (MDD), you will already be doing this; now, the new proposed draft of ISO13485 is going to call for it
.
They also added a reference to the ISO 11607 Standard for packaging terminally sterilized medical devices. This is just another reference you can use as guidance to help you comply with the ISO 13485 requirements.
-
7.5.3 – Product identification and traceability:
Another new sub-clause, 7.5.3.1 states that if a unique device identification (UDI) is required by the regulatory agency in a country where you sell your product, you need to establish and maintain a UDI for your device.
This is likely an FDA-driven clause (since FDA recently implemented UDI rules in the U.S.), but as it becomes a more established practice, additional regulatory bodies will start asking for UDI.
It is also important to point out that this sub-clause requires that you have procedures in place to separate and distinguish returned products from conforming products. If for example you receive returns from a hospital or distribution centre, you need to prevent that product from getting mixed up with your existing product.
7.5.4 – Customer property:
The standard requires that you to look at the regulatory requirements from all countries in which you must preserve confidential health information. If confidentiality is a requirement in a country where your product is sold, you need to have a procedure to address how you will to safeguard confidential information and treat it as customer property.
7.5.5 – Preservation of product: This new section instructs you to evaluate your packaging and shipping containers to ensure they are designed to protect the device from contamination and damage — not only during the processing of the device, but also during handling, storage, and distribution. It forces you to look at the complete lifecycle for that package and perform the necessary validations.
For example, if you plan to ship your devices to a region that is extremely cold, do you know that your package will be able to protect the product? Or is the product going to freeze, resulting in an adverse effect? The same thing goes for high temperatures or other environmental factors. You have to take that into account as you perform your validation.
7.5.5.1 – Particular requirements for sterile medical devices: This is also a new requirement that elaborates on particular requirements for sterile medical devices.
If you manufacture a sterile product, you have to take additional measures to make sure that sterility will be preserved, wherever you plan to ship it and however long it will take to get there. Some questions to ask yourself “How do you demonstrate that the product is going to remain sterile?” Again, you need to have the validation records to prove that that your product meets this requirement
8.2.1 – Feedback:
what has changed here is that the draft standard requires organizations to come up with a documented process for gathering data from production and post-production activities. While the current standard makes general references, this is now more explicit stating that you have to gather feedback and providing guidance on how to do so, the draft standard is more prescriptive about documenting how you gather that data.
Not only will you be required to gather feedback, but also to incorporate it as part of your risk management programme. Any data that you obtain become inputs of your risk management process, to help you determine what effects the feedback will have on the product and whether any changes are necessary within your design or production activities to address these concerns.
In addition, you will have to evaluate that data using some kind of statistical methodology. Each organization will have to decide what method makes the most sense, based on your product and your processes and activities. And if you aren't using any statistical methods, then you have to provide the rationale, justifying why you have chosen not to.
Once you have the analysis, then you need to determine if that needs to go into your corrective and preventative action (CAPA) process. If the notified bodies start seeing trends and issues in your data, but you aren’t raising any CAPAs related to them, then that will become an issue. They want to make sure that you are really acting upon feedback, not just reviewing it.
The last change relates to regulatory requirements, something we have seen across the draft. It asks organizations to look beyond their local requirements to all international regulations that apply to your product, especially related to post-market activities. Certain countries have very unique requirements regarding conducting and handling the data from post-market activities, so you have to make sure that it is incorporated into your policies.
8.2.3 – Monitoring and measurement of processes:
This clause has an added note about the type and extent of monitoring and measurement appropriate to each process, and its impact on the conformity to product requirements and on the effectiveness of the quality system. Organizations need to determine the best way to monitor their processes, depending on their environment and process complexity.
For example, if you are analysing production data and you find that there is an issue with calibration, the action you take might be different than if you are evaluating data from your post-market activities or your preventative maintenance system.
The calibration monitoring for a tool used “in-process” might be different than the calibration monitoring for a tool used in “final” inspection to release product. You will require to be able to justify how tight your controls are based on the circumstances and complexity of each process.
8.2.4 - Monitoring and measurement of product:
This clause now includes a note that states that, "Records shall identify the test equipment used to perform measurement activities and the person(s) authorizing release of product."
Every batch manufactured, will require you to demonstrate what equipment was used. So if 10 measuring gauges have been used in the process , then you need to be able to trace them down to which one you used to measure some aspect of the device before its final release. Not only do you have to trace it back to that instrument, you have to show who in your organization authorized the approval.
It is also important to mention that this was brought up with the latest revision of ISO 14971, the risk management standard.
Now, ISO is tying it in with this section in ISO 13485, so that it is consistent across the standards.
8.3.1 – Control of nonconforming product (general):
Clause 8.3 of the draft guidance has been broken down in several different subsections, the first of which is
8.3.1. This clause requires that the evaluation of non-conformance includes a determination of the need to investigate. You need to show how an issue was investigated and how you notified all the stakeholders involved in the investigation and were associated with the nonconformity.
There is now also a link between the nonconformity and the CAPA system. You will require to be able to show if the issue warranted a CAPA, or if it was just managed within the system itself.
Obviously, you would have to justify why you decided to not escalate it into a CAPA versus just leaving it within the non-conformance management system.
8.3.2 – Actions in response to nonconforming product before delivery:
This clause discusses the actions required to handle the nonconformities before the product is shipped out of your facility.
If you identify the nonconformities before the product leaves the plant, it provides an outline of all the actions that must be completed before you release the product.
As an example, you will need to make sure you eliminate the nonconformity, document your criteria for releasing it, ensure the product meets all specifications, and have addressed the relevant regulatory requirements that other countries may have imposed.
8.3.3 – Actions in response to nonconforming product after delivery:
This clause is similar to 8.3.2, except that it applies to nonconformities identified after the product has been released.
Organizations need to have a documented procedure for issuing and implementing an advisory notice.
8.3.4 – Rework:
This clause is not new — rework was already included in the current standard as part of controlling nonconforming products.
However, now a new section has been added:
.
The section states that if you establish rework, you need to look at any potential adverse effects on the product. Not only that, but it also has to become part of your risk-management process.
When you decide that a product needs to be reworked, you will require to also consider the implications and retest has on the product. How does the rework affect the design of the product or any other manufacturing
8.3.4 – Records:
Again, very little is new here. A specific clause to make sure that you keep all the records associated with your management of nonconformities.
These records would include any decisions, people involved, and authorizations that took place before the product was released.
8.4 – Analysis of data:
This clause requires that you gather data to demonstrate that your quality system is suitable and effective, you are making improvements, and that you are taking actions.
The standard is all about making sure that you have a solid system in place that is continually evolving.
Two requirements were added at the end of this section.
The first is audits. You need to look at your data from audits to determine if you are having more issues in a given area that could potentially become a larger problem. The draft guidance doesn’t specify the types of audits, but you can assume this also covers supplier audits.
Then second new requirement is to review data from service reports. So if you manufacture a device on which you will perform a service, you have to review the data, looking for potential issues.
An example might be If your product is an implantable device, then most likely this requirement wouldn’t apply to you. But if you make capital equipment, you will need to have data that shows what servicing activities you are engaged in and an analysis of how that data is behaving.
8.5.2 (improvement)
A sub-clause is added that requires you to come up with a corrective action plan that is commensurate with the risk.
Depending on the risk of the problem you are experiencing, you would need to establish why you decided to go one way or another with your response to it.
The other thing that has been added was two requirements that organizations need to address in a documented procedure.
One is reviewing product and process data analysis to identify nonconformities for corrective action. This is just tying it back to what we covered earlier in the previous slide under “control of nonconforming product”.
The other is determining and implementing the actions needed, including, where appropriate, updating of the documentation.
Finally, there is a comment about analysing your corrective actions as part as your management review process. This is not something new, but a line has been added to make it clear that you need to have feedback included as part of your management review process
8.5.3 – Preventive action:
The changes to this clause are similar to the previous clause on corrective action. There is a requirement that you review the product and process data analysis to identify potential nonconformities in order to prevent their occurrence.
At the end of the paragraph, there is the same request that analysis of preventive actions should provide feedback to the management review process
1. Regulatory requirements: The first section (0.1) establishes an emphasis on regulatory requirements which we see across the rest of the draft standard. This includes not only the local requirements that apply at your facility, but if you are an organization that commercializes its products globally, you also need to take into consideration the relevant international requirements. There are many references to this throughout the draft standard.
2. Risk management: Another theme that permeates the draft standard is the need to incorporate risk management into all the main quality system processes within your organization. Almost everything you do needs to be based on that risk, justifying that what you are doing is adequate and conforms to what you defined as part of your design and production activities.
3. Validation, verification, and design transfer: The draft standard puts a lot more structure into place surrounding these activities. You must now have plans in place and documented evidence to show what you have done for validation, verification, and design transfer activities.
4. Outsourced processes and supplier controls: The draft standard requires that organizations do a lot more when it comes to outsourcing processes and putting into place controls for assessing suppliers — again based on risk.
5. Feedback: The draft requires you to monitor and measure the performance of your QMS not only during production, but also post-market. You also have to incorporate those activities as part of your risk management process.
The linkage between all the different clauses within the standard has been improved. Now, everything is more interconnected. You to have systems in place that allow you to demonstrate conformance across the requirements. It is a much more integrated approach.