April, 2008 Newsletter Articles

More on e-Audits

Apr 8, 2008 in Newsletter | 0 comments

Our December 2007 newsletter included an article titled, “Are e-Audits in Your Future?” It discussed the advantages and possible drawbacks of conducting electronic audits from a remote location. Having remote access to documents and records for audit preparation, and then conducting interviews by teleconference, can save travel time and expenses, as well as, be less disruptive to the auditee. However, not being present at the remote location may reduce the effectiveness of the audit. The article examined e-audits by assessing their...

Read More

Nonconformity, Defect, or Finding

Apr 8, 2008 in Newsletter | 0 comments

Nonconformity Are you using the right term? What do you call it when a requirement is not met? ISO 9000:2005, 3.6.2, defines the non-fulfillment of a requirement as a “nonconformity”. As expected, “conformity” is defined in 3.6.1 as the fulfillment of a requirement. However, some auditors use “conformance” and “nonconformance”. Does it matter? ISO 9000:2005, 3.6.1, states that although conformance is synonymous with conformity, it is deprecated. What does that mean? Well, “deprecated”...

Read More

ISO 13485 and GMDCAS

Apr 8, 2008 in Newsletter | 0 comments

GMDCAS stands for “Global Medical Device Conformity Assessment System”, a program initiated by the International Accreditation Forum (IAF). As many as 150 countries have no medical device regulations. Several of these countries are considering establishing their own, unique regulatory requirements, with more countries to follow. As a result, there is a strong need to develop a third party accreditation program that can be used by all countries. Since these countries rely heavily on imported medical devices, their development of...

Read More

ISO 20000 – What is Coming Next?

Apr 8, 2008 in Newsletter | 0 comments

The 1Q08 issue of the TickIT quarterly journal contains an article by Graham Cox on the future of ISO 20000, the IT services management standard. ISO 20000 was published in 2005 in two parts. Part 1 is the Specification and used for certification; Part 2 is the associated Code of Practice. Parts 1 and 2 of ISO 20000 are in the review process and a revised Part 1 is expected in 2009 and the updated Part 2 in 2010. Both parts will take into account ITIL v3. The new Parts planned for the ISO 20000 family are: Part 3: Guidance on Scope and...

Read More

ISO 24762 for IT Disaster Recovery

Apr 8, 2008 in Newsletter | 0 comments

Fires, earthquakes, and pandemics, as well as, terrorism and piracy, may cause organizations to become disaster victims at any time. A new standard, ISO 24762, will help businesses deal with the unexpected and safeguard their reputation, brand, and value-creating activities. ISO 24762:2008, Information Technology – Security Techniques – Guidelines for Information and Communications Technology Disaster Recovery Services, as the title indicates, offers guidance on the information and communications technologies and services necessary...

Read More