| ISO22301 Questionnaire | | Please provide the following information regarding activities to receive certification. (if not applicable) please write (N.A.): | | * 22301 Complexity and Risk | |
|
| |
| What are the continuity requirements for core business processes through BIA? |
|
|
| What are the continuity requirements for core business processes through BIA? |
|
|
| Please briefly describe the main processes. |
|
|
| If outsourcing process, please list it. |
|
|
| Please indicate relevant technical and legal requirements (licensing documents). |
|
|
| If integrated, please write the which systems? |
|
|
|
| * ISO/IEC 27001 Questionnaire | | Please provide the following information regarding activities to receive certification. (if not applicable) please write (N.A.): | | Business complexity | |
|
| | | IT complexity |
| Factors | Impact on audit day | Score | Please mark (V) |
| IT infrastructure complexity | Few and/or highly standardized IT platforms, servers, operating systems, databases, networks, etc | 1 |
|
| Several and/or different IT platforms, servers, operating systems, databases, networks | 2 |
|
| Many different IT platforms, servers, operating systems, databases, networks | 3 |
|
| Dependency on outsourcing and supplier, including cloud services | Little or no dependency on outsourcing or critical suppliers./ No outsourcing | 1 |
|
| Some dependency on outsourcing or suppliers, related to some but not all important business activities | 2 |
|
| High dependency on outsourcing or suppliers or with large impact on important business activities | 3 |
|
| Information system development | None or a very limited in-house systems/applications development. Use of standardized software platforms./ No Development. | 1 |
|
| Some in-house or outsourced systems/applications development for some important business purposes | 2 |
|
| Extensive in-house or outsourced systems/applications development for important business purposes | 3 |
|
| Total |
| |
|
| | |
|
| * ISO13485 Questionnaire | | Please provide the following information regarding activities to receive certification. (if not applicable) please write (N.A.): | | * ISO 13485 Risk classification levels | |
|
| | | 1) Please attach “Medical device license certificate” | | 2) Please attach “Product registration certificate” | | 3) Please attach “Interested parties “ | | |
Question :
If “Yes”, the audit team shall always include competence for the relevant Technical Areas in Tables A.1.1 – A.1.6 and the “Auditor” requirements in Table B.2. If the answer to all questions is “No”, then the audit team shall satisfy only the “A7:Parts and Services” auditor requirements |
| Is the product a nearly finished and assembled medical device? (i.e., it is intended to be used for a medical purpose and only needs packaging and/or labeling) |
Y
N
|
| Is the product intended to be a component/part of a medical device? |
Y
N
|
| Is the organization contracted to carry out any activities that are regulated by a medical device regulation (e.g., relabeling, remanufacturing of other medical devices)? |
Y
N
|
| Is “Design and Development” in the scope of the ISO 13485 certification? (e.g., when public law permits exclusion of design and development which is the case very often for low-risk medical devices) |
Y
N
|
| Is the product (Raw Materials, Parts, Components, Subassemblies, Maintenance Services, or Other Services) intended to support associated medical devices? Note) Refer to the note in Annex A, Table A.1.7, a) as an example |
Y
N
|
| Please write the name of products. |
|
|
| Please write the technical characteristics of the product |
|
|
| Considering the process, check whether the following requirements apply and if not, indicate the clause number (7.3, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.7, 7.5.10) |
|
|
| Please indicate relevant technical and legal requirements (licensing documents). |
|
|
| If it is an integrated management system, which management system is it integrated with? |
|
|
|
| * ISO45001 Questionnaire |
| Key hazards and OH&S risks |
|
|
| Hazardous materials used in the processes |
|
|
| Legal obligation |
|
|
| 45001 |
Rate of accidents and occupational diseases higher than average for the business sector, |
Y
N
|
| If the members of the public are present on the organization’s site (e.g. hospitals, schools, airports, ports, train stations, public transport), |
Y
N
|
| The organization is facing legal proceedings related to OH&S |
Y
N
|
| The temporary large presence of many (sub)contractors’ companies and their employees causing an increase in complexity or OH&S risks (e.g. periodical shutdowns or turnaround of refineries, chemical plants, steel manufacturing plants, and other large industrial complexes), |
Y
N
|
| Where dangerous substances are present in quantities exposing the plant to the risk of major industrial accidents, in accordance with the applicable national regulations, and/or risk assessment documentation, |
Y
N
|
|
| ISO20000-1 Questionnaire | | Organization must have management controls over the processes based on ISO/IEC 20000-1. Please check the following process. | | Process | |
|
| ISO37001 Questionnaire | | Please provide the following information regarding activities to receive certification. (if not applicable) please write (N.A.): | | Process |
| In which countries does the company operate? |
|
|
| Has an anti-bribery risk assessment been performed for all processes/activities? |
|
|
| What processes are the sensitive processes in the field of anti-bribery carried out at the headquarters? And How many personnel are involved in each process? |
|
|
| In which categories does your organization fall |
| Public administration |
|
| Economic public bodies |
|
| Companies in public control or with public participation |
|
| Associations, foundations and private law bodies financed in a majority way |
|
| Members of the administrative and address bodies are designated |
|
| Third interested organizations (eg voluntary organizations, cooperation bodies) and social cooperatives |
|
| Tade associations (including parties and trade unions) |
|
| The organization operates in the health sector |
|
| The organization operates in the banking and insurance sector |
|
| The organization operates in the utilities sector (gas, thermal energy, electricity, water, transport, communications, postal services) |
|
| Professional associations and national colleges |
|
| Has the organization been involved, in the last 5 years, in legal inquires related to bribery or which may have been percevied by the market as a risk of bribery? (if applicable), please indicate when has this happened) |
|
|
| Does the organization receive from public entities or public companies or international organization any kind of compensation or retribution, including those coming from the subscription of public contracts, greater than 30% of its turnouts? |
|
|
| Please indicate relevant technical and legal requirements (licensing documents). |
|
|
| If it is an integrated management system, which management system is it integrated with? |
|
|
|
|