FAQs on the Standard IEC (Risk management for IT-networks incorporating medical devices)

Size: px
Start display at page:

Download "FAQs on the Standard IEC 80001-1 (Risk management for IT-networks incorporating medical devices)"

Transcription

1 Introduction FAQs zur IEC Rev. 2.1 Stand An increasing number of medical devices, for example medical imaging devices, are designed to exchange electronic information with other devices, including other medical devices. This normally happens by using a hospital s information technology network (hospital IT network), which is also used to transport general IT data. Today there are only a few standards that address incorporating medical devices into hospital IT networks. To properly assess the functionality of the IT network, the incorporation of both medical devices and non-medical devices into the network must be considered. In order to avoid unnecessary risks during the use of the hospital IT network a risk management process should be performed prior any change of the hospital ITnetwork infrastructure. A way of performing this risk management process is described in the coming international Standard IEC (Application of Risk management for IT-networks. After publication, a review and update will take place. In order to provide replies to frequently asked questions on the content and the application of IEC , the German trade association ZVEI and the German national Standardization Organization DKE established an expert working group. These replies are provided on the website of ZVEI, DKE and VHITG, along with a link to send further questions to the expert working group. For details, refer to paragraph Goal, Objective of the IEC Standard 1.1 Philosophy (1.1.1) How does the new Standard impact a hospital? The Standard describes how a hospital can reduce potential risks for patients, users and third parties when integrating medical devices into its IT-network. 1.2 Benefits (1.2.1) Which information in the Standard is new for a hospital? How can a hospital benefit from that Standard? By applying the Standard the hospital increases the transparency of its IT network, which, due to the incorporation of medical devices, becomes a medical IT network. The standard describes a lifecycle-model for a medical IT-network supporting early detection and reduction of potential risks when incorporating medical devices. That is why the implementation of the Standard substantially contributes to safer operation of the medical IT network throughout the complete lifetime of the IT network and its connected medical devices.

2 1.3 Relationship to other Standards (1.3.1) Who is addressed by IEC ? IEC as of today is primarily intended for hospitals (responsible organizations,), but also includes in its risk management process medical device manufacturers and suppliers of IT products. Note: The term IT products is not limited to hardware. It can also include software solutions used in the healthcare sector, whether or not such software solution is a medical device or not. (1.3.2) Which law requires compliance with IEC ? None. Application of Standards is always voluntary. Consequently, there is no legal obligation to apply IEC (1.3.3) Do manufacturers of medical devices have to comply with IEC before placing their devices on the market? No. IEC is not addressed to manufacturers of medical devices, but to organizations maintaining a medical IT network. IEC presumes that medical devices that are to be integrated into the IT-network have been placed on the market correctly. (1.3.4) What are the main goals of IEC ? IEC provides support on how the key properties of a medical IT network can be ensured in order to enable the healthcare service provider to deliver a reliable health service. These key properties are: Safety (for patients, users and other persons) Effectiveness of medical processes Data and System security (1.3.5) Why has IEC been defined as a pure Process-Standard? To enable the application of IEC for a variety of healthcare service providers using different communication technologies, the International Electrical Commission (IEC) decided to choose a process approach. According to the IEC, the process approach permits the Standard to remain meaningful over a longer timeframe (e.g., 5 years) without need for change. (1.3.6) Are any other documents required in addition to IEC ? Generally speaking, IEC can be applied without any further documents. There are several supporting documents currently being developed, such as checklists and guidelines intended to assist implementing IEC in a particular environment or when using specific technologies. (1.3.7) What is the relationship between IEC and IEC/EN :2005? IEC is primarily addressed to medical IT networks and responsible organizations. IEC/EN :2005 is addressed to manufacturers of medical electrical equipment and is listed under the EU medical device directive 93/42 EEC. By complying with the requirements of chapter of IEC/EN :2005, a manufacturer of medical electrical equipment can implicitly comply with the requirements of IEC (see paragraph 3.5)

3 2. Scope and Range of Application (2.0.1) What is the purpose of IEC ? The purpose of IEC is to define the roles, responsibilities and activities that are necessary for Risk Management of IT-NETWORKS incorporating medical devices to address safety, effectiveness and data security. (2.0.2) Who should apply IEC ? IEC is addressed to partners who want to sign a responsibility agreement (see also chapter 5 for more detailed information). 2.1 Terms used (healthcare delivery organization, manufacturer, IT-responsible, Medical device, medical IT-network, IT-products) (2.1.1) What is the responsibility of the healthcare facility management? According to IEC , the top management of the healthcare facility establishes a risk management process, sets the goals for that process via a risk management policy and ensure their control. The management shall assign a responsible person as a Medical IT Risk Manager. (2.1.2) What are the tasks of the Medical IT Network Risk Manager? The Medical IT Risk Manager brings together a team of employees from the departments of medical technology, hospital IT and users of medical and IT devices. This team coordinates, controls and drives all measures necessary to apply IEC This includes the generation of risk management policy, processes and procedures based on the policy including all risk management documents. The Medical IT Risk Manager defines, in coordination with organization management, the risk management process of the hospital for those networks that incorporate medical devices. The Medical IT Risk Manager is responsible) for the description and the implementation of safety measures, data and system security and for the complete documentation and the execution of the risk analysis for the medical IT network that incorporates medical devices (Note: Not all actions need to be performed directly by the risk manager however, he or she must ensure that the process functions satisfactorily). The Medical IT-Network-risk manager is responsible for The management of the risk management process Reporting on the risk management process to the hospital facility management Managing the communications between all parties involved in the medical IT network 2.2 Roles and Responsibilities (2.1.3) Does the hospital have to hire more personnel? The IT Risk manager role can be assigned to either an internal or an external person. This does not automatically include the generation of new positions. (2.1.4) Are any specific qualifications required for the Medical IT Risk Manager? The Medical IT Risk Manager should at a minimum have some knowledge or experience related to Medical technology and IT networks. They should enhance their qualifications with knowledge of risk management, medical regulations, etc. An excellent understanding of IEC , current medical device legislation, current data security legislation and IT knowledge are strongly recommended.

4 2.3 Responsibility Agreement The responsibility agreement is to be limited to those departments where it is permitted to transfer or to delegate responsibilities. The content has to be agreed upon case by case and should be reviewed and approved by the legal advisers of the concerned organizations. 3. Potential Consequences of the Standard for responsible organisations, operators, manufacturers, IT-responsibles (3.1) What additional tasks will be required for healthcare delivery organizations? When a healthcare delivery organization decides to bring a medical IT-Network under IEC control, the organization creates and applies a risk management process. This includes planning the incorporation of medical devices (hardware and/or software), but also taking into account changes to the network including the evaluation of the impact of any changes on the medical devices and systems. (3.2) When and how shold the responsible organization apply the Standard? The Standard should be applied over the complete lifecycle of an IT network incorporating medical devices. This means that every potentially relevant/significant change within the medical IT network has to be considered at least initially. This includes changes to the network infrastructure, as well as other IT components (such as Client-Server-solutions, middleware, printers, etc). (3.3) Does the Standard cause increased costs for healthcare delivery organizations either initially or over time? For many organizations, increasing the quality of risk management in medical IT-networks may increase cost. The structured approach of should improve the predictability of costs and reduce potentially damaging events. Costs are likely to be highest in the initial implementation phase. (3.4) What advantages does the adopting the Standard give to healthcare delivery organizations? Applying the Standard can reduce the number and severity of disruptions and improve the security and effectiveness of IT networks incorporating medical devices. These improvements will contribute positively to the costs and, as such, balance out the any added initial costs. It is furthermore expected that improved safety, effectiveness, and security will lead to fewer interruptions and better workflow and thus have positive impact on the health outcomes and operational effectiveness. The hospital improves control over the network and the connected medical devices in order to ensure safety, data security and effectiveness. The documentation required therefore may support in case of dispute to refute the accusation of wantonly negligence when operating medical devices in IT networks without necessary security measures. (3.5) How does the Standard affect a medical device that is already placed on the market and part of a network? By applying IEC potential disturbance to an IT network by medical devices that are already part of that network may be reduced, because they are planned for in advance. In addition, the connected medical device(s) may exchange data more reliable via the IT network.

5 (3.6) Can any tasks can be delegated or outsourced by the healthcare delivery organization? Generally, all tasks can be delegated. When selecting the service provider, the required competencies have to be evaluated carefully. Responsiblities, on the other hand,cannot be delegated. (3.7) Should any tasks not be delegated by the responsible organization? The evaluation and the approval or rejection of residual risks should not be delegated by the responsible organization. (3.8) Are there any kinds of network that IEC does not apply to? IEC does not apply to a network which only serves personal needs or which is not connected to a medical IT network or a medical device. The standard does also not apply to closed networks containing medical devices of a single manufacturer, (see closed network Class C according to Annex H IEC :2005) (3.9) Who supports healthcare delivery organizations when implementing the Standard? The suppliers and manufacturers participating in the incorporation of medical devices into IT networks can offer any needed support, in addition to services that specialized consultants can offer. Another potentially helpful tool for a healthcare delivery organization could be a guided integration into the network of the healthcare delivery organization, offered by a manufacturer of the medical device. Like this, it might be easier for the healthcare delivery organization to apply IEC (3.10) What are the benefits for the healthcare delivery organization when implementing the Standard? The application of IEC is voluntarily. However, the healthcare delivery organization obtains transparency about its IT network and the connected medical devices to improve network security, data security and effective functional operations. The documentation required therefore may support in case of dispute to obtain legal certainty when operating medical devices in IT networks without the necessary security measures. Manufacturer (3.11) How can manufacturers of medical devices contribute to the implementation of IEC ? In close cooperation with the healthcare delivery organizations and others involved in the planning and implementation of IT-networks, manufacturers must provide the information necessary for the safe incorporation of their medical devices into networks, as required by the medical device legislation. Additionally, manufacturers can support the healthcare delivery organization when integrating medical devices see paragraph 3.9. (3.12) Is there anything that can t be provided by medical device manufacturers? Medical device manufacturers cannot take over the responsibility for the safe operation of the Healthcare organization s IT network. They are unlikely to render for free those services requested by the healthcare delivery organization that exceed the existing handing over of information necessary for the safe incorporation. In general, they would not to take over any task of the risk management as described in the Standard without being explicitly empowered for that task by the healthcare delivery organization.

6 (3.13) Does the Standard impact medical device approvals? No, the standard has no impact on medical device approvals. Placing medical devices on the market is only permitted after having obtained the necessary approval for that particular market. One prerequisite is (e.g. in the EU, USA, etc.) to also document compliance with the applicable Safety Standards. The approval is limited to the intended use of the medical device as determined by the manufacturer. This may include the incorporation into IT networks. Therefore, an additional approval of the medical devices for this or after this integration into an IT network is not needed. (3.14) Which information must be provided from the medical device manufacturer to the responsible organization? According to the current medical device legislation, manufacturers must make available all information which could impact the safe application of a medical device within a network. This means that they already supply the information the healthcare delivery organization needs to know for the planning and the realization of the IT network incorporating this medical device. They may choose to organize this differently for The relevant information includes: The intended use of the medical device, the performance criteria and the necessary configuration of the IT-network (in case there are restrictions) The technical specification of the network interface of the medical device (if required) The required information exchange between medical devices, the IT network and other IT products. When medical devices are incorporated into IT networks, manufacturers must provide the necessary information about potential risks of these medical devices to the healthcare delivery organization (see IEC :2005, chapter 14.13) (3.15) Are manufacturers obliged to share confidential information? Information necessary for the incorporation into IT network may be needed for the safe use of the medical device. Such information should not be regarded as company confidential and should be made available for the healthcare delivery organization. If company confidential information is ever needed, (e.g. when testing the clinical network integration of a new medical device), a respective Non-Disclosure-Agreement can be signed. (3.16) Does any liaison exists with other (IT) Standards? IEC is a process-standard for a systematic assessment prior changing an existing medical IT network. (Adding or removing a component or a medical device). It requires a defined change- and risk management process. IEC refers to IT Standards for data communication. As of today, there is no comparable Standard for risk management of IT networks incorporating medical devices. Single paragraphs of the following Standards provide statements to specific network aspects: a. IEC :2005 information of manufacturers of medical electrical equipment with regard to ME equipment in IT networks b. ISO :2005: Planning, Design and Maintenance of an IT-network c. ISO 27001:2005 Information technology Security techniques Information Security management systems - Requirements d. ISO 14971:2007 Risk management for medical devices e. ISO 13485: Manufacturing of medical devices (3.17) How are medical device manufacturers required to contribute? Manufacturers of medical devices, whose devices will be integrated intentionally into a medical IT network must make available all information necessary to ensure the intended and safe use of these medical devices within the IT network. According to IEC additional information is expected for the generation of the risk management file of their medical devices.

7 IT Responsibles from Healthcare Delivery Organizations, Manufacturers and Vendors (3.18) What are therequired tasks of IT manufacturers and IT-vendors? They should cooperate closely with the healthcare delivery organizations and other parties involved in the planning and the implementation of the IT network. Manufacturers of IT devices should make available all information relevant to enable their devices to contribute to the safe and effective operation of the medical (IT) network. (e.g. switches, PCs, virus protection, etc.) (3.19) What information must be provided by IT manufacturers? Technical Information Product configuration Incompatibilities Operating conditions Product related corrective measures Safety information (3.20) What are the minumum requirements or approvals that must be met by IT devices? The IT components and IT devices shall comply with the current legal requirements, e.g. the general product safety act. In combination with medical electrical equipment the applicable requirements of IEC also have to be taken into account. To ensure safety, effectiveness and data and system security, it is necessary to carefully examine within the risk management process the suitability of the IT devices in medical environments. 4. Standard Content 4.1 Set-Up and Structure of the Standard (4.1.1) When must the risk management process be applied? The risk management process must be applied throughout the complete lifecycle of the IT network. The Standard illustrates the complete lifecycle of the IT network or single components from planning through putting into service up to taking out of service (4.1.2) What are the benefits of the risk management process of the Standard The risk management process can identify potential hazards, pro-actively estimate and evaluate related risks and control the efficiency of containment measures. This facilitates the handling and safe containment of residual risks, which should result in time- and cost-savings. (4.1.3) How can the responsible organization apply the Standard? When implementing the Standard, the healthcare delivery organisation shall set up rules for risk management concerning the incorporation of medical devices into IT networks and put in place a continuous risk management process allocate necessary resources and assign a risk manager for the IT network. implement the results of the risk management activities via evident and sustainable measures and regularly review the implementation.

8 4.2 Change Management (4.2.1) What is change management? Change management is the structured management of changes. Change management ensures that changes only take place after being tested and released and that disruptions to users are minimized. 4.3 Risk Management (4.3.1) How can risks be managed? By testing, evaluating and taking decisions risks become controllable, meaning unacceptable risks can be avoided. One basis for this is in the principles of safety integration. Further information is available from ISO 14971: risk management for medical devices (4.3.2) Do any additional duties result for the responsible organization from monitoring network events From Monitoring network events, measures for risk control and for improving the overall risk management process shall be derived. Other applicable Reporting duties continue. (4.3.3) How are findings of medical device manufacturers and of IT device manufacturers taken into account in the risk management? Information provided by manufacturers regarding the safe application of their products and solutions when integrated into a medical IT network shall be adequately taken into account in the risk management, (e.g. by incorporation into the risk management documentation, the training of the clinical users, etc). (4.3.4) How is a medical IT network defined? How is the Standard to be applied? A medical IT network is created when medical devices are integrated into an IT network. A medical IT network normally does not constitute a medical device because the purpose of the IT network as determined by the network manufacturer is independent from the use in the medical environment. The Standard describes a lifecycle model for existing medical networks medical networks to be established/generated measures/changes to existing medical networks For this, a risk management process is defined which should ensure the major proprieties of a medical network. The Standard defines the major proprieties as Safety (for patients, users and other persons), effectiveness of medical processes and data and system security. 5. Compliance, Matching the risk management requirements 5.1 Documentation Requirements (5.1.1) Are there any specific document format requirements? There are no format requirements for the documentation. All generated documents shall be reviewed and approved according to a document review procedure and, if needed, be reworked and updated according to a designated procedure.

9 (5.1.2) What information must be documented? The healthcare delivery organization shall primarily provide the following documentation: Description and evaluation of risk-relevant IT network elements Documentation of the medical IT network Risk management plan for the medical IT network (5.1.3) Is a Document Management System needed? Yes, this is the only way of ensuring the availability, actuality and validity of the documentation. 5.2 Fulfillment oft he Responsibility Agreement (5.2.1) How are responsibilities defined and documented? The responsibility agreement of the healthcare delivery organization defines the responsibilities of all stakeholders. Stakeholders include all departments and employees of the responsible organization. Medical device manufacturers are no stakeholders in the meaning of the standard. (5.2.3) What minimum information shall the responsibility agreement contain? Stakeholder name Individual responsibilities of all stakeholders Range of activities to be provided List of medical devices and other It devices being part of the medical IT network List of available documentation for all components used in the IT network Technical information for the risk analysis of the medical devices and if available of the IT devices 5.3 Regulatory Requirements by the legislative body (5.3.1) Is Compliance with the Standard required by law? Currently there are no requirements to this. That may change, which is why a continuously active monitoring of the future development is valuable (5.3.2) When will the Standard become binding for a healthcare delivery organisation? The Standard will probably be published in late A Standard constituting a generally acknowledged state of the art has no legal force. A Standard can be used to evidently demonstrate that and how specific processes have been fulfilled. However, the healthcare delivery organization is obliged by the medical device act and the national regulation governing the installation, operation and use of medical devices to operate devices and systems safely for patients, users and others. (5.3.4) Will the Standard be harmonized in the European Union? It was a consensus of all stakeholders of the charged international Standardization Committee (IEC Meeting in Durham, USA, October 2009) that the Standard does not apply to medical devices and their process of placing them on the market. To clarify this in the final version of the Standard, adequate comments are under preparation. While the Standard does not refer to medical devices it cannot be applied to document compliance with the essential requirements of the European medical device directive 93/42EEC. A publication of the Standard in the Official Journal of the EU Commission (harmonisation) is not planned. (5.3.5) Does this Standard constitute a generally acknowledged state of the art? This Standard represents a state of the art which for example could be cited during a lawsuit.

10 (5.3.6) Are there similar Standards in particular countries? As of today, no similar Standards are known from other countries. 6. Forecast This listing of questions and answers has been generated by responsible organizations, respectively their representatives in Standardization committees and representatives from medical device manufacturers. You as a stakeholder have the opportunity to raise further questions which have not been asked in this document to the attention of the editing group ZVEI-DKE IEC It is highly appreciated if you could also provide a reply based on your experience and your knowledge and forward this by to the editing group. The combination between question and answer will be treated by the editing group and eventually be published on the homepage of the ZVEI and the DKE, commented with referencing the author of the question and the comments. Imprint ZVEI e.v., Fachverband Elektromedizinische Technik Ansprechpartner: Marcus Wenzel Editing group Eva-Maria Reiter Gerhard Weller Dr. Wolfgang Leetz Oliver Christ Armin Gärtner Dr. Klaus Neuder Johannes Dehm Thorsten Schütz Marcus Wenzel Dr. Norbert Pauli Jochen Kaiser Andreas Kassner Michael Asmalsky Siemens AG Siemens AG Siemens AG Prosystems AG Sana MTSZ GmbH VDE Frankfurt VDE Frankfurt Klinikum Itzehoe ZVEI e.v. Drägerwerk AG Uni Erlangen VHitG e.v., Berlin Philips Healthcare

11 Content Introduction Goal, Objective of the IEC Standard Philosophy...1 (1.1.1) How does the new Standard impact a hospital? Benefits...1 (1.2.1) Which information in the Standard is new for a hospital? How can a hospital benefit from that Standard? Relationship to other Standards...2 (1.3.1) Who is addressed by IEC ?...2 (1.3.2) Which law requires compliance with IEC ?...2 (1.3.3) Do manufacturers of medical devices have to comply with IEC before placing their devices on the market?...2 (1.3.4) What are the main goals of IEC ?...2 (1.3.5) Why has IEC been defined as a pure Process Standard?...2 (1.3.7) What is the relationship between IEC and IEC/EN :2005? Scope and Range of Application...3 (2.0.1) What is the purpose of IEC ?...3 (2.0.2) Who should apply IEC ? Terms used (healthcare delivery organization, manufacturer, IT responsible, Medical device, medical IT network, IT products)...3 (2.1.1) What is the responsibility of the healthcare facility management?...3 (2.1.2) What are the tasks of the Medical IT Network Risk Manager? Roles and Responsibilities...3 (2.1.3) Does the hospital have to hire more personnel?...3 (2.1.4) Are any specific qualifications required for the Medical IT Risk Manager? Responsibility Agreement Potential Consequences of the Standard for responsible organisations, operators, manufacturers, ITresponsibles...4 (3.1) What additional tasks will be required for healthcare delivery organizations?...4 (3.2) When and how shold the responsible organization apply the Standard?...4 (3.3) Does the Standard cause increased costs for healthcare delivery organizations either initially or over time?...4 (3.4) What advantages does the adopting the Standard give to healthcare delivery organizations?...4

12 (3.5) How does the Standard affect a medical device that is already placed on the market and part of a network?...4 (3.6) Can any tasks can be delegated or outsourced by the healthcare delivery organization?...5 (3.7) Should any tasks not be delegated by the responsible organization?...5 (3.8) Are there any kinds of network that IEC does not apply to?...5 (3.9) Who supports healthcare delivery organizations when implementing the Standard?...5 (3.10) What are the benefits for the healthcare delivery organization when implementing the Standard?...5 Manufacturer...5 (3.11) How can manufacturers of medical devices contribute to the implementation of IEC ?...5 (3.12) Is there anything that can t be provided by medical device manufacturers?...5 (3.13) Does the Standard impact medical device approvals?...6 (3.14) Which information must be provided from the medical device manufacturer to the responsible organization?...6 (3.15) Are manufacturers obliged to share confidential information?...6 (3.16) Does any liaison exists with other (IT) Standards?...6 (3.17) How are medical device manufacturers required to contribute?...6 IT Responsibles from Healthcare Delivery Organizations, Manufacturers and Vendors...7 (3.18) What are therequired tasks of IT manufacturers and IT vendors?...7 (3.19) What information must be provided by IT manufacturers?...7 (3.20) What are the minumum requirements or approvals that must be met by IT devices? Standard Content Set Up and Structure of the Standard...7 (4.1.1) When must the risk management process be applied?...7 (4.1.2) What are the benefits of the risk management process of the Standard...7 (4.1.3) How can the responsible organization apply the Standard? Change Management...8 (4.2.1) What is change management? Risk Management...8 (4.3.1) How can risks be managed?...8 (4.3.2) Do any additional duties result for the responsible organization from monitoring network events...8 (4.3.3) How are findings of medical device manufacturers and of IT device manufacturers taken into account in the risk management?...8 (4.3.4) How is a medical IT network defined? How is the Standard to be applied? Compliance, Matching the risk management requirements...8

13 5.1 Documentation Requirements...8 (5.1.1) Are there any specific document format requirements?...8 (5.1.2) What information must be documented?...9 (5.1.3) Is a Document Management System needed? Fulfillment oft he Responsibility Agreement...9 (5.2.1) How are responsibilities defined and documented?...9 (5.2.3) What minimum information shall the responsibility agreement contain? Regulatory Requirements by the legislative body...9 (5.3.1) Is Compliance with the Standard required by law?...9 (5.3.2) When will the Standard become binding for a healthcare delivery organisation?...9 (5.3.4) Will the Standard be harmonized in the European Union?...9 (5.3.5) Does this Standard constitute a generally acknowledged state of the art?...9 (5.3.6) Are there similar Standards in particular countries? Forecast... 10

Medical Device Software Standards for Safety and Regulatory Compliance

Medical Device Software Standards for Safety and Regulatory Compliance Medical Device Software Standards for Safety and Regulatory Compliance Sherman Eagles +1 612-865-0107 seagles@softwarecpr.com www.softwarecpr.com Assuring safe software SAFE All hazards have been addressed

More information

The German Standardization Roadmap Mobile Diagnostic Systems. Thorsten Prinz and Janina Laurila-Dürsch Düsseldorf, 13.11.2014

The German Standardization Roadmap Mobile Diagnostic Systems. Thorsten Prinz and Janina Laurila-Dürsch Düsseldorf, 13.11.2014 The German Standardization Roadmap Mobile Diagnostic Systems Thorsten Prinz and Janina Laurila-Dürsch Düsseldorf, 13.11.2014 Medical Engineering at VDE Do you standardize or are you standardized? The German

More information

Code of Practice on Electronic Invoicing in Europe

Code of Practice on Electronic Invoicing in Europe Code of Practice on Electronic Invoicing in Europe 24 th March 2009 Version 0.17 Approved by Expert Group Plenary on 24 th March 2009 This Code of Practice on Electronic Invoicing in Europe is recommended

More information

Code of Practice on Electronic Invoicing in Europe

Code of Practice on Electronic Invoicing in Europe Code of Practice on Electronic Invoicing in Europe 24 th March 2009 Version 0.17 Approved by Expert Group Plenary on 24 th March 2009 This Code of Practice on Electronic Invoicing in Europe is recommended

More information

Quality Risk Management

Quality Risk Management PS/INF 1/2010 * * Quality Risk Management Quality Risk Management Implementation of ICH Q9 in the pharmaceutical field an example of methodology from PIC/S Document > Authors: L. Viornery (AFSSAPS) Ph.

More information

Role Profile. Job No. (Office Use) Directorate Corporate Support Department Finance Assets and Efficiency

Role Profile. Job No. (Office Use) Directorate Corporate Support Department Finance Assets and Efficiency Role Profile Job Title Strategic Procurement Project Manager Job No. (Office Use) C6014 Band/Band Range- (for career grades) Grade K Directorate Corporate Support Department Finance Assets and Efficiency

More information

EA Document on. Accreditation. For Notification Purposes

EA Document on. Accreditation. For Notification Purposes Publication Reference EA-2/17 INF: 2014 EA Document on Accreditation For Notification Purposes PURPOSE The document presents the policy agreed by EA Members for accreditation of Conformity Assessment Bodies

More information

IT-Security. Industrie 4.0. Energieeffizienz. Automotive. Smart Grid

IT-Security. Industrie 4.0. Energieeffizienz. Automotive. Smart Grid Position Paper Transatlantic Trade and Investment Partnership (TTIP) Impact on ZVEI Members IT-Security Automotive Smart Grid Energieeffizienz Industrie 4.0 January 2014 Zentralverband Elektrotechnik-

More information

Community Lifestyle Support Inc.

Community Lifestyle Support Inc. HUMAN SERVICES QUALITY FRAMEWORK STANDARDS - POLICIES DOCUMENT Q:/1 DATE REVEIWED: REFERENCE: GOVERNANCE AND August 2014 MANAGEMENT POLICY AUTHORISATION: STANDARD REFERENCE: NEXT REVIEW DATE: Management

More information

CCBE POSITION ON THE PROPOSAL FOR A DIRECTIVE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL

CCBE POSITION ON THE PROPOSAL FOR A DIRECTIVE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL CCBE POSITION ON THE PROPOSAL FOR A DIRECTIVE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL ON CONSUMER RIGHTS DIRECTIVE COM(2008) 614/3 CCBE position on The Proposal for a Directive of the European Parliament

More information

Norwegian Data Inspectorate

Norwegian Data Inspectorate Norwegian Data Inspectorate Narvik kommune Postboks 64 8501 NARVIK Norway Your reference Our reference (please quote in any reply) Date 1111/1210-6/PEJA 11/00593-7/SEV 16 January 2012 Notification of decision

More information

Guidelines on operational functioning of colleges

Guidelines on operational functioning of colleges EIOPA-BoS-14/146 EN Guidelines on operational functioning of colleges EIOPA Westhafen Tower, Westhafenplatz 1-60327 Frankfurt Germany - Tel. + 49 69-951119-20; Fax. + 49 69-951119-19; email: info@eiopa.europa.eu

More information

IRCA Briefing note ISO/IEC 20000-1: 2011

IRCA Briefing note ISO/IEC 20000-1: 2011 IRCA Briefing note ISO/IEC 20000-1: 2011 How to apply for and maintain Training Organization Approval and Training Course Certification IRCA 3000 Contents Introduction 3 Summary of the changes within ISO/IEC

More information

ITIL Managing Digital Information Assets

ITIL Managing Digital Information Assets ITIL Managing Digital Information Assets Shirley Lacy, ConnectSphere Frieda Midgley, Digital Continuity Project Judith Riley, Digital Continuity Project Nigel Williamson, Digital Continuity Project White

More information

Improving self-regulation through (law-based) Corporate Data Protection Officials *

Improving self-regulation through (law-based) Corporate Data Protection Officials * Improving self-regulation through (law-based) Corporate Data Protection Officials * Article by Christoph Klug ** The rise of globalization and multinational corporations is creating a pressing need for

More information

Digital Continuity in ICT Services Procurement and Contract Management

Digital Continuity in ICT Services Procurement and Contract Management Digital Continuity in ICT Services Procurement and Contract Management This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage

More information

The New Paradigm for Medical Device Safety. Addressing the Requirements of IEC 60601-1 Edition 3.1

The New Paradigm for Medical Device Safety. Addressing the Requirements of IEC 60601-1 Edition 3.1 The New Paradigm for Medical Device Safety Addressing the Requirements of IEC 60601-1 Edition 3.1 Medical devices play a vital role in the diagnosis and treatment of most health-related conditions, and

More information

ESKITP4082 IT/Technology Infrastructure Design and Planning Level 2 Role

ESKITP4082 IT/Technology Infrastructure Design and Planning Level 2 Role IT/Technology Infrastructure Design and Planning Level 2 Role Overview This sub-discipline is part of overall service design. It concerns the design of, and planning for, resilient IT/ technology infrastructure

More information

ISO 9001:2008 Quality Management System Requirements (Third Revision)

ISO 9001:2008 Quality Management System Requirements (Third Revision) ISO 9001:2008 Quality Management System Requirements (Third Revision) Contents Page 1 Scope 1 1.1 General. 1 1.2 Application.. 1 2 Normative references.. 1 3 Terms and definitions. 1 4 Quality management

More information

Business Continuity Management Policy

Business Continuity Management Policy Governance: Business Committee Policy Owner: Chief Superintendent, Corporate Services Department: Corporate Services Policy Number: 002 Version: 3.0 Policy Writer: Business Continuity Co-ordinator Effective

More information

General Terms and Conditions Advertiser

General Terms and Conditions Advertiser General Terms and Conditions Advertiser 1 General Provisions These Terms and Conditions apply to the use of the platform www.financeads.com (subsequently referred to as "platform") of financeads International

More information

COCIR* position on the certification of Healthcare IT product interoperability

COCIR* position on the certification of Healthcare IT product interoperability EUROPEAN COORDINATION COMMITTEE OF THE RADIOLOGICAL, ELECTROMEDICAL AND HEALTHCARE IT INDUSTRY COCIR Position Paper COCIR* position on the certification of Healthcare IT product interoperability The objective

More information

Selection and use of the ISO 9000 family of standards

Selection and use of the ISO 9000 family of standards Selection and use of the ISO 9000 family of standards ISO and international standardization ISO/TC 176, Quality management and quality assurance ISO is the International Organization for Standardization.

More information

DATA PROTECTION ACT POLICY. Version 7.0

DATA PROTECTION ACT POLICY. Version 7.0 DATA PROTECTION ACT POLICY Version 7.0 Document owner Director ICT Document author and enquiry point Alison Moss, IT Security & Access Manager Date of document June 2010 Version 7.0 Document classification

More information

Consultation Paper. ESMA Guidelines on Alternative Performance Measures. 13 February 2014 ESMA/2014/175

Consultation Paper. ESMA Guidelines on Alternative Performance Measures. 13 February 2014 ESMA/2014/175 Consultation Paper ESMA Guidelines on Alternative Performance Measures 13 February 2014 ESMA/2014/175 Date: 13 February 2014 ESMA/2014/175 Responding to this paper The European Securities and Markets Authority

More information

Procurement Performance model

Procurement Performance model Procurement Performance model The Procurement Performance Model develops key questions as reference pointers for auditors evaluating the performance of the procurement function in public sector bodies.

More information

* * * Initial Provisions for. CHAPTER [ ] - Regulatory Cooperation

* * * Initial Provisions for. CHAPTER [ ] - Regulatory Cooperation REMARKS: This is an initial textual proposal for a draft Chapter on Regulatory Cooperation that the Commission intends to submit to the US on Friday, 30 January, in preparation of the 8 th round of TTIP

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

Advanced Diploma of Integrated Risk Management FNS60811 Description

Advanced Diploma of Integrated Risk Management FNS60811 Description Advanced Diploma of Integrated Risk Management FNS60811 Description This qualification provides cross-industry competencies for experienced risk managers and covers risk management activities undertaken

More information

TEXTUAL PROPOSAL TECHNICAL BARRIERS TO TRADE (TBT) Article 1 Objective and Scope

TEXTUAL PROPOSAL TECHNICAL BARRIERS TO TRADE (TBT) Article 1 Objective and Scope TEXTUAL PROPOSAL TECHNICAL BARRIERS TO TRADE (TBT) Article 1 Objective and Scope 1. The objective of this Chapter is to promote convergence in regulatory approaches, by reducing or eliminating conflicting

More information

Camar Aircraft Products Co. QUALITY MANUAL Revision D

Camar Aircraft Products Co. QUALITY MANUAL Revision D QUALITY MANUAL Revision D Gujll'y Manual Introduction The purpose of this manual is to describe the Quality Assurance Program implemented by Camar Aircraft Products Co. (hereafter referred to as C.A.P.C.)

More information

Medical Device Software Do You Understand How Software is Regulated?

Medical Device Software Do You Understand How Software is Regulated? Medical Device Software Do You Understand How Software is Regulated? By Gregory Martin Agenda Relevant directives, standards, and guidance documents recommended to develop, maintain, and validate medical

More information

Application Functional Safety IEC 61511

Application Functional Safety IEC 61511 Application Functional Safety IEC 61511 Introduction Functional safety must be an integral part of the project execution if we shall succeed to make safe application program We can t test and audit safety

More information

Role Profile. Job No. (Office Use) A238. Competency Job Type

Role Profile. Job No. (Office Use) A238. Competency Job Type Role Profile Job Title Information Security Job No. (Office Use) A238 Band/Band Range- (for career grades) Grade I Directorate Chief Executive s Office Department ICT Division Operational Service Delivery

More information

Functional and technical specifications. Background

Functional and technical specifications. Background Functional and technical specifications Background In terms of the Public Audit Act, 2004 (Act No. 25 of 2004) (PAA), the deputy auditor-general (DAG) is responsible for maintaining an effective, efficient

More information

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2008-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)

More information

Quality, Environmental, Health and Safety Manual Toshiba International Corporation

Quality, Environmental, Health and Safety Manual Toshiba International Corporation Quality, Environmental, Health and Safety Manual Toshiba International Corporation Doc. No. QEHS 001 Rev. 19 (12/12) Title: Prepared By: Revision No.: Table of Contents and Cross Reference Ken Mori/Homer

More information

JOB AND PERSON SPECIFICATION

JOB AND PERSON SPECIFICATION JOB AND PERSON SPECIFICATION Position Title: Help Desk Officer Classification Code: ASO-3 Division: Central Northern Adelaide Health Service Branch: The Queen Elizabeth Hospital Type of Appointment: Section:

More information

What is the correct title of this publication? What is the current status of understanding and implementation?

What is the correct title of this publication? What is the current status of understanding and implementation? GMP Rules and Guidelines in 2013 for Computer System Validation / Computerises Systems / Electronic Records and Signatures/ IT Infrastructure and Application Compliance: What is the correct title of this

More information

Position Paper: Berlin, 31 March 2014. Legislative intentions to increase IT Security

Position Paper: Berlin, 31 March 2014. Legislative intentions to increase IT Security Position Paper: Berlin, 31 March 2014 Legislative intentions to increase IT Security eco the Association of the sees itself as lobbyist and supporter of all companies that are involved in the economic

More information

TECHNICAL BOARD BT N 9776. Draft BT C135/2014. CEN/BT by correspondence. For vote Issue date: 2014-11-19

TECHNICAL BOARD BT N 9776. Draft BT C135/2014. CEN/BT by correspondence. For vote Issue date: 2014-11-19 BT N 9776 Draft BT C135/2014 TECHNICAL BOARD CEN/BT by correspondence For vote Issue date: 2014-11-19 Simultaneous circulation to CENELEC/BT Deadline: 2015-02-17 SUBJECT Creation of a new CEN/TC Private

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

Clinical trials regulation

Clinical trials regulation Clinical trials regulation The Proposal for a Regulation of the European Parliament and of the Council on Clinical Trials on Medicinal Products for Human Use and Repealing Directive 2001/20/EC an update

More information

Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015

Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 to the Public Consultation of the European Commission on Standards in the Digital : setting priorities

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

of 28 September 2007 (Status as of 1 April 2010)

of 28 September 2007 (Status as of 1 April 2010) English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Ordinance on Data Protection Certification (DPCO) 235.13

More information

Quick Guide: Meeting ISO 55001 Requirements for Asset Management

Quick Guide: Meeting ISO 55001 Requirements for Asset Management Supplement to the IIMM 2011 Quick Guide: Meeting ISO 55001 Requirements for Asset Management Using the International Infrastructure Management Manual (IIMM) ISO 55001: What is required IIMM: How to get

More information

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol). Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the

More information

APPLICABLE TO: Flow Systems Group and all employees. Risk Management

APPLICABLE TO: Flow Systems Group and all employees. Risk Management PURPOSE: Flow Systems is committed to managing its risks and ensuring compliance with all relevant laws and regulations in a proactive, on-going and positive manner. This document outlines Flow s Risk

More information

EFPIA Principles for the Development of the EU Clinical Trials Portal and Database

EFPIA Principles for the Development of the EU Clinical Trials Portal and Database Position Paper EFPIA Principles for the Development of the EU Clinical Trials Portal and Database Executive summary EFPIA sees the implementation of the Clinical Trials Regulation 1 as an opportunity to

More information

Initial Provisions for CHAPTER [ ] Regulatory Cooperation

Initial Provisions for CHAPTER [ ] Regulatory Cooperation Initial Provisions for CHAPTER [ ] Regulatory Cooperation General notes: 1. As TTIP negotiations progress, the provisions in this Chapter may be reviewed in the light of developments in other Chapters,

More information

Guidance for Industry. Q10 Pharmaceutical Quality System

Guidance for Industry. Q10 Pharmaceutical Quality System Guidance for Industry Q10 Pharmaceutical Quality System U.S. Department of Health and Human Services Food and Drug Administration Center for Drug Evaluation and Research (CDER) Center for Biologics Evaluation

More information

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Contents Change History... 2 Rationale...

More information

Nationwide Health Information Network NHIN Coordinating Committee

Nationwide Health Information Network NHIN Coordinating Committee Date: 12/17/09 Version: 1.0 Page 1 of 8 I. Purpose The is responsible for developing, implementing and operating the NHIN on an interim basis. The fulfillment of these responsibilities involves making

More information

8485/15 SC/GDLC/io 1 DGB 1

8485/15 SC/GDLC/io 1 DGB 1 Council of the European Union Brussels, 5 May 2015 (OR. en) 8485/15 NOTE From: To: Special Committee on Agriculture Council No. prev. doc.: 7524/2/15 REV 2 Subject: AGRI 242 AGRIORG 26 AGRILEG 100 AGRIFIN

More information

COMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION FROM THE COMMISSION. Towards a European Charter on the Rights of Energy Consumers

COMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION FROM THE COMMISSION. Towards a European Charter on the Rights of Energy Consumers COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 5.7.2007 COM(2007)386 final COMMUNICATION FROM THE COMMISSION Towards a European Charter on the Rights of Energy Consumers EN EN 1. INTRODUCTION In the

More information

Medical Device Training Program 2015

Medical Device Training Program 2015 Medical Device Training Introduction Supplementary training and education is often overlooked by medical device professionals until it is triggered by an upcoming FDA or Notified Body and/or ISO 13485

More information

Possible Revision of the Commission Decision on the minimum set of leased lines. Deadline: 31 March 2004

Possible Revision of the Commission Decision on the minimum set of leased lines. Deadline: 31 March 2004 EUROPEAN COMMISSION Information Society Directorate-General Communication Services: Policy and Regulatory Framework Policy development and regulatory framework Brussels, 3 March 2004 PUBLIC CALL FOR INPUT

More information

Auditing as a Component of a Pharmaceutical Quality System

Auditing as a Component of a Pharmaceutical Quality System Auditing as a Component of a Pharmaceutical Quality System Tim Fields Conducting internal audits (or self inspections) and external audits of suppliers and outsourcing operations are key elements of a

More information

Release: 1. ICASAS417A Undertake IT system capacity planning

Release: 1. ICASAS417A Undertake IT system capacity planning Release: 1 ICASAS417A Undertake IT system capacity planning ICASAS417A Undertake IT system capacity planning Modification History Release Release 1 Comments This Unit first released with ICA11 Information

More information

I S O I E C 2 7 0 0 2 2 0 1 3 I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

I S O I E C 2 7 0 0 2 2 0 1 3 I N F O R M A T I O N S E C U R I T Y A U D I T T O O L 15.1 ESTABLISH SECURITY AGREEMENTS WITH SUPPLIERS 15.1.1 EXPECT SUPPLIERS TO COMPLY WITH RISK MITIGATION AGREEMENTS Do you clarify the information security risks that exist whenever your suppliers have

More information

Trusted Cloud Competence Centre. No. Working paper Modular Certification of Cloud Services

Trusted Cloud Competence Centre. No. Working paper Modular Certification of Cloud Services Trusted Cloud Competence Centre No. Working paper Modular Certification of Cloud Services 3 Working party Legal Framework for Cloud Computing Cloud computing can only be economically successful in Germany

More information

LSB Procurement Framework

LSB Procurement Framework LSB Procurement Framework Introduction Procurement covers the typical purchase of services, supplies and works required to enable project delivery and to manage the infrastructure. The Services Board (LSB)

More information

Successful EHR Change Management

Successful EHR Change Management Successful EHR Change Management Roles and responsibilities White paper Table of contents Executive summary... 2 Introduction... 3 Never underestimate the power of the people... 3 People... 4 From resisting

More information

Healthcare Professionals Crossing Borders Agreement

Healthcare Professionals Crossing Borders Agreement Healthcare Professionals Crossing Borders Agreement Contents 1. Healthcare Professionals Crossing Borders Agreement (the Agreement) 2 2. Background 5 2.1 EU Directives and Project Aims 5 2.2 Developing

More information

Spillemyndigheden s change management programme. Version 1.3.0 of 1 July 2012

Spillemyndigheden s change management programme. Version 1.3.0 of 1 July 2012 Version 1.3.0 of 1 July 2012 Contents 1 Introduction... 3 1.1 Authority... 3 1.2 Objective... 3 1.3 Target audience... 3 1.4 Version... 3 1.5 Enquiries... 3 2. Framework for managing system changes...

More information

HSE: Frequently Asked Questions

HSE: Frequently Asked Questions HSE: Frequently Asked Questions Q1 - What is GHS? A GHS refers to the United Nations (UN) Globally Harmonised System of Classification and Labelling of Chemicals. The UN published GHS in its publication

More information

Emergency Management and Business Continuity Policy

Emergency Management and Business Continuity Policy www.surreycc.gov.uk Making Surrey a better place Emergency Management and Business Continuity Policy 4 TH EDITION June 2011 Title Emergency Management and Business Continuity Policy Version 4.0 Policy

More information

Glossary 2. About this chapter 6. 6.1 About risk management 7

Glossary 2. About this chapter 6. 6.1 About risk management 7 Contents Glossary 2 Chapter 6 Risk Management About this chapter 6 6.1 About risk management 7 6.1.1 What is risk? 7 6.1.2 What is risk management? 7 6.1.3 The Australian Standard AS/NZS 4360:2004 7 6.1.4

More information

EUROPEAN COMMISSION Secretariat-General

EUROPEAN COMMISSION Secretariat-General EUROPEAN COMMISSION Secretariat-General REFIT Platform Brussels, 8 February 2016 STAKEHOLDER SUGGESTIONS - CHEMICALS - DISCLAIMER This document contains suggestions from stakeholders (for example citizens,

More information

Release: 1. ICAPRG426A Prepare software development review

Release: 1. ICAPRG426A Prepare software development review Release: 1 ICAPRG426A Prepare software development review ICAPRG426A Prepare software development review Modification History Release Release 1 Comments This Unit first released with ICA11 Information

More information

This interpretation of the revised Annex

This interpretation of the revised Annex Reprinted from PHARMACEUTICAL ENGINEERING The Official Magazine of ISPE July/August 2011, Vol. 31 No. 4 www.ispe.org Copyright ISPE 2011 The ISPE GAMP Community of Practice (COP) provides its interpretation

More information

This is a preview - click here to buy the full publication

This is a preview - click here to buy the full publication IEC/TR 80001-2-3 TECHNICAL REPORT Edition 1.0 2012-07 colour inside Application of risk management for IT-networks incorporating medical devices Part 2-3: Guidance for wireless networks INTERNATIONAL ELECTROTECHNICAL

More information

How to Upgrade SPICE-Compliant Processes for Functional Safety

How to Upgrade SPICE-Compliant Processes for Functional Safety How to Upgrade SPICE-Compliant Processes for Functional Safety Dr. Erwin Petry KUGLER MAAG CIE GmbH Leibnizstraße 11 70806 Kornwestheim Germany Mobile: +49 173 67 87 337 Tel: +49 7154-1796-222 Fax: +49

More information

ISO 14001:2015: Key Changes

ISO 14001:2015: Key Changes ISO 14001:2015: Key Changes Susan LK Briggs Convenor, ISO TC207/SC1/WG5 TC207 Workshop, 9/8/15 Topics for Discussion Background on ISO 14001 Revision Highlight of key changes in ISO 14001:2015 Top Management

More information

ISO 26262: Functional Safety in Automotive Industry Modular training course

ISO 26262: Functional Safety in Automotive Industry Modular training course ISO 26262: Functional Safety in Automotive Industry Modular training course The goal of this modular training course is to introduce the students into functional safety in the automotive industry. The

More information

Opinion of the European Banking Authority on Mortgage Lending Value (MLV)

Opinion of the European Banking Authority on Mortgage Lending Value (MLV) EBA/Op/2015/17 5 October 2015 Opinion of the European Banking Authority on Mortgage Lending Value (MLV) Introduction and legal basis According to Article 124(1) of Regulation (EU) No 575/2013 (CRR), the

More information

Data Communications Company (DCC) price control guidance: process and procedures

Data Communications Company (DCC) price control guidance: process and procedures Guidance document Contact: Tricia Quinn, Senior Economist Publication date: 27 July 2015 Team: Smarter Metering Email: tricia.quinn@ofgem.gov.uk Overview: The Data and Communications Company (DCC) is required

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Mapping of outsourcing requirements

Mapping of outsourcing requirements Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure

More information

Management of Business Support Service Contracts

Management of Business Support Service Contracts The Auditor-General Audit Report No.37 2004 05 Business Support Process Audit Management of Business Support Service Contracts Australian National Audit Office Commonwealth of Australia 2005 ISSN 1036

More information

INTERNATIONAL. Medical device software Software life cycle processes

INTERNATIONAL. Medical device software Software life cycle processes INTERNATIONAL STANDARD IEC 62304 First edition 2006-05 Medical device software Software life cycle processes This English-language version is derived from the original bilingual publication by leaving

More information

The EBF would like to take the opportunity to note few general remarks on key issues as follows:

The EBF would like to take the opportunity to note few general remarks on key issues as follows: Ref.:EBF_001314 Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.

More information

Job Description. Service Desk Technician. Operations Team Leader

Job Description. Service Desk Technician. Operations Team Leader Job Description Job title Group Section Responsible to Responsibility for Employees Service Desk Technician Corporate ICT Operations Operations Team Leader None Job purpose This job exists to provide effective

More information

ISO/IEC 20000-2 INTERNATIONAL STANDARD. Information technology Service management Part 2: Guidance on the application of service management systems

ISO/IEC 20000-2 INTERNATIONAL STANDARD. Information technology Service management Part 2: Guidance on the application of service management systems INTERNATIONAL STANDARD ISO/IEC 20000-2 Second edition 2012-02-15 Information technology Service management Part 2: Guidance on the application of service management systems Technologies de l'information

More information

ISO/IEC 27002. Information technology Security techniques Code of practice for information security controls

ISO/IEC 27002. Information technology Security techniques Code of practice for information security controls INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

Quality Label and Certification Processes Education Material on ehealth Interoperability. Karima Bourquard Director of Interoperability IHE-Europe

Quality Label and Certification Processes Education Material on ehealth Interoperability. Karima Bourquard Director of Interoperability IHE-Europe Quality Label and Certification Processes Education Material on ehealth Interoperability Karima Bourquard Director of Interoperability IHE-Europe Testing and Certification Objectives To design a European

More information

INTERNATIONAL STANDARD

INTERNATIONAL STANDARD INTERNATIONAL STANDARD ISO 9001 Fourth edition 2008-11-15 Quality management systems Requirements Systèmes de management de la qualité Exigences Reference number ISO 9001:2008(E) ISO 2008 PDF disclaimer

More information

European Aviation Safety Agency

European Aviation Safety Agency EASA Management Board Decision 01-2012 Amending and replacing the Rulemaking Procedure European Aviation Safety Agency DECISION OF THE MANAGEMENT BOARD 1 AMENDING AND REPLACING DECISION 08-2007 CONCERNING

More information

WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE

WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE White paper produced by Maetrics For more information, please contact global sales +1 610 458 9312 +1 877 623 8742 globalsales@maetrics.com

More information

ISO 27001 COMPLIANCE WITH OBSERVEIT

ISO 27001 COMPLIANCE WITH OBSERVEIT ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk

More information

PUBLIC PROCUREMENT CONTRACTS

PUBLIC PROCUREMENT CONTRACTS PUBLIC PROCUREMENT CONTRACTS Public authorities conclude contracts to ensure the supply of works and delivery of services. These contracts, concluded in exchange for remuneration with one or more operators,

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Business Process Management & Workflow Solutions

Business Process Management & Workflow Solutions Business Process Management & Workflow Solutions Connecting People to Process, Data & Activities TouchstoneBPM enables organisations of all proportions, in a multitude of disciplines, the capability to

More information

ENTERPRISE MANAGEMENT AND SUPPORT IN THE AUTOMOTIVE INDUSTRY

ENTERPRISE MANAGEMENT AND SUPPORT IN THE AUTOMOTIVE INDUSTRY ENTERPRISE MANAGEMENT AND SUPPORT IN THE AUTOMOTIVE INDUSTRY The Automotive Industry Businesses in the automotive industry face increasing pressures to improve efficiency, reduce costs, and quickly identify

More information

Common Safety Method for risk evaluation and assessment

Common Safety Method for risk evaluation and assessment Common Safety Method for risk evaluation and assessment Guidance on the application of Commission Regulation (EU) 402/2013 March 2015 Contents 1. Introduction 4 Background 4 Purpose of this guidance 5

More information

Successful EMR Strategies

Successful EMR Strategies MANAGING THE TIDES Sean Lunde June 7, 2012 1 Up to 50% of all EMR implementations fail. 2 2 Keshavjee K. Best Practices in EMR Implementation: A Systematic Review. In: ; 2006. Available at: http://www.ncbi.nlm.nih.gov/pmc/articles/pmc1839412/

More information

ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY

ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY Dr. Qi Van Eikema Hommes SAE 2012 Government/Industry Meeting January 25, 2012 1 Outline ISO 26262 Overview Scope of the Assessment

More information