Search results

ISO 22301 - Recovery Framework

I am preparing a recovery framework for a large organization in line with the 22301 toolkit. I am considering which documents should be kept at group level as common for the entire organization and which should be developed locally. The question mainly concerns the Business Continuity Plan. Naturally, all of its appendices need to be prepared at the local level, but should the BCP itself be done at group level or also at local level?

At group level there is a dedicated crisis management team, and at local levels there are their own crisis management teams, which are guided by the group-level team.

The risks of losing the ISO 13485 Accreditation

Assuming SSD = Sterile Services Department, the hospital would be at potentially high risk, but the actual level depends on why ISO 13485 was lost.

Loss of certification does not automatically mean instruments are unsafe, but it removes an important independent assurance that the SSD’s QMS is controlled. Your hospital would likely be at medium risk if the loss was administrative, but high risk if it resulted from process-control failures. If the SSD cannot demonstrate validated sterilization, effective cleaning, controlled release, traceability, competent staff, maintained equipment, and effective CAPA, the risk becomes patient-safety critical, not merely a quality-system issue.

Quick question on constructing the technical documentation

Thank you for participating in the webinar and for your follow-up question. MDR Article 83(1) states that “for each device,” the manufacturer shall plan, establish, document, implement, maintain, and update a post-market surveillance system, proportionate to the risk class and appropriate for the type of device.                                                                                             

In addition, MDCG 2025-10, “Guidance on post-market surveillance of medical devices and in vitro diagnostic medical devices”, provides an explicit clarification. A PMS Plan may cover either a single device or a group of devices - devices with the same manufacturing process, design, and intended purpose, or devices within the same device family. In such cases, the PMS Plan should clearly state which devices are included within its scope.                                                                                                                                            

Therefore, when I referred to the PMS Plan as being device-specific, the intention was that it cannot be a purely generic QMS-level PMS procedure. The PMS Plan must define the device or group of devices covered, the PMS activities, data sources, methods, indicators, thresholds, frequency of monitoring, and rationale in a manner that is appropriate to the specific device or defined device family.                                                                              

Sensitive Data Issue - AI Meta & WhatsApp

Sadly, we do not cover these topics related to other data controllers. Please check our resources at https://advisera.com/eu-gdpr/

Expert perspective on ISO 9001:2026 transition – Sanity check on Gap Analysis and strategic shift

Thank you so much for your comment and  analysis! It is a truly great and accurate summary of the current situation.

I am really glad for this perspective—especially the point that it’s not about ‚less paperwork‘ but about better evidence, and the focus on building a more resilient QMS. You are also absolutely right with your warning at the end. It’s good to prepare, but I will definitely wait for the new standard to be officially published before making any final changes to our processes 

ISO 17025 - Traceability Questions

Hi you asked

We are planning on being a Testing & calibration laboratory (ISO17025) and would like to issue calibration certificates (for a set of calibration lenses) for use by others as part of the process above, what amendments need to be considered? (we will perform uncertainty budgets etc.)

You can issue traceable calibration certificates, to be used by testing laboratories provided you demonstrate full technical competence, control, and properly evaluated uncertainty in line with ISO 17025 for your metrology scope.

This includes, besides ensuring an unbroken traceability chain to NIST

• Defining your calibration capability (range and uncertainty) 
  Specify the lens power range covered and the uncertainty you can achieve
  
  
• Using validated or verified calibration methods
  Ensure the method is fit for purpose and performs consistently.
  
  
• Developing and reporting measurement uncertainty
  Establish an uncertainty budget (including standards, equipment, environment, and repeatability) and report it with results.
  
  
• Maintaining calibrated and controlled equipment
  Apply a calibration programme with periodic recalibration and checks.
  
  
• Implementing ongoing checks for the validity of results
  Use check standards or repeat measurements to confirm performance.
  
  
• Issuing compliant calibration certificates
  Here you will be guided by your accreditation body. Include results, uncertainty, traceability, and relevant conditions. to meet the requirements of ISO 17025 for reporting calibration results.

Data Processing

Hello,

Sadly, we cannot offer legal assistance or legal advice, because in California GDPR doesn't apply. We can help you though with guidance related to GDPR versus CCPA - please consult this article: https://advisera.com/articles/gdpr-vs-ccpa-what-are-the-main-differences/ 

Best regards,

Tudor

ISO 13485 - Quality agreement for subcontractor

A Quality Agreement sets out the framework for a reliable, transparent, and well-controlled cooperation between the Manufacturer and the Subcontractor. Its purpose is to define responsibilities clearly, communication channels, documentation requirements, and quality expectations for all outsourced activities that may affect the medical device or any of its components. This is particularly important in the medical device field, where any outsourced part of the manufacturing process must be performed with the same level of quality, control, and regulatory compliance as if it were carried out by the original Manufacturer itself, in accordance with ISO 13485, Regulation (EU) 2017/745, and any other applicable requirements. Although certain activities may be subcontracted, the original Manufacturer remains fully responsible for the final medical device and for ensuring that it is safe, compliant, and consistently produced to the required standard, regardless of where a specific part of the process or product is performed. For this reason, the Quality Agreement plays an essential role in ensuring alignment between the parties, maintaining product quality, and building mutual trust and confidence throughout the cooperation. You can see a part of the Quality agreement on the following link: https://advisera.com/13485academy/documentation/quality-agreement-for-subcontractor/

Are the trainings available in other languages?

Dear Giuseppe,

Thank you for your interest!

Unfortunately, we currently do not offer any courses or training in French. However, we have noted your interest for future updates.

If you need any further assistance or have questions about our products, feel free to schedule a meeting with our representative here: https://app.hubspot.com/meetings/marko5. 

ISO 13485 Compliance for Medical Device Stamping Process

Stamping processes can definitely be aligned with ISO 13485, as long as they are clearly defined, properly controlled, and validated when needed as part of the quality management system. The main question is whether the outcome of the stamping process can be fully checked afterward. If the critical features cannot be completely confirmed through inspection or testing alone, then process validation is usually necessary.

In day-to-day practice, this means the stamping process should be supported by solid documentation. This would normally include procedures, work instructions, setup parameters, inspection criteria, training records, maintenance records, and production records. If validation is required, there should also be a validation protocol, predefined acceptance criteria, documented test results, and an approved final report.

Traceability is another important part of compliance. It should be possible to connect each batch or lot to the raw material used, the tooling, the machine, the operator, the inspection results, and the final release decision. This provides evidence that the stamped parts were produced under controlled conditions and met the required specifications.

Risk management should also be built into the process, not handled separately. Common risks in stamping include tool wear, dimensional variation, burrs, cracking, contamination, setup mistakes, and mix-ups between parts. These risks should be identified and controlled through practical measures such as defined process parameters, in-process checks, tool maintenance, segregation of nonconforming product, and proper change control.

When it comes to examples from industry, public information alone is usually not enough to confirm whether a company is truly operating in line with ISO 13485. In practice, compliance is shown through objective evidence within the quality system, not simply by the fact that stamping is being used.