Search results

ISO 14001 certification in mixed-use projects

Yes, you can have one certification applicable to more than one site. You will have common documents, like the same policy, like common overall goals, like same procedure for corrective actions, internal audits or document control. You may have common processes for collecting and verifying compliance obligations and for determining environmental aspects and impacts.
Then, you will have specific procedures and work instructions a applicable to just one site

Vulnerability Assessment & Penetration Testing policy

The vulnerability management and penetration test are not mandatory documents according to ISO 27001, nor are they documents commonly adopted by organizations (most of them rely on outsourced services for this purpose), so it is not included in the toolkit, to avoid unnecessary effort to manage the ISMS. If you understand that this document is important to your organization, you can schedule a meeting with one of our experts so he can help you to develop such a document.

These articles will provide you a further explanation about vulnerability management:

• How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
• How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
• Implementing restrictions on software installation using ISO 27001 control A.12.6.2 https://advisera.com/27001academy/blog/2016/02/08/implementing-restrictions-on-software-installation-using-iso-27001-control-a-12-6-2/

Amount of staff ISO 13485

No, ISO 13485: 2016 nowhere defines how many employees a company must have in order to be in compliance with it.

If you continue to reduce your staff, this will be reflected on your processes, so you need to adjust them, to create a new job schedule, new job responsibilities descriptions, and the like.

Nothing will change drastically if the number of your employees is reduced from 5 to 3. The biggest risk that may arise is whether you now have enough staff to continue to ensure quality when delivering your product or service.

Info packaging

You can purchase this product from the manufacturer under the MDD only if there is a valid MDD certificate. If the manufacturer's MDD certificate is expired, according to the Article 120 Transitional provisions, no matter that the manufacturer's MDD certificate is expired, you can sell MDD products until the expiry date on the device.

You cannot purchase this product more from the manufacturer if it has not received an MDR certificate.

General safety and performance requirements – Annex 1- is applicable for MDR medical devices. All MDR medical devices must be in compliance with applicable requirements from section 23 of Annex 1.

For more information, see:

• EU MDR Article 120 Transitional provisions https://advisera.com/13485academy/mdr/transitional-provisions/
• EU MDR Annex 1 – General safety and performance requirements https://advisera.com/13485academy/mdr/general-requirements/

• Is ISO 17025 accreditation needed?

  You asked

  I would like to ask if an OEM company is ISO9001:2015 certified is it mandatory that they will get certification for ISO IEC 17025:2017 accreditation?

  The answer is no, IATF does not have a mandatory requirement for ISO 17025 accreditation. To clarify this let us start with mentioning that ISO 17025 is a testing and calibration standard to which laboratories are accredited, where ISO 9001 and IATF 16949 are Quality Management standards, to which organizations are certified. IATF 16949 is implemented in conjunction and as a supplement to ISO 9001 with a number of extra requirements for automotive suppliers on top of the requirements of ISO 9001.

  An OEM (original equipment manufacturer) that supplies components is not a laboratory, so ISO 17025 is not directly applicable. IATF 16949 however requires that specific laboratory requirements are met and the process for the management and calibration or verification records and internal calibrations is documented. Because of these requirements and the need for statements of conformity to a specification after calibration/verification, IATF 16949 includes an explanatory note that ISO/IEC 17025 accreditation is useful to demonstrate the organization's in-house laboratory conformance to the IATF 16949 requirements. This means that although not mandatory, testing of components and calibrations will typically be be performed by an accredited ISO 17025 laboratory. This is irrespective of  whether it is an inhouse laboratory (owned by or a department of the OEM) or subcontracted to an external provider.

  Note that while accreditation is not mandatory; as a minimum, it is advisable that the laboratory implements ISO 17025 and works in accordance to ISO 17025 to ensure requirements are met.

  You also asked 

   if answer is No, does it affects company's accreditation to  IATF 16949?

  Please note as said above, a company is certified to IATF 16949, not accredited. As long as the specific laboratory requirements are met, accreditation to ISO 17025 will not affect company's certification to IATF 16949

  For more information on IATF 16949, see the IATF 16949 Advisera Academy at https://advisera.com/16949academy/
  For more information on ISO 17025 see ISO 17025 – Main guidelines at https://advisera.com/17025academy/what-is-iso-17025/

• Changing calibration frequency

  A Calibration record is used to record the Calibration Dates. This is available as part of the Advisera ISO 17025 Toolkit as 08.3_Appendix_3_Calibration_Record. Then you should record the decision in your Registry of Key Risks and Opportunities, provided as part of the Advisera ISO 17025 Toolkit as 05.1_Appendix_1_Registry_of_Key_Risks_and_Opportunities.

  One risk I suggest you consider is financial risk of such a frequent calibration interval. I do not know what type of field testing you do, however you refer to temperature. It seems unnecessary to have such a frequent calibration of a thermometer or thermocouple device (depending on factors such as handling / stability), as typically for a testing laboratory you will calculate you MU based on the most recent calibration certificate for equipment used. Then you include your method imprecision during repeated use of the device in the field.

  For more information see:
  The answer to a question on calibration intervals, Re-calibration time at https://community.advisera.com/topic/re-calibration-time/, which includes links to resources.
  The ISO 17025 document template Equipment and Calibration Procedure available at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure/

• 15.1. Control Document

  The template Supplier Security Policy was developed to also cover control A.15.1.3 (on sections 3.1 – Identifying risks, and 3.3 - Contracts).

  To take a look to see if it can fulfill your needs, please access the free demo in this link: https://advisera.com/27001academy/documentation/supplier-security-policy/

  This article will provide you a further explanation about supplier security:
  - 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

• Lab Software

  I am wondering if you could tell me which standards would be required for a piece of lab software. The software tracks actions include cell culture trees, electronic lab notebook, cell line inventory, collaboration, and gene sequencing capabilities.

• CAN I EXCLUDE CHAPTER 8.3 ON DESIGN AND DEVELOPMENT FROM THE SCOPE OF THE QUALITY MANAGEMENT SYSTEM?

  According to your description, and if your quality management system’s scope includes only this kind of service to clients, I think that clause 8.3 is not applicable.

  For more information about exclusion consider the following:

  • What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/
  • Free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• PUEDO EXCLUIR DEL ALCANSE DEL SISTEMA DE GESTION DE CALIDAD EL CAPITULO 8.3 DE DISEÑO Y DESARROLLO

  Si su empresa no hace ninguna modificación en el diseño, simplemente lo verifica entonces podría excluir el requisito 8.3 de diseño y desarrollo. Sin embargo, si su organización hace alguna modificación del mismo debería de incluir el diseño y desarrollo dentro del alcance de su SGC.

  Para más información sobre la aplicabilidad de la cláusula de diseño y desarrollo, vea los siguientes materiales:

  - What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

  - ISO 9001 design process explained: https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/

  - Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  - Libro - Discover ISO 90001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/