Search results

Question about data storage

Raw data do not need to be in eLN, it is enough to refer to the documents containing data.

Potential Customers list (Names and Mail adresses etc.)

It depends on the reason you want to make this list. Potentially, yes, you can make this list, you can send them a cold email under legitimate interest (the so-called soft-spam) in order to introduce your company and services, but you don't have to insert a call to action because marketing activities require consent as the legal basis.

Here you can find more information on GDPR extraterritorial effect and on consent.

• What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
• Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
• Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
• Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/

If you need to understand how to process consent under GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/

Expanding and elaborating scope

My question is I am going to Update the medical device file as per Eumdr (Article 1) so what should be the scope? As per my understanding, I have defined the scope for PACS This procedure applies to: Technical/engineering documentation required for the release of XYZ medical device software. Changes to the product, process, facility, quality system, or organization. All countries and territories where XYZ medical devices are approved for sale (EU for CE Marking) Just want to confirm is this sufficient scope or should expand our scope or if you suggest some more.

If this scope is enough to completely describe your product and if the purpose of the product is clearly seen within that scope, then it is enough.

What is the new changes as per new ISO 15223-1:2021 for PACS software

Yes, there is a special symbol for software. And also there is a symbol pointing to a website with additional installation instructions (if you have one). 

Is there any specific retention time period for software? As per MDR 10 years after the last device covered by EU DOC & for implantable for 15 years .

So far there is no specific retention time period for software. However, be aware that you need to follow additional information from the MDCG group. They regularly publish new guidelines and interpretations: https://ec.europa.eu/health/md_sector/new_regulations/guidance_hr

Lateral flow device

According to my knowledge, it is under FDA the class 1. But, please take that with a grain of salt. Namely, we are not authorized to define the classification of medical devices.

Definitions for classification can be found on the following link:  https://www.fda.gov/medical-devices/overview-device-regulation/classify-your-medical-device

For more information regarding fulfilling FDA regulatory classes for medical devices, please see following link:

• How to use ISO 13485 to fulfill FDA regulatory classes for medical devices https://advisera.com/13485academy/blog/2017/09/14/how-to-use-iso-13485-to-fulfill-fda-regulatory-classes-for-medical-devices/

• ISMS TIER 1 - 4 Documents

  Please note that ISO 27001 does not prescribe or make reference to documents tiers.

  Considering that, the concept of tiers is a common interpretation made by organizations to make ISO documentation management easier to understand.

  In this interpretation the tiers are:

  1. Policies: define rules for the ISMS. They are composed of the Information Security Policy and additional subject-specific policies (e.g., Access Control Policy, Backup Policy, etc.).
  2. Procedures: they describe what needs to be done, by who, when, and in what order.
  3. Work instructions: they detail how specific tasks are performed.
  4. Records: documents that provide evidence of performed activities or results achieved.

  This material will provide you a further explanation about document management:

  • Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

• Exclusion to 8.3

  thank you very much, Sir. This information is very helpful.

• Measurement uncertainty in chemical process

  Measurement uncertainty is a statistical measure, offering a range within which there is an equal probability of the result value lying, at a particular confidence. This uncertainty estimate is therefore a combination of all  the factors that affect the variability of results, on a method to method basis. The approach is to firstly know your method and the process steps, then determine the type of contributors to uncertainty. This depends on your method. It helps to use a checklist and record to guide and report the process. Where detailed measurement uncertainty evaluation is not possible due to the nature of the test method, the measurement uncertainty may be estimated based on principles of the techniques or practical experience of the performance of the method.

  Advisera’s ISO 17025 toolkit guides you through the implementation of ISO 17025. The  ISO 17025 document template: Evaluation of Measurement Uncertainty Procedure and related Measurement Uncertainty Checklist and Measurement Uncertainty Record are available as part of the ISO 17025 toolkit; or as separate documents; to guide you in the process.   A complete discussion of measurement uncertainty is however outside of the scope of the toolkit. 

  Technicians responsible for uncertainty calculations need some technical training and support to fully understand what is required because you need to have an understanding of type a and type b uncertainties and the statistical calculations. Type A are based on the statistical analysis of measurements and Type B is based on other sources of information such as calibration or reference material certificates and that reported uncertainty from the certificate. In many chemical processes , Type A contributors to precision are typically the largest contribution.

  For more information regarding the measurement uncertainty, see the ISO 17025 toolkit document template: Evaluation of Measurement Uncertainty Procedure at https://advisera.com/17025academy/documentation/evaluation-of-measurement-uncertainty-procedure/ This covers the basic principles and steps to plan, measure and calculate the data required for an evaluation of measurement uncertainty. The two appendices related to the document, Measurement Uncertainty Checklist and Measurement Uncertainty Record support the process. 

  I recommend you also look to your sector and suppliers for commonly used approaches.

• Incident Response and Business continuity Disaster Recovery instructor led training

  We do not have knowledge of instructors for these specific training, so your best approach would be looking for them on professional social networks like LinkedIn, or organizations that issue certificates for business continuity professionals like BCI and DRII. You may find the information you are looking for on these sites:

  • https://www.thebci.org/
  • https://drii.org/

• Business impact analyses questionnaire

  1 - What impact analyses should I document?

  The business processes to be considered are those related to the defined business continuity objectives. For example, if your business objective is to ensure continuity of customer support services, then the processes related to these services need to undergo business impact analysis (e.g., customer service tickets management, escalation process, etc.).

  For further information, see:

  • How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

  2 - Do I do a granulate approach and document things like power outages or does things like power outages become a prerequisite to a process not being available.

  Please note that for Business Impact Analysis you do not need to take into account risks, only the impact of the disruption over the processes. Risk identification (so you can identify the ones with the most chance to occur) can be performed either before or after BIA, but it is a completely different and independent process.

  For further information, see:

  • Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/

• Calling organization's products after certified ISO 13485 QMS in place

  With a certified ISO 13485 QMS in place  which is in alignment to national regulatory body as well (though not audited by national regulatory body), can an organization call its products:
  1. GMP grade products or
  2. ISO13485 conforming products or
  3. ISO 13485 and GMP conforming products
  Note: I have not used the word compliant for GMP since as I understand that the organization needs to be audited by regulatory body to claim the same?