Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • IATF 16949 Process Audit Checklist

    It would be more effective to make an automotive process approach for quality management processes system audits, the use of a checklist is not recommended.        

    For this, it may be necessary to receive training in internal auditors and the automotive process approach. During the audit, each process should be asked about goals, risks, and opportunities, responsibility, authority, training, etc. Apart from that, as an example, if the purchasing process is to be audited, the 8.4 clauses of the IATF 16949:2016 standard should be audited as the main subject.

  • Quality management system

    I never saw any use of the words “quality income” and ISO 9001.

    About the term “cost of quality” you can see it being used in this article - How to measure the cost of quality in line with ISO 9001 principles - https://advisera.com/9001academy/blog/2019/10/28/cost-of-quality-how-to-measure-it-in-line-with-iso-9001/ Before ISO 9001 I used the term “cost of quality” as a designation to the sum of cost of quality prevention (like training), quality control (like controller’s wages) and quality failure (like cost of defects and rework).

    Cost of quality can be a quality objective.

    Below, you can find more information about quality objectives:

  • Reagent equivalency requirement

    Equivalent device in the meaning of the In vitro diagnostic device regulation (IVDR 2017/746) is considered as equivalent when the device in question is either almost identical or completly identical to the comparator device. In order to demonstrate equivalent performance, a systematic methodological comparison is required, where performance should correspond to the performance of a comparator device within the pre-defined limits. 

    Some of the elements according to which equivalence can be made a presented bellow (regarding the product composition, design, features, or intended purpose). Please keep in mind that this is not the whole list, it is manufacturer's responsibility to define appripriate concept, considering the type of the IVD device:

    -        Technology (for example is it ELISA, PCR, spectroscopy...)

    -        Device design (for example what is a sample volume, what are the processing and incubation time, critical reaction component(s))

    -        Is it automated or manual system

    -        What are analytical performance characteristics

    -        Which Specimen type(s) are used (blood, urine, saliva, plasma)

    -        Biological controls

    -        Are antibodies used polyclonal or monoclonal

    -        What is intended purpose 

    -        Who are target population 

    -        Who are Intended user (professional use, near patient test, self-testing) 

    -        Are there any test limitations 

    -        Scientific validity 

    -        Clinical performance 

    -        Clinical benefit

  • Characteristics of manufacturing process that should be controlled and documented

    According to customer specs and technical drawings, control criteria should be defined both in PFMEA and in the Control Plan for both the product and the production process. These controls vary from product to product.

    For example; dimensional measurements, visual checks, material checks, strength tests, etc..  can be given for the product control.

    Controls such as pressure, temperature, time, speed, voltage, ampere, etc. can be followed for the production process. 
     

  • ISO 13485:2016 regulatory expectations around distributors

    ISO 13485:2016 is applicable to the distributors as well, according to section 1 of the standard. So it is expected that distributors will have implemented the ISO 13485:2016. Their quality management system will cover their distribution scope: how they receive medical devices, which documents they must check when receiving it from the manufacturer, how to store it, how to deliver it to the customer/client. Distributors must have in place a customer complaint process, have a proper place where returned products will be placed, and must have in place the process of communicating with the competent authority when needed.

    Distributors must have in place QA agreements with manufacturers where mutual responsibilities will be stated.

    For more information on the distributor's obligations, please see:

    • EU MDR 2017/745 Article 14 - General obligations of distributor https://advisera.com/13485academy/mdr/general-obligations-of-distributors/

    • Risk Consultation

      ISO 27001 is pretty flexible when it comes to documenting your security objectives - you can write them in your Information Security Policy, in the Statement of Applicability, or in some separate document. 

      When using our ISO 27001 Documentation Toolkit, you can document the general ISMS objectives in the Information Security Policy, and specific objectives for controls (or groups of controls) in the Statement of Applicability. 

      Including the information security objectives within the risk treatment plan, or in the asset list would not be efficient, because a single information security objective can be linked to many actions in the plan or assets in the assets list, which would make them very difficult to understand and maintain.

      This article will also help you:

      In this free online training you'll find detailed guidance on setting the objectives:

    • Conformio and ISMS

      First is important to note that unless you have specific requirements demanding the implementation of ISO 27017 and ISO 27018 (e.g., laws, regulations, or contracts), ISO 27001 is fully capable to provide required information security for cloud environments.

      Considering that, to implement an ISMS compliant with ISO 27001, ISO 27017, and ISO 27018, the best approach would be to use the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit, and do not use Conformio. Currently, Conformio does not cover ISO 27017 and ISO 27018 requirements.

      In case you decide to use the toolkit you’d need to buy it, and since you are our existing customer, we can offer you a discount.

      These articles will provide you a further explanation about ISO 27017 and ISO 27018:
      - ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
      - ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

    • Risk treatment plan

      Hello, I want to make an inquiry. If the Risk Treatment Plan is considered an "Action Plan", can the information security objectives be included in the plan?

      ISO 27001 is pretty flexible when it comes to documenting your security objectives - you can write them in your Information Security Policy, in the Statement of Applicability, or in some separate document.

      When using our ISO 27001 Documentation Toolkit, you can document the general ISMS objectives in the Information Security Policy, and specific objectives for controls (or groups of controls) in the Statement of Applicability.

      Including the information security objectives within the risk treatment plan, which can be considered an “Action plan”, or in the asset list would not be efficient, because a single information security objective can be linked to many actions in the plan or assets in the assets list, what would make them very difficult to understand and maintain.

      This article will also help you: 

      In this free online training, you'll find detailed guidance on setting the objectives: 

    • Implementation duration

      We estimate that for companies up to 10 employees it is necessary up to 3 months to implement the quality management system according to the ISO 13485:2016.

    • Como devo prosseguir com um relatório?

      De sua pergunta e do artigo encaminhado para mim (https://advisera.com/27001academy/pt-br/blog/2015/05/20/certificacao-iso-27001-o-que-fazer-apos-receber-o-relatorio-de-auditoria/), presumo que você esteja se referindo a um relatório de auditoria de certificação.

      Considerando isso, em resumo, ações decorrentes do relatório de auditoria são:

      • envio de plano de ação para o auditor de certificação para tratativa de não conformidades menores (quando identificadas), e implementação do plano dentro das datas definidas
      • tratativa pela organização e envio de evidências para o auditor de certificação da tratativa de não conformidades maiores (quando identificadas)
      • análise crítica das oportunidades de melhoria pela alta administração e definição de ações a serem tomadas e prazos quando julgado pertinente.

      O relatório de auditoria de certificação será usado como referência de consultada para quaisquer dúvidas em relação as ações a serem tomadas.
Page 176-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +