Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Resolution timeline for closing NC's and MDR/UDI and EUDAMED

    1. Hello, Could you advise on defining the resolution timeline for closing Critical, Major and Minor NC ? The product is '' image viewer software ''?

    Defining both the criteria for determining critical, major, or minor non-conformity and the resolution time for closing non-conformities is your responsibility, according to your risk analysis. For example, if critical non-conformity means the worst one, then resolution time can be 15 days, for major 30 days, and for minor non-conformity 60 days. It is just a suggestion

    More information regarding this topic, you can find on the following links:

    2. Could you advise if the company preparing for MDR transition from MDD needs to register for UDI/ EUDAMED if they will not be placing the product on the EU market?

    Registration in the EUDAMED database is mandatory for manufacturers, authorized representatives, and importers. Manufacturers mean the business entity who certified their medical device (CE marking) and puts it under their name.  So, if you're not placing the product on the EU market, then you do not need to be registered in the EUDAMED and do not need to issue a UDI number.

  • ISO 13485:2016 , regulatory requirements

    According to Article 8 of the MDR, all medical device manufacturers need to be in compliance with standards published in the Official Journal of the European Union. On this list, there are more than 300 different standards for all kinds of medical devices. Each manufacturer must define to which standards it must comply.

    For more information, see: 

    According to Article 15 of the MDR, manufacturers need to nominate at least one person that will be responsible for the regulatory compliance. Furthermore, in Article 10, point 9, it is necessary that as part of the quality management system, there is a document where the strategy for regulatory compliance will be described. This document will describe how often the review process for all standards/ legislation will be conducted (for example will it be every month, every 3 months, or longer period). And also, if there will be a new revision of the standard/legislation what must be done (GAP analysis, new tests, new reports, is there a necessity for education or some other resources).

    For more information, see:

    • EU MDR Article 10 – General obligations of manufacturers https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/
    • EU MDR Article 15 – Person responsible for regulatory complaince https://advisera.com/13485academy/mdr/person-responsible-for-regulatory-compliance/

    • Risk assessment

      Please note that for ISO 27001 risk assessment confidentiality and integrity, alongside availability, are related to risks (6.1.2 c 1), and to consequences (6.1.2 d 1), not to assets. So, sensitivity is not related to risk assessment.

      Considering that, when using an asset-based approach for risk assessment, you need to consider the loss of confidentiality, integrity, and availability to identify risks and impacts, not sensitivity.

      Sensitivity is a concept related only to control A.8.2.1 – Information Classification (alongside legal requirements, value, and criticality).

      Only when results of risk assessment, or applicable legal requirements, define control A.8.2.1 as applicable is that you need to classify information regarding sensitivity, due to unauthorized disclosure (i.e., loss of confidentiality) or modification (i.e., loss of integrity).

      In other words, the impact in risk assessment affects sensitivity rating, not the other way around (the greater the impacts due to loss of confidentiality or integrity, the greater should be the sensitivity rating, to ensure proper controls are implemented to protect the information).

      For further information, see:

    • Auditing integrated ISO 27001, ISO 20000 and ISO 9001

      An integrated management system can be audited/certified against only one of its component standards, so you do not need to implement all standards first and then go for auditing/certification.

      Please note that some certification bodies can perform integrated audits (you can ask for this information from your chosen certification body), so you also need to consider that when defining your implementation strategy.

      This article will provide you a further explanation about certification audit:

      These materials will also help you regarding certification audit:

    • Requirements for SAMD

      Classification of software is covered in the MDR by Rule 11.

      "Software intended to provide information which is used to make decisions with diagnosis or therapeutic purposes is classified as class IIa, except if such decisions have an impact that may cause:

      • death or an irreversible deterioration of a person’s state of health, in which case it is in class III; or
      • a serious deterioration of a person’s state of health or surgical intervention, in which case it is classified as class IIb.

      Software intended to monitor physiological processes is classified as class IIa, except if it is intended for monitoring of vital physiological parameters, where the nature of variations of those parameters is such that it could result in immediate danger to the patient, in which case it is classified as class IIb.

      All other software is classified as class I“

      In my opinion, it is class IIb – because if the software is wrong, and the dental doctor receives the wrong picture, there can be conducted a wrong surgical intervention.

      For software, the following requirements from the ISO 13485:2016 standard are definitely not applicable:

      • 7.5.5 Particular requirements for sterile medical devices
      • 7.5.7 Particular requirements for validation of a process for sterilization and sterile barrier systems
      • 7.5.9.2 Particular requirements for implantable medical devices

      Following requirements have to be taken into consideration:

      • 7.5.3 Installation activities
      • 7.5.4 Service activities

      All requirements that are not applicable must be stated in the Quality manual with justification why those are not applicable.

    • Annex A section 5.1

      Controls A.5.1.1 and A.5.1.2 are covered by ca 20 policies and procedures you can find in folder "08 Annex A" - it does not make sense to have a specific document focused only on these two controls.

      Additionally, is important to understand that ISO 27001 does not require every applicable control to be a separate document. In some cases, you only need to make a brief description of how it is implemented, and you can do that in our SoA template, in the column "Implementation Method".

      This article will provide you a further explanation about the Statement of Applicability:
      - How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

    • Is ISO 22301 mandatory for audits?

      Please note that an ISO management standard is mandatory for an audit only if you are certified on that standard, or in case you have to comply with a law, regulation, or contract that demands the application of the standard during an audit.  

      In case these situations do not apply to you, the standard is not mandatory in an audit.

      These articles will provide you a further explanation about the identification of legal requirements (the same concept applies for both ISO 22301 and ISO 13485):

    • Multiple titles

      Yes, you can have two business cards. 

    • Enforcing the quality management system requirements

      Mark hit it on the head. While QA really has no power to enforce requirements for leadership, you can always remind them that corrective action requirements, including obviously internal audit findings and/or 2nd and 3rd party audit findings that drive CARS/SCARS/RCA and follow up audits to ensure the corrective actions that were initiated are effective, are the ONLY requirments of AS9100 that a CB 3rd party auditor can pull your cert immediately. I've witnessed this in action. The CB auditor physically pulled the framed cert off the wall on his way out and after reporting to the CB, the cert was revoked within 3 days. This means this info is available on the IAQG website and your basically out of business. So, if they like the fat paychecks executives tend to receive, it's in their best interest to support the QMS to their fullest extent, it's a requirement of the standard. So, the 3rd party auditor would write up Majors on leadership as well as lack of continuous improvement through the methods I mentioned. Hope this helps!

    • Applicable exclusion from standard

      In our documentation toolkit, in 03_Quality_Manual_Premium_EN, in section 2.1 you can state all requirements that are not applicable for your company, with proper justification.

       
Page 188-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +