Search results

Data retention

Please note that ISO 27001 does not prescribe data retention requirements (for any type of information), only that these must be defined, based on results of risk assessment and applicable legal requirements (e.g., laws, regulations, and contracts).

Considering that, you should consider hiring legal expert advice, to help you identify relevant legal requirements applicable to your organization.

This article may provide you a starting point:

• Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/

Checklist to see if we should become ISO 17025

The starting point is to understand the purpose of the ISO 17025 Standard, the requirements and identify the benefit for your laboratory.

To assist, begin with the article What is ISO 17025?, available at https://advisera.com/17025academy/what-is-iso-17025/

Then have a look at the free Whitepapers available at https://advisera.com/17025academy/free-downloads/, particularly

• Clause-by-clause explanation of ISO 17025:2017
• Diagram of ISO 17025 Implementation Process
• Project Plan for ISO/IEC 17025 implementation

Then there are some useful articles at https://advisera.com/17025academy/blog/, particularly 

• Six key benefits of ISO 17025 implementation
• Checklist of ISO 17025 implementation steps

The ISO 17025 Toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ has previews, including an Internal Audit Process Checklist you would use to populate all the requirements in (as from above)  to determine the gaps and level of compliance for implementation and accreditation. You could also obtain the assessment checklist form the ISO 17025 accreditation body you would deal with.

Requirement for ISO 9001: 2015 certification in cargo and marine services

Thanks for the information. Most appreciated 

MDR Technical Documentation

According to the definitions in the ISO 13485:2016, a medical device family is a group of medical devices manufactured by or for the same organization and have the same basic design and performance characteristics related to safety, intended use, and function. You can have one Technical documentation for the group of the medical devices with a complete list of the various configurations/variants. 

To see how to structure the Technical file according to MDR, see this Technical file template: https://advisera.com/13485academy/documentation/technical-file-template/

Archiving period for Documents in IATF 16949

Regarding the retention of records, the legal regulations and the periods specified by the customer-specific requirements are important. The first issue to be examined is these 2 places. 

In addition, the IATF 16949: 2016 standard defined in clause 7.5.3.2.1 as follows.

"Production part approvals, tooling records including maintenance and ownership), product and process design records, purchase orders (if applicable), or contracts and amendments shall be retained for the length of time that the product is active for production and service requirements, plus one calendar year unless otherwise specified by the customer or regulatory agency."

Management representative in ISO 13485

Yes, you can outsource a person as a management representative. A management representative should be someone who is knowledgeable, trained, and have experience in dealing with the Quality Management System according to ISO 13485 of the company as well as familiar. Also, it would be preferable that that person has experience with your type of medical devices and technologies. This person must be available upon your request.

With an outsourced Management representative, you need to have a contract where mutual obligations will be defined.

For more information, please see the following articles:

• How to define roles and responsibilities within an ISO 13485-based QMS https://advisera.com/13485academy/blog/2017/11/16/how-to-define-roles-and-responsibilities-within-an-iso-13485-based-qms/
• How to fulfill management responsibilities in ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-fulfill-management-responsibilities-in-iso-13485/

• ISO 9001 documents for surveillance audit

  During the certification audit, auditors confirmed that your quality management system was designed according to ISO 9001 requirements.

  During surveillance audits auditors' main concern is to verify that your organization complies with the rules (internal and from the standard) and improves the system. So, I recommend you to check if your quality management system records are being filled correctly, performance is being analyzed and evaluated and improvement actions implemented.

  You can find more information below:

  • What is an ISO 9001 surveillance audit? - https://advisera.com/9001academy/blog/2016/10/18/what-is-an-iso-9001-surveillance-audit/
  • Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
  • Course - Free online training ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• Verifying stage 1 audit

  The main purpose of the stage 1 audit is to verify whether your environmental management system is designed and compliant with the requirements of the standard. Anything can be audited in terms of documentation. Stage 1 audits are not for auditing implementation. So, do not expect stage 1 audit to go audit operations, for example.

  Documents to be reviewed during this stage of the audit are all the documents that belong to the scope of your management system, this includes documents required by the standard itself and the ones that the organization determined as necessary for effective maintenance of the management system.

  For more information, see:

  • List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

   

• Frequency or Environmental Legal audits as per ISO 14001 standard

  Please check this picture:

  

  ISO 14001:2015 requires that an organization determines its compliance obligations and keep them updated (clause 6.1.3). ISO 14001:2015 requires that an organization periodically evaluates its compliance obligations status.

  For both of these activities, ISO 14001:2015 does not recommend any particular frequency. It is up to each organization to determine the most suitable frequency. Some economic sectors and some countries are more prone to legal changes than others. Each organization determines its frequency and can evaluate its effectiveness by checking if between consecutive determinations many changes are found.

   

  Besides these clauses, ISO 14001:2015 requires that an organization audits its environmental management system at least once a year (actually, ISO 14001:2015 does not set the yearly requirement, the early requirement is set by the certification bodies in their contract with organizations.

   

  Please consider the following information:

  • What is evaluation of compliance and how to do it according to ISO 14001? - https://advisera.com/14001academy/blog/2020/12/01/what-is-evaluation-of-compliance-and-how-to-do-it-according-to-iso-14001/
  • Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
  • How to perform communication related to the EMS - https://advisera.com/14001academy/blog/2015/08/31/how-to-perform-communication-related-to-the-ems/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/