Search results

Management representative in ISO 13485

Yes, you can outsource a person as a management representative. A management representative should be someone who is knowledgeable, trained, and have experience in dealing with the Quality Management System according to ISO 13485 of the company as well as familiar. Also, it would be preferable that that person has experience with your type of medical devices and technologies. This person must be available upon your request.

With an outsourced Management representative, you need to have a contract where mutual obligations will be defined.

For more information, please see the following articles:

• How to define roles and responsibilities within an ISO 13485-based QMS https://advisera.com/13485academy/blog/2017/11/16/how-to-define-roles-and-responsibilities-within-an-iso-13485-based-qms/
• How to fulfill management responsibilities in ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-fulfill-management-responsibilities-in-iso-13485/

• ISO 9001 documents for surveillance audit

  During the certification audit, auditors confirmed that your quality management system was designed according to ISO 9001 requirements.

  During surveillance audits auditors' main concern is to verify that your organization complies with the rules (internal and from the standard) and improves the system. So, I recommend you to check if your quality management system records are being filled correctly, performance is being analyzed and evaluated and improvement actions implemented.

  You can find more information below:

  • What is an ISO 9001 surveillance audit? - https://advisera.com/9001academy/blog/2016/10/18/what-is-an-iso-9001-surveillance-audit/
  • Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
  • Course - Free online training ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• Verifying stage 1 audit

  The main purpose of the stage 1 audit is to verify whether your environmental management system is designed and compliant with the requirements of the standard. Anything can be audited in terms of documentation. Stage 1 audits are not for auditing implementation. So, do not expect stage 1 audit to go audit operations, for example.

  Documents to be reviewed during this stage of the audit are all the documents that belong to the scope of your management system, this includes documents required by the standard itself and the ones that the organization determined as necessary for effective maintenance of the management system.

  For more information, see:

  • List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

   

• Frequency or Environmental Legal audits as per ISO 14001 standard

  Please check this picture:

  

  ISO 14001:2015 requires that an organization determines its compliance obligations and keep them updated (clause 6.1.3). ISO 14001:2015 requires that an organization periodically evaluates its compliance obligations status.

  For both of these activities, ISO 14001:2015 does not recommend any particular frequency. It is up to each organization to determine the most suitable frequency. Some economic sectors and some countries are more prone to legal changes than others. Each organization determines its frequency and can evaluate its effectiveness by checking if between consecutive determinations many changes are found.

   

  Besides these clauses, ISO 14001:2015 requires that an organization audits its environmental management system at least once a year (actually, ISO 14001:2015 does not set the yearly requirement, the early requirement is set by the certification bodies in their contract with organizations.

   

  Please consider the following information:

  • What is evaluation of compliance and how to do it according to ISO 14001? - https://advisera.com/14001academy/blog/2020/12/01/what-is-evaluation-of-compliance-and-how-to-do-it-according-to-iso-14001/
  • Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
  • How to perform communication related to the EMS - https://advisera.com/14001academy/blog/2015/08/31/how-to-perform-communication-related-to-the-ems/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

• Document and record control procedure means what are the procedure will include?

  Document control involves ISO 17025 mandatory documents as well as those you develop. It is not just about the unique identifiers (document name, number) and revision number. The purpose of document control is that plus to make sure the correct documents are in use, obsolete version are taken out of use. Furthermore, to make sure all documents are reviewed periodically and have been approved.

  For more information see

  a similar question at https://community.advisera.com/topic/document-control-6/
  the ISO 17025 toolkit document template: Document and Record Control Procedure at https://advisera.com/17025academy/documentation/document-and-record-control-procedure/
  the article List of mandatory documents required by ISO 17025:2017 at https://advisera.com/17025academy/blog/2019/08/30/list-of-mandatory-documents-required-by-iso-170252017/
  the whitepaper Checklist of mandatory documents required by ISO 17025:2017 available from https://advisera.com/17025academy/free-downloads/

• ISO 27001 and ISO 20000 certification

  Please note that ISO 27001 and ISO 20000 have different objectives, and core requirements, so only one of them is not enough to fulfill the criteria for both certifications. However, they share many requirements, which makes implement them together easier.

  Now, regarding the necessity, this only can be evaluated based on your organization’s strategies and objectives. For example, if your core business is related to the provision of IT services and you have a clear demand for information protection, then both certifications would help.

  These articles will provide you a further explanation about ISO 27001 and ISO 20000 integration:

  • How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
  • How to implement integrated management system https://advisera.com/articles/how-to-implement-integrated-management-systems/

  These materials will also help you regarding ISO 27001 and ISO 20000 integration:

  • How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
  • ISO 27001 vs. ISO 20000 matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix

• Can CE agency also recognize the same 13485 standard?

  If I understand your question correctly, you are asking do notify bodies to recognize standard ISO 13485:2016 as a quality management standard. 

  According to the MDD, all manufacturers must be in compliance with applicable harmonized standards. Harmonized standards are standards published by the European Commission in the Official Journal of the European Union. On that list, ISO 13485 is the only standard that covers the quality management system. 

  Considering the MDR, there is still no list of harmonized standards published that will answer MDR requirements. It is expected that a new list of harmonized standards will be published by May 2021. Therefore, ISO 13485:2016 is still not harmonized to the MDR.

  For more information, please see the following articles:

  • What are EU harmonized standards? https://advisera.com/13485academy/blog/2020/06/12/what-are-eu-harmonized-standards/
  • EU MDR Article 8 – Use of harmonized standards https://advisera.com/13485academy/mdr/use-of-harmonised-standards/

  • Information security objectives

    Let´s evaluate it considering S.M.A.R.T. concepts:

    • Specific (target a specific area for improvement): This aspect is covered by the text “Define and establish the general guidelines of information security in the company,…”
    • Measurable (quantify or at least suggest an indicator of progress): it is not clear how it can be measured (e.g.: Define and establish how many guidelines?). Here you can use, for example, “Define and establish the general guidelines of information security in the company based on ISO 27001 standard,…”, because by using the standard as a reference you will be able to measure progress (e.g., how many items were covered?)
    • Achievable (state what results can realistically be achieved, given available resources): This one cannot be properly evaluated without knowing your context (this is a subjective evaluation by your top management, normally considering the measurable objective and the proposed deadline).
    • Relevant (how it impacts the business): It is not clear how this objective can benefit the organization (e.g., a decrease of quantity and/or impact of incidents, increase in productivity or competitiveness, etc.).
    • Time-related (specify when the result(s) can be achieved: It is not clear when the objective must be achieved (e.g., by the end of the year, by the end of the semester, etc.)

    These articles will provide you a further explanation about Objectives in ISO 27001:

    • ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
      Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/

    These materials will also help you regarding Objectives in ISO 27001:

    • Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    • Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Model of safety dashboard

    I’m assuming you are referring to a security dashboard.

    Considering that, ISO 27001 does not prescribe the development of dashboards, only that objectives be defined. 

    To build information security indicators I suggest you see these materials:
    - Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
    - Measurement Report https://advisera.com/27001academy/documentation/measurement-report/

    These articles will also help you:
    - How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
    - ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

     This material may also help you:
    - Measurement Report https://advisera.com/27001academy/documentation/measurement-report/