Search results

Are Cardiovascular Stent covered in ISO 13485?

Cardiovascular stents are medical devices. ISO 13485:2016 is a standard that is applicable for manufacturers of all types of medical devices, therefore, it's applicable for cardiovascular stents.

For more information on what is ISO 13485, please see the following links:

• >What is ISO 13485? https://advisera.com/13485academy/what-is-iso-13485/
• Six key benefits of ISO 13485 implementation https://advisera.com/13485academy/knowledgebase/six-key-benefits-of-iso-13485-implementation/
• ISO 13485 structure and requirements https://advisera.com/13485academy/what-is-iso-13485/
• Checklist of ISO 13485 implementation and certification steps https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/

• Assessing risks and opportunities

  While there is no mandatory timeline in ISO 45001 for risk and opportunity assessment, it is common to have this done as part of management review on a cycle or 3, 4 or 12 months. The important thing to consider for your company is how often do the risks and opportunities in your industry and location change. If there are highly changing risks and opportunities in your industry, then more frequent review is a wise decision. In many cases a 4 month review cycle is likely adequate.

  You can read a bit more on risk and opportunity in the OHSMS in the article: What are the new requirements for risks and opportunities according to ISO 45001?, https://advisera.com/45001academy/blog/2018/04/25/what-are-the-new-requirements-for-risks-and-opportunities-according-to-iso-45001/

• Strategic intent

  ISO 9001:2015 only mention “strategic direction” in clauses:

  • 4.1 – organizations must determine internal and external issues that are relevant to their strategic direction. Different strategies make some issues relevant or not and positive or negative. For example, an organization that serve premium segment customers sees a downturn in the economy differently than an organization in the same economic sector but serving low-price customers
  • 5.1.1 and 5.2.1 – the quality policy must be aligned with the strategic orientation. For example, an organization that competes on price has different priorities and concerns than an organization that competes on product innovation
  • 9.3.1 – management review must evaluate if the system is aligned with the strategic direction

  Neither ISO 9001:2015 nor ISO 9000:2015 define what is strategic direction. Also, it is not mandatory, according to ISO 9001:2015, to have a document about the strategic direction. Please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ - where you can see the mandatory documents and records according to ISO 9001:2015.

  According to ISO 9001:2015, one can draw a model of how an organization works based on the process approach. For example:

  

  If an organization competes on cost, this may be the critical processes:

  

  If an organization competes on customization/service, this may be the critical processes:

  

  If an organization competes on innovation, this may be the critical processes:

  

  Different strategies, different priorities, different motivations, different indicators.

  As an auditor, I do not expect to see a document, but I expect some consistency between priorities in the quality policy and what top management considers its strategic direction.

   

• Risk based thinking in ISO 9001-2015

  I always recommend following three ways to determine risks:

  • Risks deriving from context and interested parties (see clause 6.1.1 of ISO 9001:2015)
  • Risks deriving from products and services (see clause 5.1.2 b) of ISO 9001:2015)
  • Risks deriving from processes (see clause 4.4.1 f) of ISO 9001:2015)  

  In this free webinar on-demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/ - I show examples of risks and opportunities derived from context and interested parties.

  ISO 9001:2015 promotes the process approach and in this free webinar on-demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ I show how to relate processes, risks, training, documentation, and control.

  In this free webinar on-demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/ - I show some examples of determining risks and then acting on them.

  You can find more information below about risks.

  • How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
  • How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
  • For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
  • Enroll for a free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (I use a lot of examples based on the risk-based approach)

• Collecting email addresses

  First of all, if the email collected are composed like info@company.com these are not considered as personal data under GDPR, so the answer is yes.On the contrary, if you are planning to collect email like name.surname@company.com these email addresses are considered as personal data under GDPR. You can process personal data using the legitimate interest as legal ground only to introduce your company to a potential client with the so-called cold email. 

  There must be relevance between the sender and the recipient of the email. For example, I can send a cold email to introduce a company that offers a selection of employees to an HR Manager, but I cannot do the same to the Head of Logistics. The reason is that once the email address is published on the company website, the owner consent to be contacted for reasons connected to the role in the company.Of course, in the cold email, you can add a button to subscribe to a newsletter and receive information on products, offers, and so on.

  To know how to ensure email marketing compliance you can read this article:

  • Email marketing in the era of GDPR – How to ensure compliance? https://advisera.com/eugdpracademy/blog/2019/05/27/gdpr-and-email-marketing-rules-for-compliant-campaigns/

  If you need to understand how to manage email addresses under GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• ISO 9001 Continuous Improvement Process

  I can give you my experience. I answer your question in three layers:

  • The performance layer. The three most common errors in presenting performance data are: using tables instead of graphics, showing just the last result, and presenting no performance benchmark or target. So, I leave the tables with numbers for annexes, and I use graphics. Not graphics simulating car dashboards, but what is called sparklines or micro charts, where you can see the trend and compare with the target. One last warning. You have to present all the graphics in one page or in one screen. The first commandment of a good dashboard is to present all indicators in a way that you can see them all at the same time. This picture presents an example and also includes another kind of graphic, the bullet chart useful to compare current performance with target or benchmark. You can find this picture in our free webinar on-demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
  • The context layer. Add to the previous layer a picture of the model of how the organization works, based on the process approach, and coloring each process with the semaphore colors (Since 10% of men and 1% of women have color identification issues, the semaphore colors may be shades of a color. For example, if OK no color, if with concerns rose if bad red). You can find this picture in our free webinar on-demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ - the advantage of this approach helps people realize how they can influence or contribute to performance because they can situate themselves in the processes and their interaction. Everybody is an internal supplier and customer.
  • The strategic layer. Even better than the previous one is to present the same technique but over a strategy map of the organization
     

• ISO 9001 implementation

  A possible approach to implement a quality management system can be:

  • Setup a project sponsor, a project manager, and a project team. Ensure top management support, get training about the standard. Designing and implementing a quality management system implies being knowledgeable about ISO 9001:2015.
  • As a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis, you can develop your Project Plan, listing what needs to be done, by whom, until when.
  • Then, an important step is to design a model of how your organization works as a set of interrelated processes. For example:

  

  • Decide how to describe and monitor those processes.
  • From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

  To speed up the process you can use our Documentation Toolkit for the implementation of ISO 9001:2015 here - https://advisera.com/9001academy/iso-9001-documentation-toolkit/ and check the free previews. You can also watch this free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 9001 - https://advisera.com/9001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-9001-free-webinar-on-demand/

  This is a very short description of the journey but below you can find more detailed information:

  You can find more information below:

  • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
  • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • How to budget an ISO 9001 implementation project - https://info.advisera.com/9001academy/free-download/how-to-budget-an-iso-9001-implementation-project?utm_source=script-for-iso-9001-lead-implementer-course&utm_medium=downloaded-content&utm_content=lang-en&utm_campaign=free-downloads-9001
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• Consultant performance review

  I understand that you are receiving information from performance review done by a client. Is that client important? Is that client part of the segment of target clients? For example, low cost airlines receive a lot of complaints, but most of those complaints are not about errors or “defects”, but about decisions made according to its strategy of keeping costs down. In the case you are receiving performance feedback from a target-client, you can start to acknowledge and thank the information received. Then, analyze and understand if it makes sense, if the company can frame and incorporate it. And communicate the decision to the customer. If the decision is to frame it, it may make sense to communicate the timing for its implementation.

  You can find more information below:

  • Handling customer satisfaction with code of conduct and complaints procedure - https://advisera.com/9001academy/blog/2014/07/15/handling-customer-satisfaction-code-conduct-complaints-procedure/
  • How the ISO 9001:2015 standard can help improve relationships with your customers - https://advisera.com/9001academy/blog/2016/02/23/how-the-iso-90012015-standard-can-help-improve-relationships-with-your-customers/
  • Main elements of handling customer satisfaction in ISO 9001 - https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/
  • Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Difference between EU manufacturer's distributor and (transport) service provider

  There is no special difference. Every distributor can be a transport provider also. The distributor does not have to make installation of the medical devices, this depends on the agreement between manufacturer and distributor.

• How to calculate RTO and RPO

  First is important to note that RTO and RPO are most often defined based on a scenario evaluation, instead of calculated, because calculating them can become very complex and time-consuming.

  Considering that, RTO (Recovery Time Objective) is defined based on how fast you want to resume your operations after a disruption, while RPO (Recovery Point Objective) is defined based on how much data you can afford to lose due to a disruption.

  For example, if an application has an RTO of 1 day and an RPO of 4 hours, it means that this application can be recovered (resume normal operation) in one day, but the information from the last 4 hours before the interruption occurred will be lost.

  This article will provide you a further explanation about RPO and RTO:

  • What is the difference between Recovery Time Objective (RTO) and Recovery Point Objective (RPO)? https://advisera.com/27001academy/knowledgebase/what-is-the-difference-between-recovery-time-objective-rto-and-recovery-point-objective-rpo/

  These materials will also help you regarding RPO and RTO:

  • Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
  • Free webinar – Implementing Business Impact Analysis according to ISO 22301 https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/