Search results

Differences between medical device certifications and ISO 13485

Medical device certification is a process where you will get the CE mark and you can sell your product on the EU market. This means that you need to prepare technical documentation that is requested in the Medical device directive 93/42/EEC (unitl May 2021) or in Medical device regulation 2017/745 – Annex 2 (from May 2021). 

ISO 13485:2016 is a standard for quality management systems. It means that you need to prepare your processes and documentation to prove that it is under control and fulfill all applicable requirements from the standard. On the EU market, all medical devices must be in compliance with harmonized standards. In MDR, in Article 10 General obligations of manufacturers, it is stated that the manufacturer must have implemented a quality management system. The list of harmonized standards is published by the Official Jurnal of the European Union. On this list, ISO 13485:2016 is the only standard covering quality management system, therefore it is expected for manufacturers to have implemented ISO 13485:2016. 

For more data, please see the following links:

• EU MDR Article 8 – Use of harmonized standards https://advisera.com/13485academy/mdr/use-of-harmonised-standards/
• EU MDR Article 10 – General obligations of manufacturers https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/
• EU MDR Annex 2 - https://advisera.com/13485academy/mdr/technical-documentation/
• What are EU harmonized standards? - https://advisera.com/13485academy/blog/2020/06/12/what-are-eu-harmonized-standards/
• Link to the harmonized standards published by EU https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2020:090I:TOC
• What is ISO 13485? https://advisera.com/13485academy/what-is-iso-13485/
• How to get ISO 13485 certified? https://advisera.com/13485academy/iso-13485-certification/
• How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/
• Checklist of ISO 13485 implementation and certification steps https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/

• How to prepare an audit?

  Thanks for answering the question. I really appreciate...

• ISO 27001 Lead Auditor certification paths

  First is important to note that ISO 27001 does not require a Lead Auditor course for performing internal audits. An internal auditor course is enough for such a purpose.

  Considering that, there are no significant differences between LA certificates issued by PECB or issued by Advisera/accredited by Exemplar Global. Such certificates are needed only for professional who wants to work as a certification auditor in a certification body, and in this case a particular certification body might have a preference for one or the other accreditation body.

• ISO 27001 audit and implementation

  Generally speaking, you need to understand the objectives the client wants to achieve, its line of business, and how the business is organized. Based on this information you can develop additional questions and identify additional persons to talk to.

  Please note that there are no set of definitive questions to be asked, only general topics to be covered.

  To become an ISO 27001 auditor or ISO 27001 implementer, you should first acquire experience in these fields, and the most common ways are to work inside your current company auditing/implementing information security or working for an established consultant.

  For more information about auditing/implementing ISO 27001 and how to become a consultant, please read:

  • What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
  • What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
  • How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/

  These materials will also help you regarding ISO 27001 auditing/implementation:

  • Free online training ISO 27001 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/
  • Free online training ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/

• Is ISO 17025 designed and intended to be implemented on individual, test-by-test basis?

  ISO 17025 implementation applies to the overall activities of the laboratory, including for example personnel training or procurement. The “test-by-test” basis you refer to is applicable to the laboratory’s Scope of Work, for which accreditation is applied for. So you state what is being calibrated (including method and range); or what is being tested (analyte or group of analytes), in what matrix and using what method or instrument. An example is Heavy Metals in Soil by ICP-MS. For each method, yes you need to show technical competence to produce reliable, valid results. If your laboratory may is not involved with sampling, then you state in your documentation that sampling not the responsibility of the laboratory.

  For more detail on what is required for ISO 17025, read the whitepaper Clause-by-clause explanation of ISO 17025:2017 available for download from https://advisera.com/17025academy/free-downloads/ and preview the ISO 17025 Academy toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/

• Addressing management, staff and practical issues within ISO 14001

  Each organization is a different case. Each organization has different motivations, different amounts of staff, different starting points in its survey of the initial environmental situation. The implementation phase requires a project manager almost full time, often this does not happen. Some companies may start from a base where they have to make major investments to meet compliance obligations. Some companies may find it difficult to provide time for training in good environmental practices.

  Please check this information below about implementation:

  • Free webinar on-demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
  • List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
  • ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

• Information Classification Policy - “labeling” of information

  ISO 27001 does not prescribe how to define information labeling, so your proposed scheme is acceptable by the standard (i.e., keep “Internal use” information unlabeled, and label public information as public).  

  These articles will provide you a further explanation about information classification:

  • Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
  • Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

  These materials will also help you regarding information classification:

  • ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
  • Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
  • ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

• Asset inventory and risk analysis

  I’m assuming you are asking for tools and approaches for asset inventory and risk analysis.

  Considering that, it is our policy not making recommendations about tools or technologies.

  Regarding the approach for risk analysis, the most common approach used for information security based on ISO 27001 is the asset-threat-vulnerability approach. 

  For more information, see:

  • ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
  • ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
  • How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

  To see a template of risk assessment compliant with ISO 27001, see this link:

  • Risk Assessment Table https://advisera.com/27001academy/documentation/risk-assessment-table/

  As for asset inventory, ISO 27001 does not prescribe an approach for asset inventory. Actually, the inventory of assets is not needed, especially when companies are implementing the standard for the first time - it is enough to develop a list of assets for the Risk assessment, and once this is done this list is simply copied to Inventory of assets.

  To see a template of inventory of assets compliant with ISO 27001, see this link:

  • Inventory of Assets https://advisera.com/27001academy/documentation/inventory-of-assets/

  This article will provide you a further explanation about the inventory of assets:

  • How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

  These materials will also help you with these activities:

  • Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
  • ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
  • The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
  • ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ 

• Guidelines for the control of external origin documents

  You can find a set of guidelines for controlling external documents in this article - What does “external documents control” mean in ISO 9001? - https://advisera.com/9001academy/blog/2019/02/04/what-does-external-documents-control-mean-in-iso-9001/

  You can find more information below:

  • How to include statutory and regulatory requirements in your QMS - https://advisera.com/9001academy/blog/2017/02/14/how-to-include-statutory-and-regulatory-requirements-in-your-qms/
  • Free on-line course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
  • Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
     

• Nonconformities, OFI's vs Low/Med/High Audit Gaps

  First is important to note that major/minor nonconformities are normally used only for certification/surveillance audits of certified ISO management systems. Internal audits in general use the ratings you mentioned.

  Considering that, major nonconformities would compare to high rating, while minor nonconformities could be compared to low or medium rating, depending on criteria used by the organization.

  As for Opportunities For Improvement (OFIs), they should be rated considering criteria adopted by the organization to evaluate their potential benefits (i.e., they could be rated low, medium, or high).

  These materials will also help you regarding NC and OFI ratings:

  • Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
  • ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
  • Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/