Search results

ISO 17025 latest version

If your question relates to laboratories that are currently accredited to ISO 17025:2005, currently the certificates of accreditation to the 2005 version are valid; however accredited laboratories must transition before their certificate expires or by the latest, 1 June 2021. Accreditation bodies will arrange assessments against ISO17025:2017 before the deadline. That means that they need to be in the process of meeting ISO 17025:2017 requirements; thus making the old version of the Standard obsolete.

If you are busy implementing ISO 17025 and have not yet applied for accreditation, then no, ISO 17025:2005 is not applicable. The laboratory must implement to meet ISO 17025:2017 requirements.

For further information see

• The whitepapers
  Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
  Checklist of mandatory documents required by ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025
• The ISO 17025 Toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/
• The ILAC News (11 June 2020) at https://ilac.org/latest_ilac_news/transition-period-for-iso-iec-17025-extended/

Implemantation of 17025

If you are referring to the Complaints procedure being separate from the Nonconformance and corrective action procedure, yes of course it can be separate. Laboratories generally combine documented procedures where possible to reduce the number of documents, however it is your choice; as long as it is effective and efficient to do it that way.

ISO 17025 has a requirement that you have a description of the complaint handling process that can be given to a complainant or other interested party. This could be a basic process flow diagram or a simple, clear step by step explanation. Because there is a need for this, you could as an option include any other information; which you want to keep for inhouse knowledge only; either in the quality manual section on complaints, or in a combined Complaints, Noncorformance and corrective action procedure.

The following may be of interest:

• The whitepapers
  Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
  Checklist of mandatory documents required by ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025
• The toolkit Complaint, Nonconformity and Corrective Action Procedure at https://advisera.com/17025academy/documentation/complaint-nonconformity-and-corrective-action-procedure/

Planning a gage R&r Studies for all instruments

It would not be correct to carry out the classical Gauge R&R study for measurement systems where human influences and errors do not occur due to the measurer.

Instead, it may be more accurate to perform bias, linearity, and/or stability studies with master samples. 

List of certifying bodies for ISO 13485

Here on this link are notify bodies that are so far accredited for MDR: https://ec.europa.eu/growth/tools-databases/nando/index.cfm?fuseaction=directive.notifiedbody&dir_id=34

This means that they also have accreditation for ISO 13485. On this list, you have 6 notify bodies from Germany.

For more information on choosing a certification body, please see following:

• How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

• Certification of QMS

  Yes, you are right, in the MDR there is no request that the quality management system must be certified. But, as I told yesterday on the webinar, the quality management system will be audited together with the MDR audit. So, once you will receive the MDR certificate it will mean that you have implemented and maintained the quality management system. For more information, see:

  • EU MDR Article 5 – Placing on the market and putting into service https://advisera.com/13485academy/mdr/placing-on-the-market-and-putting-into-service/
  • EU MDR Article 10 – General obligations of manufacturers https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/

  • Need for ISO 13485 certification for PRRC

    ISO 13485 is a standard for manufacturing medical devices. So, this is not applicable to you. Your company can be certified according to ISO 9001. However, you need to have proof that you are familiar with ISO 13485. This you can obtain by attending a course for ISO 13485 or become a Lead auditor or internal auditor for ISO 13485.

    In MDR, in Article 15 – Person responsible for regulatory compliance is stated which competencies this person need to have a diploma, certificate or other evidence of formal qualification, awarded on completion of a university degree or of a course of study recognized as equivalent by the Member State concerned, in law, medicine, pharmacy, engineering or another relevant scientific discipline, and at least one year of professional experience in regulatory affairs or in quality management systems relating to medical devices.

    For a detailed explanation, see:

    • EU MDR Article 15 https://advisera.com/13485academy/mdr/person-responsible-for-regulatory-compliance/

    • ISO 14001 requirements for GreenHouse Gas

      By GHG you mean GreenHouse Gas.

      Specific requirements about GHG will depend on compliance obligations from country to country. For example, European countries within the European Union have to comply with a regulation stating requirements like these:

      • Control on the use of refrigerant substances or fluids that contain greenhouse gases
      • Survey of equipment with refrigeration systems, identification of fluorinated greenhouse gases, and verify whether or not it is a controlled substance
      • Survey of refrigerant quantities / Preparation of inventory of equipment that may contain GHG
      • Compliance with the Plan for annual verification of equipment with a quantity of regulated refrigerant equal to or exceeding 5 ton CO2 eq.
      • Verification carried out by certified technician/entity, the existence of records
      • Annual data communication to national environmental Agency until the end of the 1st quarter.

       

      Please consider the following information:

      • What is evaluation of compliance and how to do it according to ISO 14001? - https://advisera.com/14001academy/blog/2020/12/01/what-is-evaluation-of-compliance-and-how-to-do-it-according-to-iso-14001/
      • Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
      • How to perform communication related to the EMS - https://advisera.com/14001academy/blog/2015/08/31/how-to-perform-communication-related-to-the-ems/
      • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
      • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

    • Internal audit schedule

      I agree with you that all processes feel important. However, according to requirement 4.1.2, it is necessary to apply a risk-based approach to control the appropriate process. So risk approach can be your guideline to decide the priority of your processes for internal audits. First of all, manufacturing is the most important process. Then is purchasing because you need to be sure that the purchase of raw material and packaging is under control. If you have a sterile medical device, the sterilization process is definitively an important process.

      For more information on this topic, please see the following articles:

      • Five main steps in the ISO 13485:2016 internal audit https://advisera.com/13485academy/knowledgebase/five-main-steps-in-the-iso-134852016-internal-audit/
      • How to create a checklist for an ISO 13485 internal audit for your QMS https://advisera.com/13485academy/knowledgebase/how-to-create-a-checklist-for-an-iso-13485-internal-audit-for-your-qms/
      • Five Main Steps in ISO 9001 Internal Audit https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/

      • Continual improvement

        Continual improvement is a recurring activity to enhance performance. One can see evidences of continual improvement when we see establishing more demanding environmental objectives, when we see effective corrective actions to minimize or eliminate non-conformities or to improve performance trends. One cannot improve all parts of an environmental management system (EMS) at once, there are not enough resources and there are different priorities. So continual improvement is used to systematically improve different processes within the EMS in order to provide improvements overall according to resources available and priorities.

        You can find more information below:

        • How to achieve continual improvement of your EMS according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/02/22/how-to-achieve-continual-improvement-of-your-ems-according-to-iso-140012015/
        • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
        • Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

         

      • Questions about ISO 27001 implementation

        1. Is there a difference between ISO 27001: 2013 and ISO 27001: 2014? We understood that 2014 was the most current version. Our implementation we wanted based on 2014.

        I’m assuming you are referring to UNE-ISO/IEC 27001:2014.

        Considering that, please note that this is the Spanish translation of ISO 27001, released by the UNE Normalización Española, so it contains the same information and content of the international standard. You can use either ISO/IEC 27001:2013 or UNE-ISO/IEC 27001:2014 for your implementation.

        2. We are currently within our process, we are in the Diagnostic stage, to see the critical factors within the processes. For this stage, which Templates would be more recommended to use.

        The beginning of the implementation process involves the identification of organizational context and requirements, and interested parties, so you should consider using the templates in folder 02:

        • 02.1 Appendix 1 List of Legal Regulatory Contractual and Other Requirements
        • 02 Procedure for Identification of Requirements

        For further information, see

        • How to define context of the organization according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
        • How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
        • How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

        3. Once the Diagnostic part was finished, our next stage was to carry out the implementation of the ISMS indicating the controls Necessary and Monitoring. In this regard, is there any recommendation with which template to start the implementation part?

        Please note that after the definition of organizational context and identification of interested parties, you need to define the ISMS scope, ISMS Policy, and define the risk assessment and risk treatment methodology, before identifying necessary controls.

        Considering that, for a streamlined implementation, you should implement the documents in the order they appear in the toolkit.

        By the way, included in the toolkit you bought, you have access to a video tutorial that can help you fill in the most critical documents, using real data examples.

        These articles will provide you a further explanation about ISO 27001 implementation:

        • ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
        • The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

        These materials will also help you regarding ISO 27001 implementation:

        • Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
        • ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
        • How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/