Search results

Medical Device File

Yes, it is the same. In the ISO 13485:2016 requirement, 4.2.3 Medical device file is stated that an organization must establish the medical device file with the content not limited to the one that is described there. Also, requirement 4.1 states that the organization must be in compliance with all necessary regulatory requirements. 

On the EU market, it is not possible to put a medical device without having a technical file under the MDD 93/42/Eec or, from May 2021. according to the MDR 2017/745. 

For more information please see the following articles:

• How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/
• How can ISO 13485 help with MDR compliance? https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/
• How to use ISO 13485 to fulfill FDA regulatory classes for medical devices https://advisera.com/13485academy/blog/2017/09/14/how-to-use-iso-13485-to-fulfill-fda-regulatory-classes-for-medical-devices/

• ISO Accreditation 17025

  I assume you are asking how ISO 17025 accreditation would assist you improve the quality of testing ? Your laboratory would benefit from implementing ISO 17025 as the purpose is to guide laboratories to achieve competency and consistently valid results. What you mentioned would be the laboratory’s scope of testing. Method development, validation and measurement uncertainty will be an important focus to achieve your scope.

  For further information see the following:

  • The whitepaper Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
  • The article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
  • The ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ and the document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//

• Calibration

  That would not be appropriate to calibrate an auto titrator. Note firstly that ”a grade glassware” is not a Certified Reference material.  The glassware does not come with an individual calibration certificates. 

  Your equipment supplier or equipment manual should provide you with suitable information, Simply stated, you would need to use a suitable balance and determine the volume dispensed gravimetrically; or use a primary standard for titration to determine the linearity and correlation coefficient of the auto titrator.  Depending on the methods you use, you would select a suitable primary standard and titrate a range of five quantities as per your method to provide data for the calculations.

  The following toolkit document, with associated records may be of interest Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//

• Risk analysis

  It's our policy not to make recommendations about technologies or products, but from our experience with small and midsized businesses, the excel base tool is still the best solution balancing cost and effectiveness.

  To make a usability benchmark, I suggest you see the free demo of our Risk Assessment table (it has been widely used by small and midsized businesses all around the world in their certified ISO 27001 ISMSs). This template used the approach asset-threat, vulnerability.

  You can see a demo of this template at this link: https://advisera.com/27001academy/documentation/risk-assessment-table/

  These articles will provide you a further explanation about risk assessment according to ISO 27001:

  • ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
  • How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/
  • ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
  • How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
  • The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

• CIA, Privacy and risk management

  Please note that ISO 27001 specifies that the CIA is directly related to risks (6.1.2 c 1), and to consequences (i.e., impacts) (6.1.2 d 1), and asset value (in your case privacy severity) is defined in terms of legal requirements (e.g., laws, regulations, and contracts), and their criticality and sensitivity to compromise due to realized risks.

  There is no direct relation between the CIA triad and Asset value to probability.

  For further information, see:

  - ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

  - How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

  This material can also help you:
  - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

• OH&S Objectives

  The new requirements for OH&S objectives are for you to create your objectives, and then to create a plan to achieve them including steps that state who needs to do what, with what resources, by what time and how you are going to know that each step is done. Your OH&S objective should have a target and timeline for full completion (that lines up with your plan), such as “We will reduce workplace injuries and near misses from 5 per month to 1 per month by June 2021”. So, your OH&S objective is a chosen improvement that you are trying to make, and each step of your plan is working towards this improvement. You track the realization of your plan towards your objective through the closure of your plan steps.

  As for Key Performance Indicators (KPI), these are the important measurables you have chosen to track for your OHSMS, such as number of injuries per month, or number of near misses per month. AS per the example above, if your OH&S objective aligns with a KPI then as you track your KPI over the next several months you should see the reduction in injuries and near misses each month as you plan progresses, with the goal of reaching the target in your objective. It is important to note that not every OH&S objective will be linked to a KPI, and you do not need to create an objective for every KPI you track, but when they do line up this is helpful.

  You can read more on OH&S objectives in the article: How to define ISO 45001 objectives and plans, https://advisera.com/45001academy/blog/2018/12/04/how-to-define-iso-45001-objectives-and-plans/

• ISO 9001 clauses relating to Incoming Quality

  ISO 9001:2015 clauses 8.4.1, 8.4.2 are specifically about defining and implementing Incoming Quality control. Clauses 8.6 and 8.7 are generically applicable to quality control and non-conformities at any stage, like incoming quality control.

  You can find more information below:

  • Understanding Product & Service Provision in ISO 9001 - https://advisera.com/9001academy/blog/2014/10/07/understanding-product-service-provision-iso-9001/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ 

• Justification for selection a control

  In general a “Top Management decision” is made because the management considers the control as a market best practice in the related field (i.e., best practice in IT for network control, best practice in HR for a human-related control, etc.), so your first example is acceptable (it will only make the main reason explicit), but it needs to be related to the highest position in the ISMS scope (e.g., "Best practices in IT according to Top Management").

  Regarding your second example, you can use IT management only if this is the highest position in your ISMS scope (e.g., the ISMS scope is limited to the IT department or IT processes).

  These articles will provide you a further explanation about risk management and SoA:

  • ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
  • The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

• Managing customer complaints

  ISO 9001:2015 is not about perfect organizations, it is about continual improvement. Receiving one, two, ten complaints is not in itself a non-conformity during a certification or surveillance audit. What is certainly a non-conformity is receiving a complaint and doing nothing. Neither respond nor analyze and after a trend analysis decide to implement improvements.
  In the abstract, the number seems high. What I recommend is starting right away with improvement projects. Please check this free webinar on-demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/

  You can find more information below:

  • How to use root cause analysis to support corrective actions in your QMS - https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Context, internal and external factors and interested parties

  I invite you to see this free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/ - Where I present an approach about how to implement context analysis and relate it also with the risk-based thinking.

  You can find more information below:

  • How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
  • How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/