Search results

MDR labelling

Yes, the company will be compliant under MDR if the label attached to the medical device is only provided in English

In MDR Annex II – Technical documents, in subparagraph 2. Information supplied by the manufacturer is stated that the manufacturer needs to set the label and Instruction of use in the languages accepted in the Member States where the device is envisaged to be sold. Of course, you can provide information on English as a universal language. However, as part of your Quality management system, you need to provide a procedure for translation where you will describe how you will manage to provide labels and instruction of use if somebody will ask for it.

For more information, see:

• Annex II – Technical documentation - https://advisera.com/13485academy/mdr/technical-documentation/

• Re-calibration time

  How often you perform external or internal calibrations and whether you need to perform intermediate checks (verifications), and how often; depends on the process steps and what equipment is used. 
  No auditor can dictate the period or specific day when calibrations and verification must take place, unless there is a requirement in your proceure, in the method or from a regulatory body. For example, for analytical balances it is straight forward – a laboratory would use a set of weights that they own, where each piece has metrological traceability to SI, where they were previously calibrated by an external calibration provider (at a suitable frequency, based on risk and need).  So here you have reported uncertainties on the calibration certificate that you confirm are acceptable for each piece. Then you perform intermediate checks (verifications) on your balances at suitable time intervals (also based on risk), across the range of use (g) of the balance. For balance, this is typically daily.
  
  For further information have a look at the ILAC G24:2007 Guidelines for the determination of calibration intervals of measuring instruments (note currently under revision) available for download at https://ilac.org/?ddownload=818

  These may also be of interest 

  • Response to another Expert Advice Community Question, Are intermediate checks required for calibration laboratories? at https://community.advisera.com/topic/are-intermediate-checks-required-for-calibration-laboratories/
  • The article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
  • The ISO 17025 document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//

• Sub-Processors

  Yes, you need to share your third-party list with the processor. The chain of data processors must be clear and transparent to the controller. The controller can authorize the processor to engage a sub-processor with a specific authorization or with a general authorization. In case of general written authorization, the Article 28 GDPR requires the processor informing the controller “of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.”

  Here you can find more information:

  • Article 28 GDPR https://advisera.com/eugdpracademy/gdpr/processor/
  • EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
  • EU GDPR document template: Processor GDPR Compliance Questionnaire https://advisera.com/eugdpracademy/documentation/processor-gdpr-compliance-questionnaire/
  • EU GDPR document template: Supplier Data Processing Agreement https://advisera.com/eugdpracademy/documentation/supplier-data-processing-agreement/
  You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• GDPR - holding data

  It depends on the privacy policy and the data you shared with the app. In privacy notice, the data controller will tell you what kind of data the app will have access to and ask for your consent.The data subject can withdraw the consent at any time and for any reason. 

  According to Article 15 GDPR you can demand access to data stored by the data controller (right of access ) and of course you can demand that data based on consent shall be erased under Article 17 GDPR unless there is another legitimate ground of processing. I.e., if the app required your consent to access your image gallery and some photos of you had been processed (i.e., stored in the cloud), you can demand the cancellation of images stored but you may not be able to demand the cancellation of some information related to your account if they are processed under another legitimate grounds. I.e. billing information can be stored for longer periods because of tax laws provisions.

  The data controller shall erase your data without undue delay. In your request, you can refer to the data minimization principle demanding to cancel all the information that is no longer necessary to be processed. Of course, this is a general answer, based on your statement that the data processing is based on consent. You should check in the privacy notice which is the legitimate ground and what information is stored before demanding to proceed under Article 17 GDPR.

  Here you can find more information:

  • Article 15 GDPR: https://advisera.com/eugdpracademy/gdpr/right-of-access-by-the-data-subject/
  • Article 17 GDPR: https://advisera.com/eugdpracademy/gdpr/right-to-erasure-right-to-be-forgotten/
  • Right to be forgotten in the era when everyone seems willing to be remembered: https://advisera.com/eugdpracademy/blog/2019/08/26/gdpr-right-to-be-forgotten-an-easy-explanation/

  You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• ISO 9001

  ISO 9001 is defined as the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.

   

• ISO 27001 budgeting

  Broadly speaking, I can suggest these main topics to consider:

  OPEX:

  • Training and literature
  • External assistance
  • The certification process

  CAPEX:

  • Technologies to be updated/implemented

  Regarding ISMS maintenance costs, the above-mentioned costs also have to be considered, but at different levels, and you have to add the surveillance audit costs for certification maintenance.

  These articles can provide you more information:

  • How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
  • 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/
  • How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project

• Question about assets for threats

  For additional examples of the combination of assets, threats, and vulnerabilities, please see these materials:

  • ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
  • Checklist of cyber threats & safeguards when working from home (PDF) https://info.advisera.com/27001academy/free-download/checklist-of-cyber-threats-and-safeguards-when-working-from-home

• ISO 27001 certification validity change according to address change

  In case of an address change, you need to communicate that to your certification body, so you both can evaluate the degree of impact this will bring to your ISMS and the certification validity, to identify if any immediate change is required, or if related changes can be assessed during the next scheduled audit.