Search results

ISO 14001 cost and benefits

About advantages, please check these articles - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/ and - ISO 14001: The benefits for customers - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/

About costs, it is difficult to answer because ISO 14001:2015 imposes nothing that the legislation does not impose. Thus, the costs incurred to comply with the legislation are not imposed by ISO 14001: 2015. Other costs are implementation and maintenance costs for the management system. For example, I’m currently working with a manufacturing company where costs of waste disposal are going to be reduced because of introducing waste segregation and recycling and by avoiding landfill.

You can find more information about ISO 14001 below:

• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Necessary facility requirements to build medical devices

This really depends on the type of medical device that you produce. Facility requirements are not the same for example, for the software or sterile gauze products. 

If you have a sterile medical device then it is necessary to monitor the cleanliness of the production premises. Usually, medical devices that need to be sterilized are produced in a cleanroom. Requirements necessary for the cleanroom are stated in the ISO 14644 family of standards. 

Depending on the type of sterilization, each method has its own facility requirements.

Storage place is also important if there is a strict requirement for the storage temperature and humidity. 

For more information, please see the following article:

• Managing medical device infrastructure requirements according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/

• Can ISO 9001 lead auditor audit ISO 13485?

  Although basic things are the same between these two standards (like internal audit process, corrective actions, managing documents and records, managing non-conformances), there are certain specifications of the ISO 13485:2016 (mostly from points 6, 7, and 8 depending on the type of the medical device and type of production). If you are an auditor, then you know that auditors should dominate the audit criteria used. I suggest that you study the standard ISO 13485:2016, to specially check the Annex B of the standard where the correspondence between ISO 13485:2016 and ISO 9001:2015 is explained.

  For more information on what ISO 13485 is, please see the article on the following link:

  • What is ISO 13485? https://advisera.com/13485academy/what-is-iso-13485/

  For more information about Similarities and differences between ISO 9001:2015 and ISO 13485:2016, please see the article on the following link: https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/

• GDPR Processor (Software Sturtup)

  It is such a general question that the answer can be: it depends on your activity. If your software startup processes data determining means and purposes of processing it will be considered as a controller, while if your company will process data on behalf of someone else it will be considered as a processor.As a processor you will have to comply with the obligations listed in Article 28 GDPR and be liable for compliance with GDPR requirements.

  Here you can find more information:

  • Article 28 GDPR: https://advisera.com/eugdpracademy/gdpr/processor/
  • EU GDPR controller vs. processor – What are the differences?https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
  • 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/
  • First steps to take to reach GDPR compliance https://advisera.com/eugdpracademy/blog/2018/10/08/first-steps-to-take-to-reach-gdpr-compliance/
  • A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
  • Key roles defined in EU GDPR https://advisera.com/eugdpracademy/knowledgebase/key-roles-defined-in-eu-gdpr/ 

  You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• Other ISOs used by the medical devices

  Aside from the ISO 13485:2016, all medical devices need to be in compliance with the applicable harmonized standard. The list of harmonized standards is published by the Official Jurnal of the European Union. According to Article 8 of MDR 2017/745 – use of harmonized standard, medical devices must be in compliance with relevant harmonized standards, or the relevant parts of those standards, the references of which have been published in the Official Journal of the European Union.

  The following harmonized standards are applicable for all manufacturers of the medical devices:

  • EN 1041:2008 Information supplied by the manufacturer of medical devices
  • EN ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes
  • EN ISO 14971:2012; medical devices - Medical devices — Application of risk management to medical devices
  • EN ISO 15223-1:2016 Medical devices — Symbols to be used with medical device labels, labeling and information to be supplied — Part 1: General requirements (ISO 15223-1:2016, Corrected version 2017-03)
  For more data, please see the following links:
  • EU MDR Article 8 – Use of harmonized standards https://advisera.com/13485academy/mdr/use-of-harmonised-standards/
  • What are EU harmonized standards? https://advisera.com/13485academy/blog/2020/06/12/what-are-eu-harmonized-standards/
  • Link to the harmonized standards published by EU https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2020:090I:TOC

  • Information security in project management

    The application of information security in project management will depend on the results of risk assessment and on applicable legal requirements (e.g., laws, regulations, and contracts). For example, the results of risk assessment can show that you have relevant risks for information security in all your projects, or only to specific types

    Regarding legal requirements, you may not have any law or regulation you must comply with requiring information security for projects, but at the same time, you have a contract with a client requiring information security applied to all projects you have with him.

    This article will provide you a further explanation about security in projects: 

    • How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/

  • ISO 27001 and ISO 27031

    ISO 27001 and ISO 27031

    We received this question:

    How do you see the practical interlock between 27001 and 27031?

    Answer: ISO 27031 is a supporting standard which provides specific guidance and recommendations for the implementation of controls from section A.17.1 of ISO 27001 Annex A (Information security continuity).
     
    Considering that, you can use ISO 27031 to make it easier to implement controls from this section, and achieve a more robust solution.   

    This article will provide you a further explanation about ISO 27031:
    - Understanding IT disaster recovery according to ISO 27031 https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/

     

     

  • Explanation of Annexure 18 of ISO 2017:2013

    Very detailed explanation. Thank you