Search results

IVD Smartphone glucometers

Hope you are doing safe, recently I joined an IVD startup manufacturing company, the product is Smartphone glucometers there is no predicate device in the market, now we are planning for ISO 13485, could you suggest to me what strategy should be followed for implementation & technical documentation.
Thanks.

PIMS

Please note that ISO 27701 is based on ISO 27001, adding specific requirements related to the protection of private information, so ISO 27701 would be the best approach for a PIMS.
 
Regarding ISO 27018, you need to consider this supporting standard only if you have specific requirements regarding the protection of information in the cloud (ISO 27701, like ISO 27001, which has enough controls for overall protection of information in cloud environments).
 
These articles will provide you a further explanation about ISO 27001, ISO 27018, and ISO 27701:  

• Relationship between ISO 27701, ISO 27001, and ISO 27002 https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/
• ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

Risk owner

Regardless of the type of risk, the risk owner should be someone with interest and authority to treat the risk.
 
Considering that, for strategic risks, the owner should be someone from top management.
 
By aggregated risks, I'm assuming you are referring to a set of related risks. In this case, the risk owner should be a role that can have the authority to treat all risks.
 
Regarding dynamic risks, the general rule about interest and authority applies.
 
This article will provide you a further explanation about risk owner:  

• Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

This material will also help you regarding Risk management:

• Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Skipping certain blocks in the document templates

Regarding code, version, date of the version, and change history, in case all documents are accessed only through Conformio, you can remove this information from the documents (conformio features can make it possible to track this information). The purpose of this information in the document is to keep document control information available for printed versions, or for electronic versions used outside conformio (e.g., a document sent to an auditor or requested by a client or supplier).
 
Regarding reference documents, this information is useful so people can be aware of related documents that can impact, or be impacted, by the document being read.
 
This article will provide you a further explanation about document management:  

• Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

This material will also help you:

• Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Are we required to store data in the EU that is collected in the EU?

"I have one key question, and cannot find the answer at your website. We are a small business in the U.S. Are we required to store data in the EU that is collected in the EU? We use Hostgator for our server. "

While keeping EU data in the EU can be considered a more compliant solution, you need to know that data transfer from the EU in the US is not forbidden. You need to transfer data by signing an agreement with Standard Contractual Clauses, in order to provide safeguards on data transfers.Of course, you need to also inform your customer in your privacy notice about where you will transfer their data. 

Your hosting provider claims to be GDPR compliant and here you can find information about how they can help you: https://www.hostgator.com/help/article/general-data-protection-regulation

Here you can find our free template with Standard Contractual clauses: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes

Here you can find more information:

• 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
• EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

You can also consider enrolling in our free EU GDPR Foundation course:EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//