Search results

Risk and Opportunity sheet for environmental aspects according to 14001:2015

Consider each environmental aspect that your organization determined.

Can you determine any risk or opportunity associated with those environmental aspects?

The following material will provide you more information:

• ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• Risks and opportunities in ISO 14001:2015 – What they are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
• Enroll for free in the course - ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Prioridades en la implementación

Lo más importante al comienzo es contar con el apoyo de la dirección que es quien proporcionará los recursos necesarios para llevar a cabo un proyecto de tal complejidad, tanto recursos financieros como recursos de personal durante la implementación de la norma. 

Una vez cuente con el apoyo de la dorección puede empezar a analizar con qué requerimientos de ISO 9001:2015 aún tiene que cumplir. Para ello puede emplear la herramienta de cumplimiento de Análisis de Brecha o GAP. En este enlace puede encontrar la herramienta de forma gratuita - ISO 9001 GAP analysis tool: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

Luego debe conocer cada una de las cláusulas con las que tiene que cumplir para poder llevar a cabo el proyecto de implementación de ISO 9001. En este white paper puede encontrar información resumida sobre cada una de ellas - Clause by clause explanation of ISO 9001: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015

Posteriormente puede escribir un plan de proyecto en el que de signa responsabilidades, define la documentación que va a escribirse, los plazos etc. En este enlace puede descargarse una plantilla - Plan de Proyecto para la implementación de ISO 9001:https://info.advisera.com/9001academy/es/descarga-gratuita/plan-de-proyecto-para-la-implementacion-de-iso-9001-ms-word

Luego ya podría empezar con la implementación de la norma: la definición de la política de calidad, los objetivos de calidad y planes para llevarlos a cabo, el contexto de la organización y sus partes interesadas, el alcance del SGC, etc...hasta llegar a la auditoría interna y la revisión por la dirección, que sería el paso previo para certificarse. En este enlace puede descargarse un checklist para la implementación de la norma - Porject checklist for ISO 9001:2015: https://info.advisera.com/9001academy/free-download/project-checklist-for-iso-9001-2015-implementation

Para más información sobre las prioridades durante la implementación puede ver los siguientes materiales: 

- To what extent should top management be involved in your QMS: https://advisera.com/9001academy/blog/2016/11/22/to-what-extent-should-top-management-be-involved-in-your-qms/

- Libro – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Formación gratuita en línea – Fundamentos de ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

Para más información sobre las prioridades durante la implementación puede ver los siguientes materiales: 

https://advisera.com/9001academy/blog/2016/11/22/to-what-extent-should-top-management-be-involved-in-your-qms/

Adaptation for small medico-social establishments

ISO 27001 was designed to be implemented on organizations of any size and industry, so the general steps are the same.

Broadly speaking, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:

• defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
• development of risk assessment and treatment methodology;
• perform a risk assessment and define the risk treatment plan;
• controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
• people training and awareness;
• controls operation;
• performance monitoring and measurement;
• perform an internal audit;
• perform management critical review; and
• address nonconformities, corrective actions, and opportunities for improvement.

To see how documents compliant with ISO 27001 look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

This article will provide you a further explanation about ISMS implementation:

• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These materials will also help you regarding ISO 27001 implementation:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course at this link: https://advisera.com/training/iso-27001-foundations-course/ 

Oximeter and Heart Rate Measurement

Medical devices can not be ISO certified. Medical devices are certified according to product standard Medical device directive (MDD) or Medical device regulation (MDR). 

Nor in the ISO 13485:2016 standard nor in the MDD or MDR, there is no direct value for the accuracy. This data is usually in the technical standards. If you can tell me more about your medical device, what it is, I can guide to tehcnicals tnadrds that is applicable for it. 

Tackling clause 8.5.1

Clause 8.5.1 f) is not applicable to many organizations. Consider your organization’s soap specifications to customers or according to regulations. Can your organization control product specifications prior to delivery? If yes, clause 8.5.1 f) is not applicable. For example, heat treatment processes, welding processes, sterilization processes, are examples of where clause 8.5.1 f) is applicable.

You can find more information below:

• ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/
• Free online training ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 17025 queries

You asked:

1. What is the difference between certification and accreditation? 

Certification is the process where an independent body provides formal written confirmation (assurance) via a certificate that a management system, service, person or product, meets specific requirements. 

When a laboratory formally demonstrates to an independent third party assessment body, the consistent operation of a management system according to ISO 17025 and technical competency for a defined scope of work; the body formally declares the laboratory competent by awarding a Certificate of Accreditation. The laboratory is known as a conformity assessment body and is referred to as accredited, not certified. The third party assessment body, known as the accreditation body themselves need to be accredited to ISO 17011:2017 (Conformity assessment - Requirements for accreditation bodies accrediting conformity assessment bodies) to accredit laboratories.

Organisations that demonstrate they meet the requirement of a Management system standard such as ISO 9001:2015 also undergo a conformity assessment by an independent certification body, but it does not include assessment of competency. 

You also Asked

2. I do not understand the concept of measurement uncertainty. 
Can you help me with it? 

Measurements by principle involve an experimental process to determine the true value of something of interest, for example amount of chromium in drinking water. The result is often obtained after a number of steps where each is influenced by possible systematic and random errors. A single result is therefore an estimate of the true value of what is being measured. Imagine repeating the test a number of times, under various conditions, over a long period. Each of these conditions, for example different personnel, reference materials, equipment performance would impact on the quality of the result by influencing the pattern and width of dispersion of results.  Measurement uncertainty  (MU) is the parameter which defines the interval around the measured value, within which the true value lies with some statistical probability. A simple example of this parameter is standard deviation. Bear in mind MU is made up of many components. The probability distributions of some components can be evaluated over repeated measurements (e.g from quality control charts). Others will typically be evaluated from information such as calibration or reference material certificates or assumed probability distributions based on experience of the technique.

The importance of MU is the risk of a false accept or false reject of a result when making conformity statements. Consider if the upper tolerance threshold for chromium in water was 50 µg/L and a laboratory reports a result of 48 µg/L. This appears as a pass if MU is not taken into account. If the uncertainty MU for the test was 10 µg/L, statistically the range the result could have actually fallen (equally probability) is the from the measured value minus 10 µg/L up to measured value plus 10 µg/L, meaning  between 38 and 58 µg/L. This means there is a chance of a false pass if the MU is not considered – result could be as high as 58 µg/L.  This is why decision rules (ISO 17025 clause 7.8.6 Reporting statements of conformity) are reuired in certain cases.

You asked

3. I do not understand clause 6.5 Metrological traceability. 

What do they mean by the measurement uncertainty of each calibration must be available?"

Metrological traceability means there is confidence in the validity of the result as each step that could influence the measurement has a calibration traceable to the International System of Units. What “measurement uncertainty of each calibration must be available” means is that any equipment, such as balances, are calibrated by a calibration laboratory that conforms to ISO 17025 and the certificates state the measurement uncertainty of the calibration. Likewise the certificates supplied with weight pieces used for verification, certified reference materials, volumetric equipment and other items must be supplied with reported measurement uncertainty. In practice, the MU of, for example, the weighing step in preparing a sample cannot be smaller than the MU of the balance in that range of operation.

The following may be useful to you:

• The webinar – What are the steps in the ISO 17025 accreditation process? at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar/
• The ISO 17025 toolkit procedures:
  Equipment and Calibration procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//
  Evaluation of Measurement Uncertainty Procedure at https://advisera.com/17025academy/documentation/evaluation-of-measurement-uncertainty-procedure/ This  covers the basic principles and steps to plan, measure and calculate the data required for an evaluation of measurement uncertainty. The two appendices related to the document, Measurement Uncertainty Checklist and Measurement Uncertainty Record support the process. I recommend you also look to your sector and suppliers for commonly used approaches.
• The articles:
  What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
  What is ISO 17025? at https://advisera.com/17025academy/what-is-iso-17025/

Framing Standard Process Conditions (SPC) and specifications

Many thanks for your replies. Now I have some idea what is to be done.

Team training in Good Manufacturing Practices - is it essential?

It is essential to educate employees that are directly involved in manufacturing the medical device - workers in the production, workers in the warehouse, workers in the quality control, cleaning staff. Also, some management staff also need to be educated to know how premises have to be organized (eg. to avoid cross-contamination), what resources it is necessary for the smooth implementation of GMP, what knowledge it is necessary to ensure for smooth conduction of GMP.

Legal requirements related to 27001 in the UK

We are not legal experts, so our recommended approach is indeed for organizations to hire local expert advice to identify legal requirements that must be fulfilled to be compliant with the ISO 27001 in your country. An online search can help at the beginning of your work (for an overview), but local expert advice is highly recommended.

This article can provide a start: https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/

But please note that the list in this article is not fully up-to-date because it depends on voluntary contributions from our readers – therefore, it is likely that not all regulations for each country are listed (some even may have been withdrawn).

This article will provide you a further explanation about the identification of requirements:

• How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

Implementation of ISO 27001

Unless there is specific marketing-related information included in the ISMS scope (e.g., information related to new products), or one of the expected outcomes of the ISO 27001 implementation can be marketing-related (e.g., enter a new market), there is no specific expectation from a marketing role in an ISO 27001 implementation project.
 
Regarding documents requiring marketing role's attention in implementation, it will depend on how marketing will be involved. In the previous examples (i.e., when marketing-related information is included in the ISMS scope, or when one of the expected ISMS outcomes can be marketing-related), documents to be evaluated by marketing role are the ISMS scope and the Information Security Policy. By understanding them and being involved in their elaboration, it can become clearer what is expected from them and what they need to do.

Additionally, after implementation, other relevant documents will be those security documents that employees of the marketing department use in everyday work - e.g. Information classification, Backup policy, etc.

For further information, see:

• RACI matrix for ISO 27001 implementation project https://advisera.com/27001academy/blog/2018/11/05/raci-matrix-for-iso-27001-implementation-project/