Search results

Difference in UK and USA ISO 13485

If the standard that you have to use is ISO 13485:2016, then there is no difference between the countries. ISO standards are international standards that are applied to all countries. 

Register of Requirements Blank

In case you do not have any legal requirements documented applicable (e.g., laws, regulations, or contracts) the Register of Requirements can be left blank. Internal security policy requirements do not need to be documented in this register, and Master Service Agreement with no specific security control agreement also does not need to be included in the Register of Requirements.

However, it would be very strange not to have any legal or regulatory requirements. For example, in most countries, privacy regulations require companies to protect personal data they process, and every company does have personal data (if nothing else, the data about their employees).

Context of the organisation and its impact on the organisation and mitigation actions

Please check this free webinar on demand - ISO 9001:2015 Clause 4 - Context of the Organization, Interested Parties, and Scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/ where I present an approach about how to implement context analysis and relate it also with the risk-based thinking. Why do you have a management system? To help your organization in achieving objectives aligned with policy (strategy). BTW, check the ISO 9000 management system definition, something like: system to establish a policy, a general orientation, translate it into objectives, tangible challenges, and then work to achieve them.

With context analysis you can think about the internal issues that you need to tackle to achieve the objectives. Let’s consider, as an example, that one of your management system objectives is to reduce complaints in 20% in the next 12 months. After performing a Pareto analysis you realize that more than 50% of all complaints are about dirty or open bags with product leaking. Your internal issues are about the internal strengths that you need to take advantage of, and about the internal weaknesses that need to be reduced or eliminated to achieve your objective.

External issues are about things that your organization cannot control. They bring uncertainty and may help or hinder your plans to achieve the objective.

You can find more information below:

• How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Human Resources Training

Hello Kristina, and where can I find this clause implemented on the toolkit? Thank you very much!

Risk assessment and treatment

The inclusion of controls in the SoA based on a compliance need (i.e., to be compliant with the Baseline Information security for the Dutch government) is acceptable for the certification process.

However, to be able to succeed in ISO 27001 certification process, you need to perform the risk assessment as well. Based on the results of the risk assessment, and based on requirements from interested parties (including the Dutch government requirements), you can define in your Statement of Applicability which controls are applicable.

Document Recovery Plan

Please note that while less frequent, disruptions caused due to failure of system-wide assets still can happen:

• 9 Mar. 2021 — A fire at a French cloud services firm has disrupted millions of websites
• 29 Sep. 2022 — Internet access down across Florida areas hit by Hurricane Ian
• 29 Sep. 2022 — The FCC said that more than half a million Floridians had lost their landline telephone, home internet, cable, or some combination, hit by Hurricane Ian.
• 26 Apr. 2023 — Google Cloud stopped operating in Paris early on Wednesday morning local time due to "water intrusion"

So, even if your area is not directly hit, a disaster that hits your provider can affect your ability to access documents in your systems.

21CFR-820 vs ISO13485 Quality management systems

This depends on what is required by the national or market regulation. If your requirement is to use ISO 13485, then you can use your own QMS but with added elements that are specific to ISO 13485. So, adapt your QMS with particular requirements from ISO 13485.

Re-certifying

Please note that you can recertify against ISO 27001:2013 latest by the end of October this year. After this recertification, you can choose when to transition to the 2022 revision - you can do it during your surveillance audit in 2024, but latest during the surveillance audit in 2025.

Uncertainty calculation

The requirements for laboratory will depend on the type of testing or calibrations your perform. For more information, have a look at my previous answers to the same topic questions. These are at https://community.advisera.com/topic/calculating-uncertainty/ and https://community.advisera.com/topic/meas-of-uncert-budget-pipette/

Filter Placement- EMS role on it

I think that there may be different answers as a function of the specific situation.

You determined environmental aspects and impacts. Then, you evaluated their significance and concluded that the situation needs to be improved. (Clause 6.1.2)
 
So, something needs to be done to improve current situation. Someone, or a group may study different alternatives and conclude that using a filter will be the best solution. Next steps are about what needs to be done to finance, acquire, install, and text the solution. (Clause 6.1.4)
 
Answering your question this is done at the planning stage.