Search results

ISO 13485 implementation

1. As we are a low-risk class I one medical device manufacturer, if we want to declare our conformity according to MDR do we also need to comply with all the applicable harmonized standards like (ISO 13485, ISO 14971, IEC 60601-1-2) ? Or are these standards optional for class I?

2. Do we need ISO 13485 or other certification from an accredited body? 

Change of the quality manual's mandatory status

ISO 9001: 2015 did not prohibit the quality manual, what came was to remove its mandatory character.

Why did this happen?

Because of an effort to reduce the image of bureaucratization associated with ISO 9001: 2015 and, perhaps because many quality manuals have no value, they are limited to a template with blank spaces filled with the name of the organization. Personally, as an auditor, I am tired of seeing manuals that in a way summarize ISO 9001.

The following material will provide you information about the quality manual:

• The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/
• Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Integrating ISO 9001 and ISO 14001

Some of the advantages can be:

• Reducing duplication of efforts and costs (one set of documentation and integrated audits, for example)
• Increasing consistency among roles and responsibilities
• Increasing focus of the actions and of the communication. 

You can find more information below:

• How to integrate ISO 14001 and ISO 9001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/
• ISO 14001:2015 integration with ISO 9001:2015 – What has changed? - https://advisera.com/14001academy/blog/2016/02/15/iso-140012015-integration-with-iso-90012015-what-has-changed/
• Free webinar - How to integrate ISO 9001:2015 and ISO 14001:2015 - https://advisera.com/14001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO standard for Data Governance

Regarding data sharing, I suggest you take a look at these ISO standards:

• ISO 20614:2017 Information and documentation — Data exchange protocol for interoperability and preservation https://www.iso.org/standard/68562.html
• ISO/DIS 37156(en) Guidelines on data exchange and sharing for smart community infrastructures https://www.iso.org/obp/ui#iso:std:iso:37156:dis:ed-1:v1:en

Information Asset Register

An Information Asset Register is mandatory for ISO 27001 certification only if you have relevant risks or legal requirements (e.g., laws, contracts, regulations, etc.) demanding the implementation of control A.8.1.1 Inventory of assets.

In case such situations do not occur, then the Information Asset Register is not required for ISO 27001 certification.

This article will provide you a further explanation about the asset register:

• How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Internal audit requirements

If you check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ - you can see that the only mandatory records required by ISO 9001:2015 are evidence that the audit program is being implemented along with the audit results. As audit results, you can have audit reports, evidence of corrections, or corrective actions taken.

You can find more information in the following links:

• Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
• Free webinar on-demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about the follow-up)
• You can enroll for free in this course - ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Implications of EU GDPR data security and company data

About data security, GDPR requires to assure integrity, availability, reliability, and confidentiality of data taking into account the state of art, the purposes of the processing, the data involved, the scale of processing, and the cost. The controller must balance all these aspects in order to find the level of security which minimizes the risk for company data.

Company data require to be known to assure data subjects' rights and compliant data processing. All implementation processes start from knowing its own business and the kind of data processed, how data are processed, where data are stored, and who has access to them. We developed a toolkit to help organizations to make this process as easy as possible.

Here you can find some information:

• EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
• Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/
• A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
• List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
• Article 32 GDPR: https://advisera.com/eugdpracademy/gdpr/security-of-processing/
• How cybersecurity solutions can help with GDPR compliance https://advisera.com/eugdpracademy/blog/2017/11/27/how-cybersecurity-solutions-can-help-with-gdpr-compliance/

You can also consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

ISO 9001 controlled document list

Yes, all documents and records relevant for the QMS must be listed and controlled. With software programs you want to ensure that templates used to record information are correct and in the approved version.

The following material will provide you information about document control:

• How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
• What kind of Document Management System (DMS) do you need for handling ISO documents? - https://advisera.com/conformio/blog/2020/08/11/what-kind-of-dms-you-need-for-handling-iso-27001-documents//
• Should you keep your ISO documents in the cloud or on paper? - https://advisera.com/conformio/
• Book - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Performing risk assesment

ISO 9001:2015 does not require a formal assessment supported in a specific standard. So, you can comply with ISO 9001:2015 without a risk assessment standard.

If you want to manage risks in a more professional way you can use ISO 31000:2009.

You can find more information below:

• Similarities and differences in risk management in ISO 9001, ISO 31000, and ISO 27001 - https://advisera.com/9001academy/blog/2016/10/25/similarities-and-differences-in-risk-management-in-iso-9001-iso-31000-and-iso-27001/
• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Maintaining ISO 9001

To get simplicity in the post-certification phase you have to go through complexity in the implementation phase. By complexity I mean investing time:

• in developing or customizing documentation with the right amount of content,
• in setting monitoring and feedback circuits that feed continual improvement,
• in defining really relevant objectives and indicators,
• in performing frequent effective internal audits.

If you don’t go through that complexity phase you will always be plagued with the shortcomings of a defective management system.
You can find more information below:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• How t write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Please check this free webinar on-demand – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/