Search results

Maintaining ISO 9001

To get simplicity in the post-certification phase you have to go through complexity in the implementation phase. By complexity I mean investing time:

• in developing or customizing documentation with the right amount of content,
• in setting monitoring and feedback circuits that feed continual improvement,
• in defining really relevant objectives and indicators,
• in performing frequent effective internal audits.

If you don’t go through that complexity phase you will always be plagued with the shortcomings of a defective management system.
You can find more information below:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• How t write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Please check this free webinar on-demand – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

MDSAP audit

1. What stage of completion do we have to be in to be ready for an MDSAP audit?

You have to be completely ready for the audit from both sides: ISO 13485:2016 and Technical file according to the MDR.

2. Does our device need to be a finished device?

Yes, your device must be a finished device.

3. Does our DMR need to be completed and do we have to have all our verification and validation plans and reports completed?

Yes, your all verification and validation plans and reports must be completed.

Internal Audit Process Approach

A horizontal audit is when you audit one process across many departments in the organization. A vertical audit is when you audit all the processes used by a department. Process audits are another name for horizontal audits. Draw a process flowchart and prepare your audit around that, as I show in this free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/

You can find more information below

• ISO 9001 Horizontal audit vs. vertical audit - https://advisera.com/9001academy/blog/2015/03/03/iso-9001-horizontal-audit-vs-vertical-audit/
• Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Implementing ISO 9001 in a company with multiple contractors

I think your question is about how to start implementing ISO 9001. For your particular case I would start by designing a model about how your organization works based on the process approach.

The following material will provide you more information about the process approach:

• Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ - please check how training can be related with the process approach
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - where I extensively use the process approach.

ISO 9001 Laboratory Audit

You can have two kinds of audits: conformance or performance audits.

With conformance audits you want to check if the standard and or internal procedures are followed.

With performance audits you want to check if the training and skills development investments are effective.

An audit, either with a focus on conformance or effectiveness, can:

• help verify if staff has the right training and if that training is effective, or if specific staff roles should be adjusted
• promote the need for change, through comparison of expected results with actual results

Audits are a way of performing hypothesis tests about how processes are operated or about how good are their performance.

The following material can provide more information:

• ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• Please find in this free webinar on demand - How to perform an internal audit remotely - https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/ a detailed explanation about how to remotely audit operations using a tablet, a smartphone, CCTV or a drone.
• Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Are resources from law required to implement GDPR?

1. Do we require any resources from law to implement GDPR?

The GDPR (as any European Regulation) has direct applicability in the Member States and does not require any adaptation from national laws. However, there are some topics where Member State law can implement GDPR requirements (i.e. legislation on video surveillance or health and safety in the workplace), so you may need to verify if your national law requires additional steps to comply with.

You can find information on how to implement GDPR and comply with your national law on your national Data Protection Authority (DPA) website where you can find suggestions and requirements.

We developed a toolkit to help the controller to implement GDPR.

• EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

2. In addition to that, I wanted to know what are the main things to consider when we implement this GDPR"

In order to implement correctly GDPR, first of all, you need to know your business and be aware of what kind of data processing your company carries out in its activity (clients, suppliers, employees are the most common categories of individuals a company deals with).Then, you need to evaluate what is the data processing: why you are collecting data? For which purposes? How long you need to keep data? Do you need all data you are collecting? Can you do your activity by collecting less data? Who processes data? Who has access to data? Are your data secured? What are the security measures taken against data breach (which means any accident which has an impact on integrity, availability, reliability, and confidentiality of data)?

You may find out that you need to establish policies for your employee on how to process data, establish access control, and also notice your data subject, which is one of the most important parts while implementing GDPR. You will need a privacy notice (better for each category of data subjects, because the data processing of your employees' data will be different from the processing of your clients) and establish procedures to assure the data subjects' rights.

These are the main things to consider when implementing GDPR, others may depend on the nature of your activity (does it involve monitoring on a large scale of data? Do you process special categories of data, like health, sexual orientation, political opinion, data referring to criminal conviction?) that may require a Data Protection Impact Assessment (DPIA) or to appoint a Data Protection Officer (DPO).

Here you can find some information:

• First steps to take to reach GDPR compliance https://advisera.com/eugdpracademy/blog/2018/10/08/first-steps-to-take-to-reach-gdpr-compliance/
• Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/
• A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
• List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/

You can also consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course// 

IS IEC 62304 included in toolkit Advisera offers?

Unfortunately, this standard IEC 62304:2006/AMD 1:2015 Medical device software — Software life cycle processes is not included in our toolkit. This standard is very specific and requires certain documentation completely described in the standard.  

Objectives and expected results

According to ISO the purpose of ISO 9001 is:

• to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements and enhance customer satisfaction

According to ISO the purpose of ISO 14001 is:

• to improve the environmental performance through more efficient use of resources and reduction of waste, gaining a competitive advantage and the trust of interested parties.

The following material will provide you more information:

• What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
• The history and future of the ISO 9000 series of standards - https://advisera.com/9001academy/blog/2019/04/15/history-of-the-iso-9000-series-of-standards-and-what-to-expect-next/
• Evolution of ISO 14001: The history of the leading environmental management standard - https://advisera.com/14001academy/blog/2020/01/21/history-of-iso-14001-why-is-it-so-popular/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Consequences of medical device company not following regulations

In the EU market, it is not possible to place a medical device on the market without previously independent body checks.

In Medical device regulation MDR 20175/745, Article 5 – Placing on the market and putting into service is stated that the device may be placed on the market or put into service only if it complies with this Regulation when duly supplied and properly installed, maintained, and used in accordance with its intended purpose.

For more information, see:

• EU MDR Article 5 - https://advisera.com/13485academy/mdr/placing-on-the-market-and-putting-into-service/

So, all medical device regards the classification must be in compliance with MDR. Also, a new requirement in the MDR is that Manufacturers of devices, shall establish, document, implement, maintain, keep up to date and continually improve a quality management system that shall ensure compliance with this Regulation in the most effective manner and in a manner that is proportionate to the risk class and the type of device.

For further information, see:

• EU MDR Article 10 -  General obligations of manufacturers - https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/

The Standard that supports this quality system is ISO 13485:2016

Following articles you may find useful:

• How can ISO 13485 help with MDR compliance? - https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/
• What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/

• Becoming AS9100 expert

  Becoming an expert in AS9100 entails learning about the standard and using it; there is no substitute for experience. The most common way to gain the knowledge of the standard is to take an AS9100 lead auditor training course, which is also attended by certification auditors, as this will also give you insight into what the auditors will look for in an AS9100 QMS. In addition, many people also consider the AS9100 lead certification auditors experts as they see the system implemented in many different aerospace companies. After gaining the training it is critical that you work with the standard to gain a deeper understanding of how it works.

   

  You can learn more about dealing with the experts in the certification audit in the whitepaper: What to expect at the ISO certification audit: What the auditor can and cannot do, https://info.advisera.com/free-download/what-to-expect-at-the-iso-certification-audit