Search results

MDSAP audit

1. What stage of completion do we have to be in to be ready for an MDSAP audit?

You have to be completely ready for the audit from both sides: ISO 13485:2016 and Technical file according to the MDR.

2. Does our device need to be a finished device?

Yes, your device must be a finished device.

3. Does our DMR need to be completed and do we have to have all our verification and validation plans and reports completed?

Yes, your all verification and validation plans and reports must be completed.

Internal Audit Process Approach

A horizontal audit is when you audit one process across many departments in the organization. A vertical audit is when you audit all the processes used by a department. Process audits are another name for horizontal audits. Draw a process flowchart and prepare your audit around that, as I show in this free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/

You can find more information below

• ISO 9001 Horizontal audit vs. vertical audit - https://advisera.com/9001academy/blog/2015/03/03/iso-9001-horizontal-audit-vs-vertical-audit/
• Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Implementing ISO 9001 in a company with multiple contractors

I think your question is about how to start implementing ISO 9001. For your particular case I would start by designing a model about how your organization works based on the process approach.

The following material will provide you more information about the process approach:

• Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ - please check how training can be related with the process approach
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - where I extensively use the process approach.

ISO 9001 Laboratory Audit

You can have two kinds of audits: conformance or performance audits.

With conformance audits you want to check if the standard and or internal procedures are followed.

With performance audits you want to check if the training and skills development investments are effective.

An audit, either with a focus on conformance or effectiveness, can:

• help verify if staff has the right training and if that training is effective, or if specific staff roles should be adjusted
• promote the need for change, through comparison of expected results with actual results

Audits are a way of performing hypothesis tests about how processes are operated or about how good are their performance.

The following material can provide more information:

• ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• Please find in this free webinar on demand - How to perform an internal audit remotely - https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/ a detailed explanation about how to remotely audit operations using a tablet, a smartphone, CCTV or a drone.
• Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Are resources from law required to implement GDPR?

1. Do we require any resources from law to implement GDPR?

The GDPR (as any European Regulation) has direct applicability in the Member States and does not require any adaptation from national laws. However, there are some topics where Member State law can implement GDPR requirements (i.e. legislation on video surveillance or health and safety in the workplace), so you may need to verify if your national law requires additional steps to comply with.

You can find information on how to implement GDPR and comply with your national law on your national Data Protection Authority (DPA) website where you can find suggestions and requirements.

We developed a toolkit to help the controller to implement GDPR.

• EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

2. In addition to that, I wanted to know what are the main things to consider when we implement this GDPR"

In order to implement correctly GDPR, first of all, you need to know your business and be aware of what kind of data processing your company carries out in its activity (clients, suppliers, employees are the most common categories of individuals a company deals with).Then, you need to evaluate what is the data processing: why you are collecting data? For which purposes? How long you need to keep data? Do you need all data you are collecting? Can you do your activity by collecting less data? Who processes data? Who has access to data? Are your data secured? What are the security measures taken against data breach (which means any accident which has an impact on integrity, availability, reliability, and confidentiality of data)?

You may find out that you need to establish policies for your employee on how to process data, establish access control, and also notice your data subject, which is one of the most important parts while implementing GDPR. You will need a privacy notice (better for each category of data subjects, because the data processing of your employees' data will be different from the processing of your clients) and establish procedures to assure the data subjects' rights.

These are the main things to consider when implementing GDPR, others may depend on the nature of your activity (does it involve monitoring on a large scale of data? Do you process special categories of data, like health, sexual orientation, political opinion, data referring to criminal conviction?) that may require a Data Protection Impact Assessment (DPIA) or to appoint a Data Protection Officer (DPO).

Here you can find some information:

• First steps to take to reach GDPR compliance https://advisera.com/eugdpracademy/blog/2018/10/08/first-steps-to-take-to-reach-gdpr-compliance/
• Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/
• A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
• List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/

You can also consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course// 

IS IEC 62304 included in toolkit Advisera offers?

Unfortunately, this standard IEC 62304:2006/AMD 1:2015 Medical device software — Software life cycle processes is not included in our toolkit. This standard is very specific and requires certain documentation completely described in the standard.  

Objectives and expected results

According to ISO the purpose of ISO 9001 is:

• to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements and enhance customer satisfaction

According to ISO the purpose of ISO 14001 is:

• to improve the environmental performance through more efficient use of resources and reduction of waste, gaining a competitive advantage and the trust of interested parties.

The following material will provide you more information:

• What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
• The history and future of the ISO 9000 series of standards - https://advisera.com/9001academy/blog/2019/04/15/history-of-the-iso-9000-series-of-standards-and-what-to-expect-next/
• Evolution of ISO 14001: The history of the leading environmental management standard - https://advisera.com/14001academy/blog/2020/01/21/history-of-iso-14001-why-is-it-so-popular/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Consequences of medical device company not following regulations

In the EU market, it is not possible to place a medical device on the market without previously independent body checks.

In Medical device regulation MDR 20175/745, Article 5 – Placing on the market and putting into service is stated that the device may be placed on the market or put into service only if it complies with this Regulation when duly supplied and properly installed, maintained, and used in accordance with its intended purpose.

For more information, see:

• EU MDR Article 5 - https://advisera.com/13485academy/mdr/placing-on-the-market-and-putting-into-service/

So, all medical device regards the classification must be in compliance with MDR. Also, a new requirement in the MDR is that Manufacturers of devices, shall establish, document, implement, maintain, keep up to date and continually improve a quality management system that shall ensure compliance with this Regulation in the most effective manner and in a manner that is proportionate to the risk class and the type of device.

For further information, see:

• EU MDR Article 10 -  General obligations of manufacturers - https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/

The Standard that supports this quality system is ISO 13485:2016

Following articles you may find useful:

• How can ISO 13485 help with MDR compliance? - https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/
• What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/

• Becoming AS9100 expert

  Becoming an expert in AS9100 entails learning about the standard and using it; there is no substitute for experience. The most common way to gain the knowledge of the standard is to take an AS9100 lead auditor training course, which is also attended by certification auditors, as this will also give you insight into what the auditors will look for in an AS9100 QMS. In addition, many people also consider the AS9100 lead certification auditors experts as they see the system implemented in many different aerospace companies. After gaining the training it is critical that you work with the standard to gain a deeper understanding of how it works.

   

  You can learn more about dealing with the experts in the certification audit in the whitepaper: What to expect at the ISO certification audit: What the auditor can and cannot do, https://info.advisera.com/free-download/what-to-expect-at-the-iso-certification-audit

• Integración de calidad, seguridad y medio ambiente

  Desde la última versión de las normas ISO y la adopción de la estructura de alto nivel, donde 10 cláusulas son compartidas , la integración de los sistemas de gestión es mucho más sencilla.

  Para integrar ISO 9001, ISO 14001 e ISO 45001 debes empezar con la determinación del contexto de la organización, cláusula 4, analizando las cuestiones internas y externas, así como las necesidades y expectativas de las partes interesadas. Una vez realizado este paso entonces puede establecer una política del sistema integrado de gestión. 

  La cláusula 4 junto con la cláusula 6 formaría parte del paso de Planificación del ciclo PDCA (por sus siglas en inglés). En este paso deberá identificar los riesgos y oportunidades y abordarlos con las correspondientes acciones. Además en este paso es donde deberá de establecer los objetivos del sistema integrado así como los planes para alcanzarlos.

  Porteriormente, deberá continuar con las cláusulas 7 y 8, que corresponden a la fase de HACER del ciclo PDCA. La cláusula 7 está relacionada con el soporte del sistema de gestión e incluye tanto las competencias, como los recursos y comunicación,  así como el control de la información documentada. Mientras que la cláusula 8 de Operación, es donde más diferencias existen entre las diferentes ISOs. 

  Luego pasaríamos al paso de REVISAR, que correspondería a la cláusula 9 que incluye el seguimiento y medición, auditoría interna y revisión por la dirección. Y finalmente el último paso sería el de ACTUAR, que correspondería a la cláusula 10 de no conformidades y acciones correctivas así como de mejora continua del SIG. 

  Para más información sobre la integración de ISO 9001, ISO 14001 e ISO 45001, vea los siguientes materiales:

  - Artículo - How to integrate ISO 45001 with ISO 9001 and ISO 14001: https://advisera.com/45001academy/blog/2018/09/12/how-to-integrate-iso-45001-with-iso-9001-and-iso-14001/

  - White paper - How to integrate ISO 9001, ISO 14001 and ISO 45001: https://info.advisera.com/9001academy/free-download/how-to-integrate-iso-9001-iso-14001-and-iso-45001

  - Webinar - Cómo integrar ISO 9001:2015 con ISO 14001:2015: https://advisera.com/9001academy/es/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/

  - Curso gratuito en línea - Curso de Fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  - Curso gratuito en línea - Curso de Fundamentos de la norma ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

  - Libro - Preparación para el proyecto de implementación ISO: una guía en un lenguaje sencillo: https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/