Search results

Document control and compliance with ISO 9001

In order to be in compliance with the ISO 9001:2015 standard, a company only need to have Document Control in place for documents and records relevant for the quality management system.

You can find more information about documentation below:

• How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
• New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
• Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Educating staff on risk management

According to ISO 9001:2015 risks must be:

• determined
• evaluated
• acted upon the most relevant

About determination I would provide a set of examples about risks and opportunities in processes, products, services and from the context, and I would train people to determine risks and opportunities.

About evaluation I would develop a simple matrix to reduce subjectivity in evaluating risk and opportunity relevance, and I would train people to evaluate risks and opportunities.

About acting, I would ask people to help develop actions to minimize probability of occurrence and/or minimize consequences of occurrence. I would also ask people how to monitor the implementation and effectiveness of those actions.

Show examples and invite them to be part of the approach.

You can find more information below about risks.

• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• Does ISO 9001 require a procedure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (I use a lot of examples based on the risk-based approach)
   

How to implement Computer System Validation (chapter 7.5.6) without excessive effort and costs?

Requirement 7.5.6 consider the validation of processes for production and service provision. Section 4.1.6 considers software validation. In small companies, always is a question of how to implement this requirement. You have to understand that you need to validate only software that can have an impact on the or quality of your management system or on the safety of the medical device. This means that you do not need to validate word processor or spreadsheet software. But if you have software for managing your warehouse and delivery process, that you need to be sure that in the case of a software update, your warehouse quantity of goods, lot numbers, invoice numbers, and delivery notes have not changed.

If you have any software in the production, software that runs the machine, that software also needs to be validated. 

However, these validations are not software type validations. With this validation, you need to prove that the software updates did not disrupt your database. 

For example, for the number of the invoices and delivery notes, the easiest way is to check the is numbering in the expected sequence, for warehouse, does the quantity on the shelves corresponds to the number defined in the program. 

You can see how the record for software validation looks like in our ISO 13485:2016 Documentation toolkit here:

• Record of Software Validation https://advisera.com/13485academy/documentation/record-of-software-validation-iso-13485-2016/

• The best approach for QMS

  Standard ISO 13485:2016 is a standard that covers a quality management system for a manufacturer of medical devices. According to the section 1 Scope, this standard is applicable even for your type of the product: In section 1 Scope of the ISO 13485:2016 is stated that this standard specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide a medical device and related service that meet customer requirements and applicable regulatory requirements.

  For a company to be certified against ISO 13485, it needs to be in the medical device industry (manufacturer, distributor, importer). There are specific requirements that are connected with the specialty of medical devices like sterilization, installation and service activities, traceability of the medical device production, special requirements for traceability of implantable medical devices, validation of software is software is a medical device, and so on. 

  The process of implementation is to create and document all of the processes required by the ISO 13485 standard, as well as customer and regulatory needs. Our ISO 13485:2016 toolkit combines documentation templates and checklists that demonstrate how to implement this standard through a step-by-step process. In addition, you can access help from our experts to keep you on the right path, ensuring a straight-forward journey to ISO 13485 certification. You can buy the whole toolkit, or you can buy separately documents that you considered that you need.

  It is rather hard to estimate how much time you will need for the implementation process because it depends on many things like: number of the employees, do you have any experience before with quality management systems, how complicated your processes are, and so on. On average, we can say that for the company with 10 employees it will take 3-4 months, for the company with up to 50 employees, some 8-12 months. But, once again, this is just the estimation.

  For more information about ISO 13485:2016 please see the following articles:

  • What is ISO 13485? https://advisera.com/13485academy/what-is-iso-13485/
  • How to get ISO 13485 certified? https://advisera.com/13485academy/iso-13485-certification/
  • How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/
  • Checklist of ISO 13485 implementation and certification steps https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/

  You can see how our ISO 13485:2016 Documentation toolkit is composed here:

  • ISO 13485:2016 Documentation Toolkit https://advisera.com/13485academy/iso-13485-documentation-toolkit/

  • Quality audit for ISO 9001

    First, you must comply with your organization’s requirements for being a competent internal auditor. Normally, that means knowing the audit criteria (ISO 9001:2015) and knowing good auditing practices.

    So, you can acquire knowledge about ISO 9001:2015 and about good auditing practices by enrolling in our ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/

    This free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ can be useful to view an internal audit as a process.

    Consider also this book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

     

  • Is internal auditor of ISO 9001:2008 allowed to conduct internal audits in accordance with ISO9001:2015?

    Each organization has the authority to determine its competency requirements for its internal auditors. Normally, organizations consider that internal auditors should have knowledge of the audit criteria (ISO 9001:2015 in this case) and should have training in internal audits. You can even decide that an auditor has to study a book on audits or attend an online course and do an in-house exam. Internal auditor competence requirements can be established in a job description, for example. IAF and other rules are applicable to certification auditors. So, the only criteria is: does the internal auditor complies with the internal auditor competency requirements?

    The following material will provide you information about internal auditors:

    • ISO 9001 – ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
    • Free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/
    • Book -  ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Requirements for temperature, humidity, and room type in house calibration lab

    Мережевий простір України зустрів свіжий тематичний проєкт — збірку інтернет-ресурсів, метою якого є зібрати найрізноманітніші українські сайти. Новостворений портал збирає посилання на сайти, що розкривають найрізноманітнішу тематику. Каталог включає сайти загальнодержавного значення, а також ті, що концентруються на висвітленні подій певних областей. Головне завдання проєкту — запропонувати простий стартовий майданчик для інтернет-аудиторії, які шукають актуальні місцеві медіа на будь-яку вподобану тематику: починаючи від оперативних зведень і політикуму до глибоких історичних досліджень, молодіжних питань, культури побуту, громадської діяльності та публіцистики. Цей ресурс орієнтований на широку аудиторію та відкритий до співпраці з медіа, представниками преси та бізнес-партнерами, які хочуть виділятися в українському інформаційному полі

  • Advice on ISMS implementation for Group and subsidiary companies

    This scenario is not much different from a single organization with multiple departments attending specific and non-related target groups, and for such a scenario, a good approach is to implement the ISMS covering the whole units.
     
    Regarding certification, adopting a single certificate for all units or separate ones for each unit is a business decision, depending on their objectives and strategies, but in general organizations like these adopt the model of one certification for each unit, because a change in a unit does not impact the certification of other units (of course, in tour case, the most critical certificate will be the one fro the mother company).
     
    These articles will provide you a further explanation about scope definition:  

    • How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
    • Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

  • Questions about risk

    Thanks alot for your response. Indeed you have addressed issues left vague by the standard, especially on the opportunity.