Search results

Validation of software of machines and equipment related to production process

Yes, you need to validate software of machine and equipment related to the production process, but only when there is a new revision of the software; when you get information from the machine manufacturer that there is a necessity to update the software. 

If that is not the case, then you do not need to regularly validate that software.  

You can see how records of software validation look in ISO 13485:2016 Documentation toolkit on the following link:

• Record of Software Validation https://advisera.com/13485academy/documentation/record-of-software-validation-iso-13485-2016/

• ISO 9001 internal documents approval

  Your internal documents don’t need to be approved by clients. If you have internal documents specific to a particular client it may be required, if previously determined by contract, to use client documents or use specific internal documents approved by client.

  You can find more information about records below:

  • How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
  • New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
  • Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
  • Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
     

• Database tesi prova finale

  Sono un docente di Conservatorio di musica. Assieme a un nutrito gruppo di colleghi vorremmo realizzare un database consultabile online sul portale di una rivista di settore. Il database dovrebbe contenere alcuni dati relativi alle tesi presentate per la Prova finale al termine di un corso accademico. In particolare: titolo della tesi, oggetto di interesse, eventuali nomi di diplomandi e di relatori, nome dell'istituzione in cui si è tenuta la Prova. Si tratta di una iniziativa facilmente realizzabile?

  La facilità dell’iniziativa dipende non solo dal GDPR ma da diversi fattori. Dal punto di vista del GDPR, l’articolo 89 GDPR consente le raccolte dati per finalità scientifiche.

  Quali adempimenti saremmo tenuti in caso a rispettare? Grazie

  L’adempimento più importante che mi viene in mente è la redazione di un’informativa privacy per i visitatori del database e un accordo per il trasferimento dei dati con i conservatori.Considerate che mentre l’articolo 89 GDPR non richiede il consenso nel caso di trattamenti per finalità di archivio o di ricerca scientifica, il codice della Privacy italiano richiede il consenso dei soggetti. Il GDPR, infatti, consente agli Stati Membri di introdurre delle discipline più restrittive per tutelare meglio i diritti e le libertà degli individui.Il consenso, tuttavia, è richiesto anche dalla normativa sulla proprietà intellettuale, essendo la tesi protetta dal diritto d’autore. Naturalmente, è possibile inserire una procedura che consenta agli studenti di inviare e pubblicare la tesi sul vostro database in modo da avere il consenso direttamente da loro.Se invece, come mi pare di capire, volete che i conservatori condividano le loro tesi, la cosa potrebbe essere un po’ più complicata. Forse qualche conservatorio nel proprio modulo per il consenso richiede l’autorizzazione al trasferimento dei dati a terzi per finalità di archivio, allora un accordo per il trattamento dei dati tra titolare e responsabile del trattamento può regolare il tutto.L’articolo 89 GDPR richiede inoltre l’adozione di particolari salvaguardie, che venga consentito l’esercizio dei diritti ai soggetti del trattamento, la definizione di un periodo di durata della conservazione del dato, l’adozione di misure di sicurezza come la crittografia.La parte più complicata, tuttavia, è data dal fatto che la normativa italiana richiede che le parti partecipino a programmi comuni di ricerca, quindi sarà necessario elaborare degli accordi con i singoli conservatori.

  Qui puoi trovare ulteriori informazioni:

  • I diritti degli interessati secondo il GDPR https://advisera.com/eugdpracademy/it/knowledgebase/gli-8-diritti-degli-interessati-secondo-il-gdpr/
  • Quattro domande principali per ottenere e gestire il consenso degli interessati ai sensi del GDPR https://advisera.com/eugdpracademy/it/knowledgebase/quattro-domande-principali-per-ottenere-e-gestire-il-consenso-degli-interessati-ai-sensi-del-gdpr/
  • Egrave; necessario il consenso? Sei basi giuridiche per il trattamento dei dati in conformità con il GDPR https://advisera.com/eugdpracademy/it/knowledgebase/e-necessario-il-consenso-sei-basi-giuridiche-per-il-trattamento-dei-dati-in-conformita-con-il-gdpr/
  • Everything you need to know about the GDPR Privacy Notice https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/

  Se desideri saperne di più sulla conformità al GDPR, puoi prendere in considerazione l'iscrizione a EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• Example of a completed Risk Assessment Table

  For an example of Risk Assessment and Risk Treatment I suggest you take  look at this paper:

  • Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process

• Which records need to be signed with a hand-written signature (or electronic equivalent)?

  In ISO 13485:2016 there are no strict requirements regarding the type of signature. In the requirement 4.2.4 Control of documents is stated following documents need to be review and approve documents for adequacy prior to issue; that each document needs to be reviewed, update as necessary and re-approve documents; ensure that the current revision status of and changes to documents are identified; ensure that relevant versions of applicable documents are available at points of use; ensure that documents remain legible and readily identifiable.

  In requirement 4.2.5 Control of records is stated that each record shall be maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system.

  So it is up to your organization how this will be solved.

  For more information about common mistakes with ISO 13485:2016 documentation control and how to avoid them, please see the following link:

  • Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/

  • List of documents for BCMS

    It is feasible to have a sequential document list only for BCMS.
    I can tell you that we already have an ISMS in place and we will start implementing our BCMS shortly. Regarding the documents, we acquired the complete package to help us complement the ISMS that we currently have.

    Please note that included in your toolkit there is a List of documents file that identifies the documents applicable to an ISO 22301 BCMS implementation.

    Some of them are exclusive for ISO 22301 (e.g., Business Continuity Policy), and will need to be created from zero, while others are common for both ISO 27001 and ISO 22301 (e.g., Training and Awareness Plan), and you will need only to perform some adjustments.

    Regarding the sequence, the List of documents file presents the documents in the order they need to be implemented.

    For further information, see:

    • Checklist of ISO 22301:2019 mandatory documentation (PDF) https://info.advisera.com/27001academy/free-download/checklist-of-iso22301-mandatory-documentation
    • Diagram of ISO 22301 implementation process (PDF) https://info.advisera.com/27001academy/free-download/diagram-of-iso-22301-implementation-process

  • Measurement uncertainity

    You asked

    Is measurement of uncertainty applicable for our scope of work? 

    All testing laboratories must evaluate or, at least, estimate measurement uncertainty by identifying contributions to measurement uncertainty and considering all significant contributions including those arising from sampling and using appropriate methods of analysis. Where detailed measurement uncertainty evaluation is not possible due to the nature of the test method, the measurement uncertainty may be estimated based on principles of the techniques or practical experience of the performance of the method.

    You also asked

    what are factors to be considered if we requires to calculate the same? 

    Measurement uncertainty is a statistical representation, representing the statistical certainty that the true result lies within the stated margin. It is understood as the margin of doubt regarding the results of any measurement.

    To establish how large the margin of doubt is for a method, at a specified confidence level (e.g., 95% confidence), all the contributions (from your method steps and calcultions) must be included either a mathematical budget or by using long term quality control data of reproducibility and bias. It depends on the method and what you have available - standard uncertainties derived from various sources (such as calibrations) or long term “whole method” standard deviation

    You also asked

    can you suggest some tools for the calculation?"

    For more information regarding the measurement uncertainty, see the ISO 17025 toolkit document template: Evaluation of Measurement Uncertainty Procedure at https://advisera.com/17025academy/documentation/evaluation-of-measurement-uncertainty-procedure/ This  covers the basic principles and steps to plan, measure and calculate the data required for an evaluation of measurement uncertainty. The two appendices related to the document, Measurement Uncertainty Checklist and Measurement Uncertainty Record support the process. I recommend you also look to your sector and suppliers for commonly used approaches.

  • Providing consultation to a 3rd party

    Concerning consulting if the third party agrees to work with you it is something that it is up to the two parties.

    Concerning performing ISO 9001 internal audits it is up to your audit client to determine internal auditor requirements. If you comply with their requirements I, as external auditor, would not have anything against it.

    You can find more information below:

    • How to choose the most appropriate training - https://advisera.com/training/compare/
    • How to become an ISO 9001 consultant - https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/
    • How to choose an ISO 9001 consultant - https://advisera.com/9001academy/blog/2019/11/12/iso-9001-consultant-how-to-hire-the-right-one/
    • How to sell your ISO 9001 consulting services - https://advisera.com/9001academy/blog/2017/06/20/how-to-sell-your-iso-9001-consulting-services/
    • Free webinar on demand – How to sell ISO consulting services - https://advisera.com/9001academy/webinar/how-to-sell-iso-consulting-services-free-webinar-on-demand/
    • Enroll for free course - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/