Search results

Reputation Management ISO product

We are not aware of a Reputation Management ISO product. What we can tell you is about an ISO Technical committee about Online reputation (ISO/TC 290), whose current status is "stand by": https://www.iso.org/committee/5166853.html

Related to this committee there is a single published standard: ISO 20488:2018 Online consumer reviews — Principles and requirements for their collection, moderation and publication : https://www.iso.org/standard/68193.html?browse=tc

Do manufacturing of medical face mask require clean room?

The work environment for the production of face masks depends on the intended use and declarations that you want to put on your medical device. If you want to sell sterile face masks, then you need sterilization facilities. In that case, each mask will be packed in a separate pouch and will be class Is. 

If you do not want it to be sterile, then it is class I. There is no direct requirement in the standard to produce those masks in the cleanroom area. However, in ISO 13485:2016 in requirement 6.4.1 Work environment is stated that organization must be defined and document requirements needed to achieve conformity to product requirements. So, it is up to you how you will decide.

For more information regarding the work environment, please see the following links:

• Managing cleanliness of a product and contamination control according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/07/04/managing-cleanliness-of-a-product-and-contamination-control-according-to-iso-134852016/
• Managing medical device infrastructure requirements according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/

• Instructions for aspect evaluation

  Your organization will determine the environmental aspects. Determine also the environmental impacts related with each aspect. An organization may have the same environmental aspect but different environmental impacts. For example, wastewater discharging may be into a river with or without any treatment – very different environmental impacts.

  In your instruction you can consider if there is applicable legislation and if it is met or not. If it is not met it is a significant aspect. If it is met, you can apply more evaluation items to define priorities. For example – frequency/probability (normal, periodical, abnormal) – Consequences for the environment (minor, medium, major). These are the two more common topics. However, you add more topics like economic impact, interested parties relevance.

  Please check this information below with more detailed answers:

  • Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
  • Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
  • How does product life cycle influence environmental aspects according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
  • Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
  • ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
  • Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
     

• Closed the minor NC for last year

  I'm assuming your question is "What if the client already closed the minor NC for last year, however this year we still find the same issue. Is it minor or major?"

  Considering that, if you found the same issue that should be solved by a previously issued NC, this means that the NC treatment was ineffective, and this would raise a major non-conformity because it means a mandatory requirement of the standard was not fulfilled.
   
  Please note that minor and major non-conformities are generally used for certification audits, not internal audits, and major non-compliances identified during ISO 27001 certification/surveillance audit, can lead to problems with the certification process.
   
  These articles will provide you a further explanation about the impacts of non-compliance:

  • Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
  • Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
     

• How is the supply chain interrelated with business continuity?

  1. How the supply chain is interrelated with business continuity

  Depending on your business continuity objectives, a disruption in the supply chain may have a big impact on the business. For example, if you work with "just in time" supplies (i.e., you only have minimal stock of raw material), a disruption of your supply chain may disrupt your production line, even if the disruptive incident is hundreds of miles away from your facilities.

  To have a better view of how your supply chain can affect your business, you should perform a Business Impact Analysis.

  For further information, see:

  • Setting the business continuity objectives in ISO 22301 https://advisera.com/27001academy/blog/2014/02/17/setting-the-business-continuity-objectives-in-iso-22301/
  • How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

  2. How to generate the emergency plan during the breakdown of any of the links

  Once you have identified the disruptive scenarios you have to handle, broadly speaking, the development of a continuity plan based on ISO 22301: 2012 requires the development of:

  • incident response plans, with emergency actions to be performed right after the disruption being identified;
  • continuity actions to bring activities back to the minimum agreed levels;
  • recovery actions to bring activities back to normal operations.

  These materials will provide you a further explanation about developing a continuity plan:

  • Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/
  • How to write business continuity plans? https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/
  • Writing a business continuity plan according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
  • Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  To see how a Business Continuity Plan compliant with ISO 22301 looks like, I suggest you see the free demo of our Business Continuity Plan at this link: https://advisera.com/27001academy/documentation/business-continuity-plan/

• ISO 27001

  Please note that a complete answer to the applicable standards and international regulations for the issues you mentioned requires legal expert advice, which is not our field of expertise.

  What we can answer is about the applicability of ISO 27001, ISO 27701, and GDPR for such issues, by means of these articles:

  • What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
  • Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
  • Relationship between ISO 27701, ISO 27001, and ISO 27002 https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/
  • What is EU GDPR https://advisera.com/eugdpracademy/what-is-eugdpr/
  • Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/

• Document Control Numbers (Doc Code)

  You can solve this situation in at least three ways. 

  One way is the way that you have described in your question. 

  Another way is for the company to make a decision that from a certain date you will start with a new document tagging (e.g. 01.10.2020), that all documents will start from revision 0, and there will be a combination of documents from the toolkit and your existing documents. In this case, you will describe this as a change in the quality management system, in the archive, you will have all of this „old“ versions with all relevant changelogs and start with the new numbering process. 

  The third way is that you use your numbering of existing documents and take our numbering for the new documents. 

  Try to see which way is the easiest way for you and all employees, which way will be the easiest to implement in everyday work. 

  For more information about common mistakes with ISO 13485:2016 documentation control and how to avoid them, please see the following link:

  • Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/

  • Differences between ISO 13485:2003 and ISO 13485:2016

    1. What are the exact differences between ISO 13485:2003, ISO 13485:2016?

    The European standard, EN ISO 13485:2012 Medical Devices - Quality Management Systems - Requirements for Regulatory Purposes, has been published, after approval by CEN on January 24, 2012. This replaces EN ISO 13485: 2003, although the text of the global standard ISO 13485:2003 is unchanged, only the foreword and annexes in the European version have been revised. Therefore, there are no different requirements in ISO 13485:2012 compared to ISO 13485:2003. 

    To identify new requirements of ISO 13485:2016 vs 13485:2003, at the end of the new ISO 13485:2016, in Annex A there is a table - Comparison of content between ISO 13485:2003 and ISO 13485:2016, where you can see all new requirements and differentiation between these two versions.  

    On the following link, there is an article with the list of mandatory documents required by ISO 13485:2016: https://advisera.com/13485academy/blog/2017/01/18/list-of-mandatory-documents-required-by-iso-134852016/ 

    On the following link you can download free matrix ISO 13485:2016 vs. ISO 13485:2003: https://info.advisera.com/13485academy/free-download/iso-13485-2016-vs-iso-13485-2003-matrix

    Also, you can find on Advisera 13485 blog a lot of articles considering certain requirements from ISO 13485: 2016 and how you can fulfill them: ISO 13485 Blog https://advisera.com/13485academy/blog/

    2. What portions of FDA cGMPS, are being revised to comply with ISO 13485:2016?

    While adherence to ISO 13485 is not explicitly required, FDA 21 CFR Part 820 Quality System Regulations is the law for medical device companies manufacturing and selling products for the U.S. market. there are some differences between FDA 21 CFR Part 820 and ISO 13485. Yet prior to the publishing of ISO 13485:2016, it has been a very common practice for medical device companies to establish a QMS to address both FDA 21 CFR Part 820 and ISO 13485:2003.

    For more information about differences and similarities between FDA 21 CFR Part 820 and ISO 13485, please see the following link:

    • Differences and similarities between FDA 21 CFR Part 820 and ISO 13485 https://advisera.com/13485academy/blog/2017/10/05/differences-and-similarities-between-fda-21-cfr-part-820-and-iso-13485/

    • SAR

      Employees, like other data subjects, have the right to access their personal data. When you receive a SAR (Subject Access Request) you need to reply without undue delay (usually one month) and you can extend such a period to another month for complex requests.

      You need to give access to the employee to data stored excluded for documents subjects to legal privilege (i.e. legal advice on the employee), data concerning third parties, disproportionate request.

      You should also inform the employee about the categories and the purposes of data processing, how data have been processed, the legal ground of processing, the source of data (if data were not communicated by the employee), data retention periods, other data subjects rights, if data had been transferred to third parties, security measures if any automated processing method applies. Usually, all this information is included in the employee privacy policy.

      Please consider that if the SAR is too generic you can ask for clarification to the employee, if the employee is not legitimate to access, you can reply with a denial, but do not ignore the request otherwise the employee can lodge a complaint to the Data Protection Authority of your country.

      Here you can find more information:

      • Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
      • Four main questions for obtaining and managing data subjects’ consent under GDPR https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
      • How the GDPR could impact your HR department https://advisera.com/eugdpracademy/blog/2018/02/22/how-the-gdpr-could-impact-your-hr-department/ 

      If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

    • 15223-1 and 13485 certification question

      Do i need to purchase iso 15223-1 in order to comply with a medical device app?

      Yes, you need to purchase this standard. But please be careful because the new revision of this standard is currently under development: ISO/DIS 15223-1 Medical devices — Symbols to be used with medical device labels, labeling, and information to be supplied — Part 1: General requirements.

      There are some new symbols that are applicable to all medical devices, regarding the type of medical device.   

      Furthermore, can the iso 13485 certification and the CE certification be done by the same organization?

      Yes, both certifications can be done by the same Notify body, moreover, it is recommended and expected. 

      The following article regarding compliance with the MDR requirements for medical device labels can be helpful:

      • How to comply with the MDR requirements for medical device labels https://advisera.com/13485academy/blog/2020/09/20/how-to-create-medical-device-labels-compliant-with-mdr/