Search results

Differences between EU MDR and US FDA regulations

Medical device regulation MDR 2017/745 is applicable to all medical devices that want to be placed on the EU market. Necessary Technical documentation is described in Annex 2 and Annex 3 of the MDR 2017/745.

Here are the links to that Annexes:

• EU MDR Annex 2 – Technical documentation - https://advisera.com/13485academy/mdr/technical-documentation/
• EU MDR Annex 3 – Technical documentation on post-market surveillance – https://advisera.com/13485academy/mdr/technical-documentation-on-post-market-surveillance/

A 510(k) is the technical dossier required by the US Food and Drug Administration (FDA) to sell a medium-risk medical device or IVD in the United States. It is formally called a Pre-market Notification. A 510(k) contains detailed technical, safety, and performance information about a medical device. The documentation must demonstrate the device in question is "substantially equivalent" to a predicate device (i.e. a product already cleared for sale in the US). The FDA must review the 510(k) and "clear" your device before you can legally sell or distribute it in the United States.

Here is the link to the content of the 510(k):

• Content of a 510(k) https://www.fda.gov/medical-devices/premarket-notification-510k/content-510k
• Premarket Notification 510(k) https://www.fda.gov/medical-devices/premarket-submissions/premarket-notification-510k

ISO 27001 Certification

I'm assuming that by practitioner certification you mean ISO 27001 foundations course

An ISO 27001 practitioner certification recognizes someone that has the competences to understand and work on the daily activities of an ISO 27001 ISMS, while the ISO 27001 Lead Implementer certification recognizes people who have competency on the ISO 27001 implementation process.

This article will provide you a further explanation about ISO 27001 lead implementer:

• What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/

These materials will also help you regarding ISO 27001 certifications:

• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
• ISO 27001 implementation Free online training ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/

Scoping an organisation to be ISO 27001 certified

According to ISO 27001, an ISMS scope must be defined in terms of information, locations, or business units to be protected, considering the organization's objectives and context. For small and medium-sized organizations usually it is better to include all the organizations in the ISMS scope because the effort to manage a scope that covers only part of the organization is not worthy.

These articles will provide you a further explanation about defining scope:

• How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
• Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding defining scope:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

ISO 14001 The Difference between Procedure and Induction Documents

An induction document is a document related with the welcome or preparation of someone into a new job. A procedure is a document that explain how a task or set of tasks are done. A procedure can be used by anyone at any time, whenever there is a doubt. I use to say that a procedure, even for those with a lot of experience is like a map in the glove compartment of a car, or in a smartphone. Normally, we do not need to use it, but sometimes it is very useful.

Please check this article - List of mandatory documents required by ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-mandatory-documents-required-by-iso-140012015/ - where you can see that there is no mandatory requirement for induction documents in ISO 14001:2015.

Please check this information below about ISO 14001:2015:

• Plan-Do-Check-Act in the ISO 14001 standard - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/plan-do-check-act-in-the-iso-14001-standard/
• Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

ISO 9001 Vendor Ratings

ISO 9001:2015 is not about ad hoc procurement of services and products. Every organization buy services and products, that are not critical for the business, without a system in place. ISO 9001:2015 clause 8.4 is about procurement of products and services relevant for the business, a kind of procurement that must be done in a systematic and consistent way. Only critical products and services procurement is mandatory to be included in the quality management system.

The following material will provide you more information:

• Purchasing in QMS – The Process & the Information Needed to Make it Work - https://advisera.com/9001academy/blog/2014/03/18/purchasing-qms-process-information-needed-make-work/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Appropriateness of requiring people to give their name/email in order to download special content from website

On May 2020 The European Data Protection Board (EDPB) adopted the new guidelines on consent https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf

It was reminded to controllers and processors that consent to data processing must be free and transparent related to the purposes of the processing. Article 4 (11) GDPR defines consent as: “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Therefore, if you are asking data to verify if the individual is human and you will not process any more data, the request will be coherent with the expectation of the subject (I give the email because I want to download the pdf). On the contrary, you must make clear to the individual that data will be used to send a newsletter or other material so that s/he is informed that data will be used to download material and send him email/promotion/anything else. 

You can find more information about GDPR and email marketing here:Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/Email marketing in the era of GDPR – How to ensure compliance? https://advisera.com/eugdpracademy/blog/2019/05/27/gdpr-and-email-marketing-rules-for-compliant-campaigns/

Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/

You can also consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

ISO 9001 Drafting QMS Requirements

Determine the monitoring and measurement resources with the appropriate characteristics to ensure valid and reliable results of the conformity of the products or services.
Demonstrate the client and legal requirements applicable to these resources, if any, were determined.
Make the resources available, identified, used and maintained in an appropriate manner for the intended use. To the extent necessary, preventive maintenance activities are planned, curative interventions, verification or calibration instructions are given for their correct use and preservation and the qualification of the people who ensure intended and proper use.
As evidence of the suitability for the purpose of the monitoring and measurement resources, keep records that demonstrates the suitability of the equipment to the intended purpose.
Equipment must be identified with a unique reference, and with their state of fitness, for not be used inappropriately.
 

You can find more information below:

• Monitoring and Measurement Equipment Control - https://advisera.com/9001academy/blog/2014/05/06/monitoring-measurement-equipment-control/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 14001 Defining Minor and Major CARs

A major nonconformity is a situation where an organization:

• Completely failed to fulfill a certain requirement.
• Has a process that has completely fallen apart – rules are not followed systematically.
• Has several minor nonconformities that are related to the same process or to the same element of the management system.
• If a certification mark is misused
• If a minor nonconformity, raised during the previous audit, has not been resolved within the deadline – such a small nonconformity automatically becomes a major one.

Definition of minor nonconformity is easy: this is any nonconformity that is not major.

You can find more information in the following links:

• Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
• Free webinar on demand - How to perform an ISO 14001:2015 internal audit - https://advisera.com/14001academy/webinar/how-to-perform-an-iso-14001-2015-internal-audit-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

ITIL & ISO 20000 Internal interactions

ISO 20000's communication requirements can be used for mentioned purpose.

Here is the article that can help: „IT Service Management communication according to ISO 20000“ https://advisera.com/20000academy/blog/2016/10/18/it-service-management-communication-according-to-iso-20000/

Also, read the article „Communication inside IT Service Management team – setup of joint vocabulary and criteria“ https://advisera.com/20000academy/blog/2013/11/26/communication-inside-service-management-team-setup-joint-vocabulary-criteria/ to see why IT Service Management establishes common language inside the team.

Exceptions in the application of the EU GDPR

To avoid the application of GDPR you should deal with anonymous data. Anonymized data are not under the GDPR. However, there will always be some aspects that require compliance with GDPR (i.e. job contracts, email between employees and researchers, and so on). Being based in the EU you are required to comply with GDPR.

Here you can find more information:

• What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
• First steps to take to reach GDPR compliance: https://advisera.com/eugdpracademy/blog/2018/10/08/first-steps-to-take-to-reach-gdpr-compliance/

If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//