Search results

Setting up a Quality control Lab

ISO 17025:2017 does not provide specific guidelines for laboratory layout. The requirements for facilities and environmental conditions are covered in clause 6.3. As the facilities and environmental conditions can have a major impact on consistent operation and result validity, the standard requires laboratories to:

• Ensure suitable separation of incompatible activities (eg vibrations near a weighing room is not suitable).
• Document requirements depending on the work to be performed.
• Control, record, and monitor any applicable environmental conditions as specified in methods, procedures, and specifications.

I recommend you document all the equipment you need, then look at their placement and a logical workflow. If you are not familiar with laboratory workflow and needs, it will be beneficial to contact a supplier that outfits laboratories.

For more information, see the ISO 17025 toolkit document template: Facilities and Environmental Condition Procedure at https://advisera.com/17025academy/documentation/facilities-and-environmental-condition-procedure/

and the  whitepaper Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/

How training should someone have before they are deemed competent for a specific task?

Deeming someone competent needs to be against objective criteria. There is no fixed time period. For some tasks it may take just a few hours, others months. You need to state what does the laboratory needs them to be able to do. For a particular task start by naming the task and documenting the training and competency requirements.

For example 
1. Task: Weekly maintenance of instrument x. 
2. Training requirements: Witness task being demonstrated and was supervised for three operations. 
3. Competence criteria: The instrument operator must be able follow the maintenance work instruction x, completing maintenance steps one to three and thereafter perform the instrument qualification test, step four.  
4. Criteria for evaluation:  4.1 The laboratory manager (or other authorised person) must approve training record by reviewing and signing. 4.2 Witness the operator perform the task, meeting the stated competency criteria.

Now for a specific Operator, record evidence of supervision and training. When completed, the laboratory manager should declare and record the observation during witnessing against the criteria. For example “the operator was witnessed to follow the work instruction. The instrument qualification test performed (ref 2020/02/09, attached to training records) passed as per established limits. Operator “M” is therefore declared competent to perform task x. Competence will be monitored by his supervisor through witnessing and record review".

As personnel training and competency is a critical activity, the Advisera ISO 17025 toolkit includes the mandatory procedure as ISO 17025 document template: Competence, Training and Awareness Procedure along with 4 appendices: Training Program, Training Record and Performance Monitoring, Record of Attendance and Competence Approval and Authorization Record. You can preview the template at https://advisera.com/17025academy/documentation/competence-training-and-awareness-procedure/

Documentation and implementation for ISO 9001

If you want to know about ISO 9001:2015 in detail perhaps the best source of knowledge is to attend this free online course - ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/

If you want to know which documents and records are mandatory, according to ISO 9001:2015, perhaps this article is a god starting point - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ - you can see that ISO 9001:2015 has no mandatory procedures. Concerning mandatory documents, the list is very small (the scope, the quality policy and the quality objectives). All the rest is up to each organization. Please consider that the list of mandatory records is larger.

About implementing ISO 9001:2015 perhaps this free webinar on demand, articles and book can help you:

• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
• ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Key requirements in ISO 9001

Please check this article - ISO 9001 Requirements and Structure - https://advisera.com/9001academy/knowledgebase/iso-9001-requirements-and-structure/ - to find the main requirements of ISO 9001:2015

You can find more information below:

• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Asking for subscription consent with first newsletter

Yes, it is the most compliant option you have to ask for consent to contacts you already have in your mailing list. The GDPR requires that user consent to receive newsletter and marketing email, so theoretically, you should have asked for consent when GDPR came into effect. However, in order to reach compliance, you can ask consent as soon as possible. Do not forget to inform users in a transparent manner about how you will use their email address and how they can cancel from the mailing list in case they do not want to receive your newsletter (it may seem risky but you will definitely have a clearer idea about your real audience).

You can find more information about GDPR and email marketing here:

• Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
• Email marketing in the era of GDPR – How to ensure compliance? https://advisera.com/eugdpracademy/blog/2019/05/27/gdpr-and-email-marketing-rules-for-compliant-campaigns/
• Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/

You can also consider enrolling in this EU GDPR Foundations Course:

• EU GDPR Foundations Course https://advisera.com/training/eu-gdpr-foundations-course//

• GCP security controls which comply with ISO 27017

  I'm assuming that by GCP you mean Google Cloud Platform.

  Considering that, please note that we are not aware of which security controls GCP has implemented, so we cannot say which ones are related to applications. Although GCP is ISO 27017 certified (https://services.google.com/fh/files/misc/gcp_iso27017_spring_2020.pdf) its Statement of Applicability is not available.

  Generally speaking applicable controls regarding applications would be from section A.14 (System acquisition, development, and maintenance)  from ISO 27001 Annex A (please remember that ISO 27017 is a supporting standard for controls from ISO 27001).

  Specific controls from ISO 27017 that may apply would be:

  • 9.5.1 Segregation in virtual computing environments
  • 12.1.5 Administrator’s operational security
  • 12.4.5 Monitoring of cloud services

  For further information, see:

  • ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/

• Control number A.8.1.3

  This control intends to say that rules for the use of information assets and resources (e.g., Internet, e-mail, internal systems, etc.), must be defined, implemented, and communicated to all personnel included in the ISMS scope, so they can know what is and what is not allowed to do.

  To see how a document compliant with this control looks like, see the document demo in this link: https://advisera.com/27001academy/documentation/it-security-policy/

  For further information, see:

  • How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

• ISO 9001 Implementation

  Determine the scope of the quality management system (QMS), your organization may decide to include only certain lines of business.

  Setup a project sponsor, a project manager and a project team. Ensure top management support, get training about the standard. Designing and implementing a quality management system implies being knowledgeable about ISO 9001:2015.

  As a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis you can develop your Project Plan, listing what needs to be done, by whom, until when.

  Then, an important step is to design a model of how your organization work as a set of interrelated processes. For example:

  

  Decide how to describe and monitor those processes.

  From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

  This is a very short description of the journey but below you can find more detailed information:

  You can find more information below:

  • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
  • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • How to budget an ISO 9001 implementation project - https://info.advisera.com/9001academy/free-download/how-to-budget-an-iso-9001-implementation-project?utm_source=script-for-iso-9001-lead-implementer-course&utm_medium=downloaded-content&utm_content=lang-en&utm_campaign=free-downloads-9001
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• Procedure(s) for conformity assessment

  The term "Conformity assessment" means the process demonstrating whether the requirements of the Medical device regulation EU MDR 2017/745 relating to a medical device have been fulfilled. Medical device manufacturers have to follow conformity assessment procedures before placing products on the market. With conformity assessment procedures manufacturers must prove compliance of the products with the essential requirements laid down in Medical Device Regulation.

  However, there is no requirement in MDR that the conformity assessment procedure must be documented. In Article 52 - Conformity assessment procedures states that manufacturers shall undertake an assessment of the conformity of that device, in accordance with the applicable conformity assessment procedures set out in Annexes 9 to 11.

  • EU MDR Annex 9 - Conformity assessment based on a quality management system and assessment of the technical documentation
  • EU MDR Annex 10 - Conformity assessment based on type examination
  • EU MDR Annex 11 – Conformity assessment based on product conformity verification

  Here you can find the direct links to the Annexes:

  • EU MDR Article 52 – Conformity assessment procedure https://advisera.com/13485academy/mdr/conformity-assessment-procedures/
  • EU MDR Annex IX https://advisera.com/13485academy/mdr/conformity-assessment-based-on-a-quality-management-system-and-assessment-of-the-technical-documentation/
  • EU MDR Annex 10 https://advisera.com/13485academy/mdr/conformity-assessment-based-on-type-examination/
  • EU MDR Annex 11 https://advisera.com/13485academy/mdr/conformity-assessment-based-on-product-conformity-verification/