Search results

Getting ISO 13485 - potential timeline and what is important

If I understand correctly, your question is for medical device software. For manufactures of medical device software, necessary is that ISO 13485:2016 must be implemented. The next important requirement is a validation of that software that needs to be in compliance with ISO IEC 62304:2006 Medical device software — Software life cycle processes. 

If you do not own the product and are not responsible for placing the software on the market, you only have to have implemented ISO 13485:2016. Product owners also need to have implemented ISO 134895:2016, but also the manufacturer is responsible for preparing the Technical documentation in accordance with Medical device regulation (2017/745). Each medical device must be classified according to the rules stated in MDR Annex 8 – Classification rules - https://advisera.com/13485academy/mdr/classification-rules/.

Medical devices can be classified into the following 6 classes: Class I, Is (sterilized medical devices), Ir (reusable medical devices), IIa, IIb, and class III. Class, I medical devices can be placed on the market without Notify body, while other classes require to Notify body. 

After preparing the Technical file, the manufacturer is responsible for certified medical device software with Notify body for class Is, Ir, IIa, IIb, and class III. 

More information you can find on the following link:

• How can ISO 13485 help with MDR compliance? - https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/

For any other particular question, do not hesitate to contact me.

Expert queries

You asked About

1) techniques of extracting objective evidence in auditing

Objective evidence is obtained by starting with a well define purpose and scope for the specific audit. For each activity you should specify the audit criteria, meaning what the requirements are that you will compare your audit evidence to,  in order to determine if audit criteria are met or not (finding of compliance or noncompliance). The techniques to obtain objective evidence involve making factual observations during a witnessing of a process; interviewing personnel to obtain statements; as well as document and record review by cross checking that stipulated data and information is available and controlled .

You also asked

2) how to improve on my auditing competency

You can improve you auditing skills and competency by the following means

• Undergo internal auditing training and or study the standard ISO 19011:2018 - Guidelines for auditing management systems.
• Being part of an audit as an auditee (person being audited) or observing third party audits of your laboratory, say by your accreditation body.
• Assisting the person responsible with evaluating the efficiency of the audit programme to identify areas of improvement in how they are planned and performed
• Being part of the audit team for your organisation (auditor) and auditing internally, using various techniques (e.g vertical assessments) including techniques and checklists based on those your accreditation body uses.
• Understanding and leaning how to apply a risk based approach to requirements and findings.

You also asked

3) how do you relate ISO 9001 with other quality ISO like ISO 15189:2012?

The ISO 9001 principles (for example evidence based decision making, process approach) are incorporated into ISO 15189 and many other standards (including ISO 17025). Further more the management requirements such as corrective actions, are part of both standards.

You also asked

Do I need ISO 9001 to implement ISO 15189:2012?

No you do not, however a knowledge of the standard would be useful.

For more information on Auditing, see the Expert Advice Q&A to Auditing impartiality https://community.advisera.com/topic/auditing-impartiality/
 

The ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/, covers the requirements for ISO 17025.  
The separate ISO 17025 document templates and links to their related documents are available as follows:

Internal Audit Procedure is available at https://advisera.com/17025academy/documentation/internal-audit-procedure/ 
Addressing Risks and Opportunities Procedure is available at at https://advisera.com/17025academy/documentation/addressing-risks-and-opportunities-procedure/

Scope of accreditation

ISO 17025:2017 addresses the topic of scope of accreditation in clause 5.3, Structural Requirements. A laboratory is required to have a defined and documented scope for ISO 17025 accredited laboratory activities, meaning those that they perform themselves on an ongoing basis (do not subcontract) and which conform to ISO 17025:2017.7

The ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/, covers this requirement; specifically through the Quality Manual https://advisera.com/17025academy/documentation/quality-manual/ 

Full Time ISMS Manager

For such a small company you do not need a full-time ISMS manager (needed activities will take him/her perhaps 20% of the time), so this role can be given as an additional function to an already exiting role in your organization, probably someone from the top management, or someone which answer directly to them.

Since related activities must be performed at certain periodicity, you should avoid designate them on an ad-hoc basis, because of risk to lose information when the activities are transferred from one person to another.

These articles will provide you a further explanation about the IS manager role:

• What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
• Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
• Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/

ISO 9001 Resources required for implementation

There is no mandatory requirement for the existence of a QMS manager.

However, during the implementation of the QMS it is important to have a Project Manager to conduct the project. If it is a full-time job or not depends on the investment in training and the ability to develop teamwork. Theoretically, it is not needed to have a QMS manager developing a Quality Control Plan if you have a team in your company that assumes the job: for example the warehouse responsible, the shift managers and one or two operators can design, request approval, train and implement the use of that Quality Control Plan.

You can find more information below:

• What will be the destiny of the management representative in the new ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/
• Choosing the best person for the job quality management representative: https://advisera.com/9001academy/blog/2014/06/03/choosing-best-person-job-quality-management-representative/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISO 9001 Needs and Expectations

I do not know if I’m understanding your question. So, what can be the needs and expectations for a Business Development Department of an EPC company. There is no technical answer, just a management answer according to strategic orientation and target customers. It can be about the volume of business for a certain period of time, it can be about the margins and/or types of demand. To whom thus the Business Development Department answers? What is success for that internal customer? That may be what will be nice set of need and expectations for the department.

The following material will provide you more information:

• Article - How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• Article - How to write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
  https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001 Question

There is no general rule that one must follow. What we must bear in our mind is the need to clearly identify documents and allow an easy way of checking it they are updated. When I use annexes I call them annexes 1 or 2 or 3 of the document X, I don’t follow the same format, actually I use annexes to be free of using the most useful format for each situation. And I use a separate way of identifying versions to allow changing the main document without changing the annex and vice versa.

You can find more information about documents and records below:

• How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
• New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

ISO 9001:2015 y ISO 14001:2015 integración

Para implementar la norma ISO 9001 e ISO 14001 de forma integrada puede ayudarse de los siguientes materiales: 

- How to integrate ISO 14001 and ISO 9001: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/

- Cuadro comparativo - ISO 14001:2015 vs ISO 9001:2015 Matrix: https://info.advisera.com/14001academy/free-download/iso-4001-2015-vs-iso-9001-2015-matrix

- Webinar gratuito - Cómo integrar ISO 9001:2015 e ISO 14001:2015: https://advisera.com/9001academy/es/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/

Además estos materiales también pueder ayudarle a entender los requisitos de las diferentes normas: 

- Curso online gratuito - Curso de Fundamentos de la Norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Curso online gratuito - Curso de Fundamentos de la Norma ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

- Libro - the ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/

6.2 Information security goals and planning to achieve them

Please note that usually objectives are set at two levels:

1. General ISMS level (for this you can use the Information Security Policy, located on folder 04 General Policies)
2. Security controls (for this you can use the Statement of Applicability, located on folder 06 Applicability of Controls)

Regarding the Plan to achieve the objectives, you need the Risk Treatment plan, located on folder 07 Implementation Plan

For further information, see:

• ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/