Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Guest
I have a different opinion. The standard is recommending us to, after reviewing of corrective actions, consider whether there are risks or opportunities that have not been determined previously, or if their evaluation should be updated. Please check that “if necessary” at the end of clause 10.2.1 e).
I find it very useful. Don’t consider this clause as applicable to every and each non-conformity. For each non-conformity we are not obliged to develop a corrective action. We develop them when non-conformities are very serious or are trending. In this free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/ I say something like “Consider the non-conformities, complaints, devolutions, lost customers as signs, as warnings about the need to update the risk register or the risk evaluation. Are they signaling that changes must be made?”
You can find more information below.
Please note that there is not a specific policy or template to cover pandemic, because its impacts can vary from organization to organization, which makes it unfeasible to develop a template to cover all possible situations.
However, the toolkit provides you the means to customize a BCP to handle this situation. What you need to do is:
In case you have any BCP which covers staff shortage or lack of communications, you can use them as a basis to develop a BCP to handle the impacts of a pandemic.
This material may help you:
ISO 13485:2016 is the international standard requirement for a medical device manufacturing quality management system. ISO 13485:2016 standard is based on the requirements of ISO 9001:2008. ISO 13485 includes the entire ISO 9001:2008 standard with additional requirements included in blue italics text. One major distinction of ISO 13485 is that it is intended to also be required for regulatory purposes as well as a non-statutory requirement for a quality management system.
For more information on this topic, please see the following article:
Also, the following articles can be helpful in understanding the ISO 13485:2016:
I would need more information. It depends on who processes personal data. The processor collects and processes personal data on behalf of the controller, according to the article 28 GDPR. So if the contractor software company will process data on your behalf, you will be the controller and the contractor will be the processor.
On the contrary, if you are developing a software and license it to the contractor who will processes data on its own behalf and on its own servers, the contractor will be the controller and you might be the processor if you have any access to personal data (i.e. for maintenance reason).
You can also find more information here:
You can consider enrolling in our free EU GDPR Foundations Course
In the procedure 12.4 Procedure for ionizing radiation sterilization, you need to fulfill only elements that are marked with comments. Of course, your data depends on your specific process of radiation, and only you know which they are (for example in section 3.4 Alara Principle).
If you have anything else that you consider important, of course, that you can add to the procedure.
If your sterilization process is outsourced, take into consideration to make this procedure in collaboration with the company that provides this process for you.
For more information about common mistakes with ISO 13485:2016 documentation control and how to avoid them, please see the following article:
Management review is more than just a meeting, it is the whole process of collecting inputs, transforming data into information, study and make decisions. So, using your language, management review is a working meeting. The purpose is not to make a presentation, the purpose is to evaluate management system adequacy, suitability and effectiveness and make decisions about improvement opportunities, need for changes and resource needs.
You can find more information below:
How is a pharmaceutical company performing it's own drug stability testing in their own lab required to be certified?
If I understand correctly, your question is for medical device software. For manufactures of medical device software, necessary is that ISO 13485:2016 must be implemented. The next important requirement is a validation of that software that needs to be in compliance with ISO IEC 62304:2006 Medical device software — Software life cycle processes.
If you do not own the product and are not responsible for placing the software on the market, you only have to have implemented ISO 13485:2016. Product owners also need to have implemented ISO 134895:2016, but also the manufacturer is responsible for preparing the Technical documentation in accordance with Medical device regulation (2017/745). Each medical device must be classified according to the rules stated in MDR Annex 8 – Classification rules - https://advisera.com/13485academy/mdr/classification-rules/.
Medical devices can be classified into the following 6 classes: Class I, Is (sterilized medical devices), Ir (reusable medical devices), IIa, IIb, and class III. Class, I medical devices can be placed on the market without Notify body, while other classes require to Notify body.
After preparing the Technical file, the manufacturer is responsible for certified medical device software with Notify body for class Is, Ir, IIa, IIb, and class III.
More information you can find on the following link:
For any other particular question, do not hesitate to contact me.