Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Orthopedic device manufacturers

    So far, there is no such a unique list for Europe. However, each country in Europe has a national authority where all medical device manufacturers need to be register together with a complete list of medical devices.

    At USA market, such databse is on the FDA webpage, on the following link: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfrl/textsearch.cfm

  • Set time for internal training related to ISO 14001

    No, ISO 14001:2015 does not state any mandatory frequency for training, any kind of training.

    Please check clause 7.2 about competence. Competence is what is behind the need for training. If people are competent there is no need for training. For example, if an internal audit raises a non-conformity about errors on waste segregation, it may be a sign of a lack of competence that could be eliminated with training.
    If your management system has internal rules setting a frequency for training, your organization has to abide by those rules.

    The following articles might provide further guidance:

     

  • Prerequisites for ISO 27001 implementation

    There are no prerequisites for the implementation of ISO 27001 (i.e., an organization does not need to have any security control previously implemented before starting implementing ISO 27001), although the pre-existence of some good practices may help implement the standard faster or easier.

    To identify your situation regarding ISO 27001 you can use our ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

    These articles will provide you a further explanation about implementing ISO 27001:

    These materials will also help you regarding implementing ISO 27001:

  • Assets Inventory

    ISO 27001 does not prescribe a detailed level for assets, so organizations can define the detail level that best suits them. This is generally a balance between the administrative effort and the need for information to ensure proper security. For example, you do not need to record organizations notebooks as individual assets (you can add an asset called "notebook"), but if they have specific purposes with different risk levels you can use specific assets like "notebook", "development notebook", and "finance notebook". The same concept applies to software.

    For further information:

  • ISO 17025:2017 calibration Vs verification

    You asked

    “what the best procedure to perform Lab. Audit according to ISO 17025 : 2017 in the pandemic of Covid-19 ?

    If you are referring to your internal audits, it depends on the available of personnel either remotely or on site at the laboratory. Importantly, you should update you risk and opportunities assessment in light of the pandemic issues. I suggest  the authorised responsible person reviews the audit programme following the assessment and makes the necessary adjustments based on the situation. Take time to plan the next internal audit carefully, based on minimising risks during the process. Consider performing some tasks remotely, or as desk top review; to ensure safe distancing between personnel.

    Have a look at the Advisera Webinar How to perform an internal audit remotely at https://advisera.com/17025academy/webinar/remote-internal-audit-free-webinar-on-demand/ Also have a look at your accreditation bodies policy and guidelines on remote auditing, to guide you for you internal audit and prepare you for the possibility of a remote external audit.

    You also asked

    On the other hands what if the lab. Do only verification by blind samples ( quality control ) that they make for lab . instruments and he find the results e corrects and he didn't make calibration as it listed the calibration list period?"

    If I understand correctly, you are referring a testing laboratory, where test methods were used to produce results, and although the quality control samples passed; the equipment calibration was overdue as per the schedule. This is definitely a non-conforming event as ISO 17025 requires the laboratory to ensure the valid status of calibration. Procedures must be in place to establish the calibration programme, review and adjust as necessary to ensure the equipment that should be calibrated (see clause 6.4.6) is calibrated. Where equipment is calibrated externally by an accredited provider, the laboratory is responsible for suitable intermediate checks, between calibrations. This is where risk based thinking comes in. In is essential to be proactive. The calibration and verification programme is not just a schedule, it is an active process of planning and keeping an eye on the status of calibrations. Responsibilities must be defined. I suggest you raise a nonconformance and get to the root cause of why this happened. You need to consider the impact and need to repeat the work. 

    The following toolkit document, with associated records may be of interest Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//

  • What to write in quality manual and audit plan

    You asked how to document the use of an external company for internal audits, in both your quality manual and audit plan.

    You need to meet the requirements of internal auditing, which do not stop you from using an external company to perform your internal audits. You also need not specify anything upfront about using an external company, as long as you plan your internal audits efficiently and they meet the purpose, along with suitable records. Remember that your audit programme is a planned schedule, it is not cast in stone; so if you have to change it to indicate the use of an external company, or include remote audit methodology, that is fine. In fact you should review teh programme based on risks and opportunities.

    If you have an audit procedure, then in the manual you simply state that you have an audit program and the purpose of it. You then reference your procedure where you can choose if you wish, to state that although the responsibility is x person to maintain the programme, the lab may use external auditors, if and when considered necessary. More importantly, make sure that your contract with them and their work meets all ISO 17025 requirements, which is your responsibility, Eaxample are approving them as competent (External provided products and services, clause 6.6), ensuring confidentiality (clause 4.1) and impartiality (clause 4.2); clear communication in procuring their services for specified scope of work.

    The following articles may be of interest

    Checklist of ISO 17025 implementation steps at https://advisera.com/17025academy/blog/2019/08/28/checklist-of-iso-17025-implementation-steps/

    The ISO 17025 toolkit procedure for audits, is available at hhttps://advisera.com/17025academy/documentation/internal-audit-procedure/, along with links to the five appendices related to the procedure. These include the Internal Audit Program, Internal Audit Checklist, Audit Nonconformity Report, Internal Audit Process Checklist and Internal Audit Report.

  • Risk Assessment Equipment in the ICT Table

    First is important to note that ISO 27001 does not prescribe how to identify assets, so organizations are free to identify them as best fit their needs.

    Considering that, you can break the ICT Equipment Maintenance in individual assets in case of need (e.g., there is a relevant risk related to a specific asset, like measurement equipment), but please note that a good practice for asset management is to group assets together if their threats/vulnerabilities are similar (e.g., a single asset named "laptop", instead of listing all organization's laptops individually), and only adopting individual assets in case they have specific risks related to them (e.g., development laptops, sales laptop, etc.). This way you will reduce the time and effort for doing the risk assessment.

    This article will provide you a further explanation about the inventory of assets:

  • Questions about ISO 13485 implementation

    1) Is it a requirement for the medical device outsourcing company to have implemented ISO 13485 before my company implements GMP?

    According to the MDR 2017/745, any entity that is involved in the life cycle of medical devices (manufacturer, outsourced production company, distributor, importer, authorized representative), needs to have a quality management system. ISO 13485:2016 is a standard that is specific for Manufacturers of medical devices (Medical devices — Quality management systems — Requirements for regulatory purposes).

    Besides that, on the web pages of the European Commission are stated which standards are applicable for all types of medical devices: https://ec.europa.eu/growth/single-market/european-standards/harmonised-standards/medical-devices_en 

    On that list, which has around 300 standards, only ISO 13485:2015 is the standard for the quality management system.

    From this point of view, ISO 13485 is more important than GMP and GDP.

    2) If the outsourcing company (who owns the product label or brand name) fails in being ISO 13485 compliant, should my company then implement ISO 13485 instead of GMP?

    The company that owns a product label or brand name can not fail in being ISO 13485 compliant because it won't be in compliance with MDR requirements. Yes, from the medical device point of view, ISO 13485 is more suitable. 

    3) In doing my research for my company, I noticed that GMP and GDPMD have certain similar mandatory document requirements – e.g. the Quality Manual, SOP on Document Control, SOP on Pest Control, SOPs on Internal Audit and Management Review. Instead of having duplicate documents, could such documents be adapted to accommodate both GMP and GDPMD? For instance, drafting one Quality Manual that caters for both GMP and GDPMD?

    You do not need to duplicate documents, you can adapt them to accommodate both GMP and GDP.

    4) Should the scope of the GMP include the other products (not technically defined as medical devices) manufactured and distributed by my company, or could it be limited to the medical products only?

    GMP can be applicable to different kinds of products, therefore, it does not need to be limited to medical device products only.

    If you need more information regarding ISO 13485, please see the following articles:

    You can even see how our ISO 13485:2016 Documentation toolkit looks like on the following link: https://advisera.com/13485academy/iso-13485-documentation-toolkit/
Page 315-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +