Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Assets Inventory

    ISO 27001 does not prescribe a detailed level for assets, so organizations can define the detail level that best suits them. This is generally a balance between the administrative effort and the need for information to ensure proper security. For example, you do not need to record organizations notebooks as individual assets (you can add an asset called "notebook"), but if they have specific purposes with different risk levels you can use specific assets like "notebook", "development notebook", and "finance notebook". The same concept applies to software.

    For further information:

  • ISO 17025:2017 calibration Vs verification

    You asked

    “what the best procedure to perform Lab. Audit according to ISO 17025 : 2017 in the pandemic of Covid-19 ?

    If you are referring to your internal audits, it depends on the available of personnel either remotely or on site at the laboratory. Importantly, you should update you risk and opportunities assessment in light of the pandemic issues. I suggest  the authorised responsible person reviews the audit programme following the assessment and makes the necessary adjustments based on the situation. Take time to plan the next internal audit carefully, based on minimising risks during the process. Consider performing some tasks remotely, or as desk top review; to ensure safe distancing between personnel.

    Have a look at the Advisera Webinar How to perform an internal audit remotely at https://advisera.com/17025academy/webinar/remote-internal-audit-free-webinar-on-demand/ Also have a look at your accreditation bodies policy and guidelines on remote auditing, to guide you for you internal audit and prepare you for the possibility of a remote external audit.

    You also asked

    On the other hands what if the lab. Do only verification by blind samples ( quality control ) that they make for lab . instruments and he find the results e corrects and he didn't make calibration as it listed the calibration list period?"

    If I understand correctly, you are referring a testing laboratory, where test methods were used to produce results, and although the quality control samples passed; the equipment calibration was overdue as per the schedule. This is definitely a non-conforming event as ISO 17025 requires the laboratory to ensure the valid status of calibration. Procedures must be in place to establish the calibration programme, review and adjust as necessary to ensure the equipment that should be calibrated (see clause 6.4.6) is calibrated. Where equipment is calibrated externally by an accredited provider, the laboratory is responsible for suitable intermediate checks, between calibrations. This is where risk based thinking comes in. In is essential to be proactive. The calibration and verification programme is not just a schedule, it is an active process of planning and keeping an eye on the status of calibrations. Responsibilities must be defined. I suggest you raise a nonconformance and get to the root cause of why this happened. You need to consider the impact and need to repeat the work. 

    The following toolkit document, with associated records may be of interest Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//

  • What to write in quality manual and audit plan

    You asked how to document the use of an external company for internal audits, in both your quality manual and audit plan.

    You need to meet the requirements of internal auditing, which do not stop you from using an external company to perform your internal audits. You also need not specify anything upfront about using an external company, as long as you plan your internal audits efficiently and they meet the purpose, along with suitable records. Remember that your audit programme is a planned schedule, it is not cast in stone; so if you have to change it to indicate the use of an external company, or include remote audit methodology, that is fine. In fact you should review teh programme based on risks and opportunities.

    If you have an audit procedure, then in the manual you simply state that you have an audit program and the purpose of it. You then reference your procedure where you can choose if you wish, to state that although the responsibility is x person to maintain the programme, the lab may use external auditors, if and when considered necessary. More importantly, make sure that your contract with them and their work meets all ISO 17025 requirements, which is your responsibility, Eaxample are approving them as competent (External provided products and services, clause 6.6), ensuring confidentiality (clause 4.1) and impartiality (clause 4.2); clear communication in procuring their services for specified scope of work.

    The following articles may be of interest

    Checklist of ISO 17025 implementation steps at https://advisera.com/17025academy/blog/2019/08/28/checklist-of-iso-17025-implementation-steps/

    The ISO 17025 toolkit procedure for audits, is available at hhttps://advisera.com/17025academy/documentation/internal-audit-procedure/, along with links to the five appendices related to the procedure. These include the Internal Audit Program, Internal Audit Checklist, Audit Nonconformity Report, Internal Audit Process Checklist and Internal Audit Report.

  • Risk Assessment Equipment in the ICT Table

    First is important to note that ISO 27001 does not prescribe how to identify assets, so organizations are free to identify them as best fit their needs.

    Considering that, you can break the ICT Equipment Maintenance in individual assets in case of need (e.g., there is a relevant risk related to a specific asset, like measurement equipment), but please note that a good practice for asset management is to group assets together if their threats/vulnerabilities are similar (e.g., a single asset named "laptop", instead of listing all organization's laptops individually), and only adopting individual assets in case they have specific risks related to them (e.g., development laptops, sales laptop, etc.). This way you will reduce the time and effort for doing the risk assessment.

    This article will provide you a further explanation about the inventory of assets:

  • Questions about ISO 13485 implementation

    1) Is it a requirement for the medical device outsourcing company to have implemented ISO 13485 before my company implements GMP?

    According to the MDR 2017/745, any entity that is involved in the life cycle of medical devices (manufacturer, outsourced production company, distributor, importer, authorized representative), needs to have a quality management system. ISO 13485:2016 is a standard that is specific for Manufacturers of medical devices (Medical devices — Quality management systems — Requirements for regulatory purposes).

    Besides that, on the web pages of the European Commission are stated which standards are applicable for all types of medical devices: https://ec.europa.eu/growth/single-market/european-standards/harmonised-standards/medical-devices_en 

    On that list, which has around 300 standards, only ISO 13485:2015 is the standard for the quality management system.

    From this point of view, ISO 13485 is more important than GMP and GDP.

    2) If the outsourcing company (who owns the product label or brand name) fails in being ISO 13485 compliant, should my company then implement ISO 13485 instead of GMP?

    The company that owns a product label or brand name can not fail in being ISO 13485 compliant because it won't be in compliance with MDR requirements. Yes, from the medical device point of view, ISO 13485 is more suitable. 

    3) In doing my research for my company, I noticed that GMP and GDPMD have certain similar mandatory document requirements – e.g. the Quality Manual, SOP on Document Control, SOP on Pest Control, SOPs on Internal Audit and Management Review. Instead of having duplicate documents, could such documents be adapted to accommodate both GMP and GDPMD? For instance, drafting one Quality Manual that caters for both GMP and GDPMD?

    You do not need to duplicate documents, you can adapt them to accommodate both GMP and GDP.

    4) Should the scope of the GMP include the other products (not technically defined as medical devices) manufactured and distributed by my company, or could it be limited to the medical products only?

    GMP can be applicable to different kinds of products, therefore, it does not need to be limited to medical device products only.

    If you need more information regarding ISO 13485, please see the following articles:

    You can even see how our ISO 13485:2016 Documentation toolkit looks like on the following link: https://advisera.com/13485academy/iso-13485-documentation-toolkit/

  • AS9100 - defining Top Management

    The use of “top management” in AS9100 carries over from the ISO 9001 standard; as such the definition comes from ISO 9000. Top Management is the person or group who direct the organization at the highest level within the scope of the QMS. So, if the QMS scope is the one building you are located in, but you have a parent company in another country, then top management refers to the senior managers at the facility detailed in the scope.

    You can learn more about meeting the QMS leadership requirements in this applicable 9001Academy article: How to comply with new leadership requirements in ISO 9001:2015, https://advisera.com/9001academy/knowledgebase/how-to-comply-with-new-leadership-requirements-in-iso-90012015/

  • Single person company becoming ISO 9001?

    First, note this is typical corporate culture, apply one size to fit all rules.
    Second, there is no basic or entry-level ISO, but ISO 9001:2015 is very flexible. Organizations can design a very light quality management system. For a single person company, you can minimize documentation to almost only what is mandatory.

    You can find more information in the following links:

  • Change request procedure

    In ISO 13485:2016, in requirement 4.1.4, there is no request to have a documented procedure for change control. In this requirement is stated that changes need to be made, evaluated for their impact on the quality management system and medical device, and controlled. In our documentation toolkit, in procedure 21_Procedure_for_Management_Review_Premium_EN, in section 3.2.1 Review inputs is stated that one of the inputs is Changes that affect the quality system. The section about changes is also stated in form 21.2_Appendix_2_Management_Review_Minutes_Premium_EN.

    In our procedure 14_Warehousing_Procedure_Premium_EN is stated that the purpose of this procedure is to describe the process of warehousing and planning warehousing resources. The warehousing process includes, but is not limited to: storage of raw materials, products, clients’ property, nonconforming products, and hazardous waste. This procedure excludes: Storage, transport, and handling of medical products; and Temporary storage in case of incidents and emergency situations. In section 4.1 is stated that both FEFO and FIFO can be used. It is up to you to decide which approach is most suitable for you.

    There is no direct requirement in the ISO 13485:2016 in section 7.5.11 to have documented Goods in and Goods out procedure.
Page 316-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +