Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Is 13485 Mandatory for making IR Thermometer?

    1. Is 13485 Mandatory or ISO 9001 With the scope covering IR Thermometer enough?

    All medical devices must be in compliance with harmonized standards. In MDR, in Article 10 General obligations of manufacturers, it is stated that the manufacturer must have implemented a quality management system. The list of harmonized standards is published by Official Jurnal of the European Union. On this list, ISO 13485:2016 is the only standard covering quality management system, therefore it is expected for manufacturers to have implemented ISO 13485:2016.

    For more data, please see the following links:

    2. Is 13485 Certification mandatory to obtain the CE Mark?

    No, neither in MDD (93/42/EEC) nor MDR (2017/7450), there is no direct requirement that manufacturers need to be certified according to the ISO 13485:2016. The requirement is only to have implemented a quality management system as is explained in the previous answer.

    If you need any help for the implementation of the ISO 13485:2016, these materials can help:

    You can see our ISO 13485:2016 Documentation toolkit on the following link: https://advisera.com/13485academy/iso-13485-documentation-toolkit/

  • ISO 9001 Generating Supplier Contracting Process

    How does the process start? With the need for contracting a supplier? Who has that initial need?

    How does the process end? With a new contracted supplier?

    What are the main steps from start-to-end?

    Identifying the need?

    Determining the requirements for the supply?

    Determining the requirements for the supplier?

    Contacting potential suppliers

    Receive and evaluate proposals?

    Visit and or audit them?

    Signing a contract?

    Then write the process sequence and responsibilities and authorities.

    The following material can provide more information:

  • ISO 9001 SME challenge

    Unfortunately, Advisera has no case study about that relationship. However, I would like to invite you to a thought exercise.

    Productivity is a ratio. So, one can improve productivity either by increasing the numerator (higher value added, higher margins), or either by decreasing the denominator (reducing costs, improving efficiency)?

    Consider this scenario as an example:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/97465556-6b95-4b20-872f-68735d58cc74

    Now, for each process, determine the functions that participate and what activities contribute the most to productivity and design a job description with the relevant competence criteria. Please check this technique presented on this free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ - particularly slides 13-15.

    The following material will provide you more information about competency and the process approach:

  • ISO 14001 Multiple sites merging under one manual

    Thank you.  Much appreciate your help

  • ISO 9001 Sales office under the scope

    Your company interacts with clients according to ISO 9001:2015 clause 8.2 and that clause cannot be excluded. If clause 8.2 is done by Sales offices, it cannot be excluded from scope.

    The following material will provide you more information about exclusions:

  • ISO 9001 Managing an ISO 9001 compliant system

    For documents that are relevant to the quality management system. Normally, organizations use stamps like:

    • Controlled copy (after approval)
    • Uncontrolled copy (for example, when a document is given to an outsider for information purposes)
    • Obsolete (when the document is no longer current but the organization decides to keep a copy for historical purposes)
       

    The following material will provide you more information about documents:

  • Question about ISO 27018 certification

    Thank you for the reply. That clears it up then. 

  • Aligning business strategy to ISMS

    In fact, the most common situation is the other way around (align ISMS to business strategy), and to do that you basically need to take business objectives and strategies into account when defining the ISMS objectives and scope.

    For example, if e-commerce is an important part of the business, and the ISMS objectives and scope do not include e-commerce, then the ISMS is not aligned to the business.

    Another example, if customer information is important to the business and the ISMS scope includes customer information, and there is a clear ISMS objective related to it (e.g., reduce the occurrence of a customer data breach, or comply with GDPR), then the ISMS is aligned with the business.

    This article will provide you a further explanation about aligning ISMS to business strategy:

  • ISO certification

    1. What are all the procedures for getting ISO 27001 certification for an organization?

    First, it is important to note that some documents and records are mandatory to fulfill clauses from the main sections of the standard (sections 4 to 10), and these are:

    • Scope of the ISMS (clause 4.3)
    • Information security policy and objectives (clauses 5.2 and 6.2)
    • Risk assessment and risk treatment methodology (clause 6.1.2)
    • Statement of Applicability (clause 6.1.3 d)
    • Risk treatment plan (clauses 6.1.3 e and 6.2)
    • Risk assessment report (clause 8.2)
    • Records of training, skills, experience, and qualifications (clause 7.2)
    • Monitoring and measurement results (clause 9.1)
    • Internal audit program (clause 9.2)
    • Results of internal audits (clause 9.2)
    • Results of the management review (clause 9.3)
    • Results of corrective actions (clause 10.1)

    Another situation is that some documents are required to fulfill controls that are mandatory if at least one of these situations happen:

    • There are unacceptable risks that justify the application of the control
    • There are legal requirements (e.g., laws or contract clauses) to which the organization must comply with that demands the application of the control
    • There is a top management decision, to implement the control, by considering it as good practice.

    If none of the above conditions happen, there is no need to implement a document related to that control. Examples of such documents are:

    • Inventory of assets (to implement control A.8.1.1)
    • Acceptable use of assets (to implement control A.8.1.3)

    Considering that, besides the documents to fulfill clauses from the main sections, without a detailed evaluation of an organization, it is not possible to define how many documents an organization would have, and which ones would be an overkill.

    These articles will provide you a further explanation about ISO 27001 documents and selection of controls:

    2. What are all the requirements (i.e., qualification for company, needs for getting ISO certification)?

    Broadly speaking, to be ready for ISO certification, an organization needs to:

    • Broadly speaking, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:
    • define the ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
    • develop risk assessment and treatment methodology;
    • perform a risk assessment and define the risk treatment plan;
    • implement controls (e.g., policies and procedures documentation, acquisitions, etc.);
      perform people training and awareness;
    • operate controls;
    • perform monitoring and measurement;
    • perform an internal audit;
    • perform management critical review; and
    • address nonconformities, corrective actions, and opportunities for improvement.

    This article will provide you a further explanation about ISMS implementation:

    3. Where we can apply for that ISO certification?

    ISO 27001 certifications are issued by organizations known as "certification bodies", which follow strict procedures to audit and report audit results to provide confidence on audit findings to interested parties (e.g., the organization itself, its customers, regulation bodies, etc.).

    The choice of the certification body is an organization's decision, based on its strategies and business objectives and alignment with certification body practices.

    This article will provide you a further explanation about the certification body:

    4. What is the cost of this ISO certification?

    There are a significant number of variables to be considered when estimating an implementation cost, so without more detailed information, it's not possible to precise a value. What I can tell you are some cost issues you should consider:

    • Training and literature
    • External assistance
    • Technologies to be updated/implemented
    • Employee's effort and time
    • The certification process

    Regarding ISMS maintenance costs, the above-mentioned costs also have to be considered, but at different levels, and you have to add the surveillance audit costs for certification maintenance.

    These articles can provide you more information:

    5. If we applied when it will reach us?

    I'm sorry, but I'm not certain about what do you mean about "when it will reach us" to provide a proper answer. If you could provide more information or an example maybe I can help.

    6. How much the period of time for this ISO certification? Once we got that certification when we renew that or not needed.

    After certification, surveillance visits must take place at least once a year, and the certificate is valid for 3 years. After the certificate expires, an organization can decide whether to go for the recertification, but this is not mandatory - this is something you do only if you want to keep the certificate.

    This article can also help you: 

  • Conceding ISO 17025 certificate

    The accreditation process can typically take between 6 to 8 months. Each accreditation body will have a guideline on this, which you can obtain from them.  The first time period is between application (with submission of documents) and the initial assessment. This could be around three months. The second period is between assessment and clearing any findings. The accreditation body will provide, typically 3 months for the laboratory to do root cause analysis and clear the findings of the initial assessment, i.e take action (not the promise to do so). Thereafter, the accreditation body will have a time frame, perhaps a month to issue the certificate.
Page 338-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +