Search results

Inlininig procedure for CAPA

This means that, when you detect a nonconformity, first you need to eliminate it, then you need to plan how you will eliminate the cause of this nonconformity. So you need to find out what is the cause of that nonconformity and find out with what actions this cause will be eliminated. When you know your actions, then you need to plan them and document them. If the action requires a change in your documentation, then you should also need to make a change in the proper documentation. Usually, there is a form that covers all elements for properly solving the nonconformity.

Here is the link to the preview of the request form from our ISO 13485:2016 Documentation toolkit:

• Corrective/Preventive Action Request https://advisera.com/13485academy/documentation/correctivepreventive-action-request-iso-13485-2016/

For more information on how to solve corrective action, please see the following articles:

• ISO 13485 continual improvement: Seven-step process for corrective and preventive actions - https://advisera.com/13485academy/knowledgebase/iso-13485-continual-improvement-seven-step-process-for-corrective-and-preventive-actions/
• Seven Steps for Corrective and Preventive Actions to support Continual Improvement https://advisera.com/9001academy/blog/2013/10/27/seven-steps-corrective-preventive-actions-support-continual-improvement/
• How to proceed once a QMS corrective action is defined? https://advisera.com/9001academy/blog/2016/09/20/how-to-proceed-once-qms-corrective-action-is-defined/

In our ISO 13485:2016 Documentation toolkit, you can also see Procedure for corrective action:

• Procedure for Corrective and Preventive Action https://advisera.com/13485academy/documentation/procedure-for-corrective-and-preventive-action-iso-13485-2016/

• Documenting processes

  Put a sheet of scenery paper affixed to a wall. Then, bring together a diverse team of people who as a whole know the company from different perspectives. On one end of the paper put a sticky note saying, "Customer in need" and on the other end put another sticky note saying "Customer served". Then, in a collaborative brainstorming session use sticky notes to describe what happens from "Customer in need" until "Customer served". Follow a rule: each sticky note has a verb + a noun. For example: Receive order; Check order; Confirm order; ...

  When you feel you have already listed the essential activities, try to group them into what will be the organization's processes.

  This technique is described in this free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/

  In my example we get this global process map:

  

  Then, for each process, based on the individual sticky notes you can draw a flowchart:

  

  Then, for each process, you can apply the risk-based approach and determine steps that need to be improved, either by changing practices, either by introducing SOPs, or either by introducing new controls.

  Please find an example from the above webinar here:

  

  The following material will provide you more information about the process approach:

  • In this free webinar on demand you can find the basis for determining process control plans - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • I base this book on the process approach - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• Lab requirements for counting plates

  From your question, I assume you are asking specifically what facility and environmental conditions are required for a microbiological laboratory, in terms of ISO 17025 accreditation. As you asked about the room, I will respond with a few requirements related to facilities and environmental conditions, clause 6.3 of ISO 17025:2017. The requirement is that facilities and environmental conditions must be suitable, documented, controlled, monitored, recorded and periodically reviewed. To determine what is suitable for your laboratory, you will need to look at the activities that will take place in the “room” and what regulatory requirements are required, i.e. the context.  

  Remember ISO 17025 is a guideline to assist you achieve competency, impartiality and consistent operations.  The facilities and controls necessary will depend on the type of testing being performed. You will need to do a risk assessment to identify the controls necessary, by considering anything that could lead to a deviation from meeting regulatory and quality requirements. For example high risk micro-organisms may require a negative pressurised room.  Address issues such as hygiene and cleaning protocols, access control, structural layout to provide for separation of activities, as well as equipment needed to minimise cross-contamination  - type of surfaces, ventilation, and suitable class of biosafety cabinets. Facilities should include suitable disposal of waste and sterilisation of materials.

  For further information see the following:
  The article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
  ISO 17025 toolkit Facilities and Environmental Condition Procedure at https://advisera.com/17025academy/documentation/facilities-and-environmental-condition-procedure/

  The article Five-step laboratory risk management according to ISO 17025:2017 at https://advisera.com/17025academy/blog/2019/12/05/iso-17025-risk-management-in-five-steps/
  The webinar How to manage risks in laboratories according to ISO 17025 at https://advisera.com/17025academy/webinar/iso-17025-risk-management-how-to-manage-it-free-webinar-on-demand/

• Starting a company with ISO 9001 Lead Auditor certification

  Yes, we have an ISO 9001:2015 Lead Auditor Course. I believe you mean to start a consulting company, to help organizations implement a quality management system and get certification. If that is the case the Lead Auditor Course can help you demonstrate knowledge and competence. Perhaps our ISO 9001:2015 Lead Implementer Course could be useful. Please check this article about how our list of courses can help professionals in their journey - How to choose the most appropriate training - https://advisera.com/training/compare/

  The following material will provide you more information about consulting:

  • How to become an ISO 9001 consultant - https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/
  • How to sell your ISO 9001 consulting services - https://advisera.com/9001academy/blog/2017/06/20/how-to-sell-your-iso-9001-consulting-services/
     

• Software as Medical Device

  For classification of the software to be a medical device, please see Rule 11 from Medical device regulation MDR 2017/745 here:

  • EU MDR Annex 8 – Classification rules https://advisera.com/13485academy/mdr/classification-rules/
  Software intended to provide information which is used to make decisions with diagnosis or therapeutic purposes is classified as class IIa, except if such decisions have an impact that may cause:

  death or an irreversible deterioration of a person’s state of health, in which case it is in class III; ora serious deterioration of a person’s state of health or surgical intervention, in which case it is classified as class IIb.Software intended to monitor physiological processes is classified as class IIa, except if it is intended for monitoring of vital physiological parameters, where the nature of variations of those parameters is such that it could result in immediate danger to the patient, in which case it is classified as class IIb.

  All other software is classified as class I.

  Manufacturers of a medical device must have implemented ISO 13485:2016.

  More information about this standard you can find on the following links:

  • What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/
  • Clause-by-clause explanation of ISO 13485:2016 - https://info.advisera.com/13485academy/free-download/clause-by-clause-explanation-of-iso-13485
  • Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
  • Free webinar on demand: A how-to guide for ISO 13485 implementation - https://advisera.com/13485academy/webinar/a-how-to-guide-for-iso-13485-implementation-free-webinar-on-demand/

  • Health, safety and EMS in a construction company

    As ISO 14001 and Iso 45001 are written to be used by any industry, the process of implementation is the same for construction, the main difference is that the environmental aspects (interactions with the environment), OH&S hazards and legal requirements will be different. Start each implementation off with management support, and ensure that you implement each part of the standards. You can see the implementation process for ISO 14001 here (ISO 14001:2015 Implementation diagram, https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram) and ISO 45001 here (Diagram of ISO 45001 Implementation Process, https://info.advisera.com/45001academy/free-download/diagram-of-iso-45001-implementation-process).

    If you are implementing both ISO 14001 and Iso 45001, it might be helpful to see our whitepaper on integrating management systems; How to integrate ISO 9001, ISO 14001 and ISO 45001, https://info.advisera.com/9001academy/free-download/how-to-integrate-iso-9001-iso-14001-and-iso-45001

  • ISO 14001 certification at corporate level

    Yes, it is possible to certify your EMS at the corporate level. If an organization has more than one location, the scope should include the activities or processes involved, the products or services considered, and the name and addresses of each location. Each location has to comply with legal and regulatory requirements applicable to its own location.

    You can find more information in the following links:

    • Although from ISO 9001 this article can be useful - Certifying different legal entities under one certification scope in ISO 9001 - https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
    • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

  • International personal data transfers – Binding Corporate rules (BCR) under GDPR – and Cross boarder documentation

    "I have been through the forwarded material around GDPR compliance and I have the following questions:

    1. International personal data transfers – Binding Corporate rules (BCR) under GDPR – and Cross border documentationHow do we secure compliance? Is it by fill in and sign the Cross Border document or do we need another agreement?

    I assume you are referring to the documentation in the EU GDPR Documentation Toolkit. As you may know, Binding corporate rules (BCR) under Article 47 GDPR apply to group companies for transfers inside the same group, and to be compliant must be approved by the competent Data Protection Authority (DPA) following the procedure in Article 63 GDPR which is quite complex.

    BCR must

  • be enforceable to all companies of the group and legally binding,
  • assure data subjects rights,
  • provide information and contacts of the group and each company belonging to the group,
  • provide information on data transfers, data subjects involved, third countries of destination,
  • assure the application of principle layout in GDPR as data minimization, data retention period, purpose limitation, data quality, data protection by design and by default,
  • accept liability for any breach of the BCR by any company of the group as reported by the competent DPA,
  • assure compliance of all group’s companies to BCR with audits, employees’ training to follow BCR, and willingness to modify and implement BCR to DPA’s new requirements,
  • Cooperate with and report to DPA any data breach.

  BCR are quite complex and not suitable for small-medium companies, with a long and complex adoption procedure. Maybe, your question referred to the Standard Contractual Clauses, which are used for assuring the transfer of data between companies that do not belong to the same group.

  These are contained in Folder 7 of the EU GDPR Documentation Toolbox that you bought. If so, you need to attach the Data Transfer Agreement to the original Agreement with the other Party selecting the right template depending if you are transferring to a data processor or to a data controller.

  2. When we have “employed” sellers and consultants with their own companies which invoices their “salary” to Digizuite, do we then need specific Data processing agreements with each of them?

  Do your sellers and consultants process personal data on your behalf in their job? If they do, you need to sign a specific data processing agreement with each of them independently from the use of Digizuite. Maybe sellers relate with customer's personal data and you need to assure the process data being compliant with GDPR requirements as data processors.

  3. I can’t find a Data Processor agreement in your material. Why isn’t it part of the toolkit?"

  In the EUGDPR Documentation Toolkit, you can find 2 templates of Data Processor Agreement in Folder 8 - Third Party Compliance.

  Here you can find some useful material about data transfer:

  • 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
  • Standard Contractual Clauses for the Transfer to Processors and Standard Contractual Clauses for the Transfer to Controllers.: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes
  • EU GDPR Article 44 – General principle for transfers: https://advisera.com/eugdpracademy/gdpr/general-principle-for-transfers/
  • EU GDPR Article 45 – Transfers on the basis of an adequacy decision: https://advisera.com/gdpr/transfers-on-the-basis-of-an-adequacy-decision/
  • EU GDPR Article 46 – Transfers subject to appropriate safeguards: https://advisera.com/gdpr/transfers-subject-to-appropriate-safeguards/
  • EU GDPR Article 47 – Binding corporate rules: https://advisera.com/gdpr/binding-corporate-rules/
  • Free webinar – How to make personal data transfers to other countries compliant with GDPR: https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/
  • EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

  You can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Requirements for certification

    Setup a project sponsor, a project manager and a project team. Ensure top management support, get training and as a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis you can develop your Project Plan, listing what needs to be done, by whom, until when.

    Then, an important step is to design a model of how your organization work as a set of interrelated processes. For example:

    

    Decide how to describe and monitor those processes.

    From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

    This is a very short description of the journey but below you can find more detailed information:

    • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
    • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
    • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
    • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
    • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
    • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
       

  • Clause 6.1.1

    One general advise: avoid generic lists of risks. Each organization is a particular case.

    According to ISO 9001:2015 organizations can determine three types of risks:

    • Risks related with context and interested parties;
    • Risks related with products and services; and
    • Risks related with processes 

    The following material will provide you more information about risks:

    • Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
    • How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    • How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
    • How to identify risk controls in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
    • Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
    • ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/