Search results

Implementing 13485 as a wire harness supplier

According to the ISO 13485:2016 requirement 4.2.3 Medical device file, here are the elements that you need to have:

• a general description of your product and labeling
• specification of the product
• description of how you manufacture the device, package, store, handling, and distribution<
• if there is any kind of measuring or monitoring procedure
• if there are instruction or any requirement for installation to another device
• if there is a possibility to service your part of the device, then you need a procedure for that

For more information, please see the following article:

• How to meet ISO 13485:2016 requirements for medical device files - https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/

• Changes to EU GDPR policies regarding e-privacy

  Hi, I need to know whether there have been any changes to the EU GDPR policies recently in relation to e-privacy. Can you advise?

• Certified ISO auditor in the US

  Great answer. Thank you very much. 

• Key Performance Indicators in relation to ISO

  Unfortunately, I’m not aware of any standard to be used as a reference for the definition of KPI’s.

  KPIs should be a function of the strategic orientation of an organization. Simplifying a complex world, an organization can serve clients that value above all:

  • The lowest price; or
  • Innovation or design; or
  • Customized service.

  If an organization manufactures a product or provides a service focused:

  • on customization, the point is not efficiency but effectiveness;
  • on the lowest cost, the point is efficiency. 

  Some years ago, I developed this crazy metaphor of seeing an organization with all its processes as an athlete. If you compare the body of someone competing on athletics with the body of someone that competes on weightlifting, they are very, very different. The body of a soccer player is very different from the body of a basketball player. Different strategic orientations require different process content. Two different organizations with two different strategic orientations may have a process with a similar name but with different activities or different priorities.

  The following material will provide you more information:

  • Article - How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
  • Article - How t write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
  • Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
    https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• Internal Audit Procedure

  One can describe the internal audit process like this:

  

  Please check this free webinar on demand that details each step in the internal audit process - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/

  You can find more information in the following links:

  • ISO 9001 – Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
  • ISO 9001 document template: Procedure for Internal Audit - https://advisera.com/9001academy/documentation/procedure-internal-audit/
  • Free online training ISO 9001:2015 Internal Auditor Course
    – https://advisera.com/training/iso-9001-internal-auditor-course/ 
  • Book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/
     

• Failing to take corrective action

  If a minor nonconformity, raised during the previous audit, has not been resolved within the deadline – such a small nonconformity automatically becomes a major one.

  You can find more information in the following links:

  • Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
  • Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about developing checklist questions)
  • ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• Addressing Procedure pack in the ISO 13485 Manual

  If you are the one who makes procedure packs, then you will describe in your ISO 13485 Quality manual what your medical devices are, of which components they consist. In your procedure for production you will describe how you make your procedure packs, are they assembled in the cleanroom, do they need sterilization, how you monitor the traceability of each component (Lot or a serial number of each component), how do you label them, and other relevant things. You need also to prepare a medical device file for them.

  For more details, I would need to know what kind of procedure packs you have. 

  The following article may be useful:

  • How to meet ISO 13485:2016 requirements for medical device files - https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/

  What are obligations of the manufacturers for procedure packs in MDR 2017/745, you can find on the following link:

  • EU MDR Article 22 – Systems and procedure packs https://advisera.com/13485academy/mdr/systems-and-procedure-packs/

  • ISO 27001 implementation

    Main challenges related to ISO 27001 implementation are:

    • Lack of management support: without this support, you won't have the minimal resources and engagement to implement the required controls.
    • Not using a project management approach: such implementation involves coordinating several people to perform dozens of activities, and without a methodology, you will finish inside a huge mess with no security at all.
    • Lack of time for the implementation project: The project can be very important, but normally, there are a lot of urgent things happening that postpone the project.
    • ISMS scope wrongly defined: not protecting information that really matters.
    • Documentation: Procedures excess or lack of details may compromise operations.

    This article will provide you additional information:

    • The 3 key challenges of ISO 27001 implementation for SMEs https://advisera.com/27001academy/blog/2017/04/17/the-3-key-challenges-of-iso-27001-implementation-for-smes/

    These materials will also help you regarding ISO 27001 implementation:

    • Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    • ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Risk Statements

    Please note that vulnerabilities are weaknesses related to an asset and they do not cause threats, they are exploited by them. Considering that, your proposed structure should be:

    Threat (that has an effect on vulnerabilities) exploits a vulnerability, resulting in a business consequence.

    Considering an asset-threat-vulnerability approach, your statement would be:

    "Information system's" (asset) "breach of maintainability" (threat) due to "insufficient maintenance installation of storage media" (vulnerability). This may lead to XWY (consequence).

    This article will provide you a further explanation about risk statement:

    • ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

    These materials will also help you regarding risk statement:

    • Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
    • Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Quality assurance in medical education

    Unfortunately, that is a very specific topic and we do not have any samples applicable to a quality assurance agency for medical education.

    Perhaps this article could be useful, although it presents a general approach - Some tips to make Control of Records more useful for your QMS - https://advisera.com/9001academy/blog/2014/01/28/tips-make-control-records-useful-qms/

    You can find more information in the following links:

    • Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
    • Procedure for Document and Record Control - https://advisera.com/9001academy/documentation/procedure-document-record-control/
    • Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    • Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/