Search results

Technical Records

This is a good question. It is an example of the need to take a risk-based approach to creating records. I can’t tell from your question if the temperature monitoring relates to a piece of equipment (e.g. an incubator oven or water bath); or environmental conditions (e.g. room temperature). Either way, you need to look at the risks of not recording something of importance, and equally risk of recording something like "n/a" and having to justify during review or audits, that in fact it was not applicable. It is therefore advisable to avoid using n/a on a technical record. 

To resolve  this issue, consider the purpose of the record and therefore it’s design. There are three questions here – why the data / information needs to be recorded, what must be recordered and when ?  If the purpose relates to a manual operation, e.g. to verify a temperature specification was met for glassware used for the preparation of samples; then the recorded temperature must cover the duration of the activity. If the need, as in this example, always excludes recording data outside of operational hours, then an option could be to redesign the form so that there is no need to record over weekedends, thus avoiding using "n/a". You would document in a procedure or test method, why and when the particular temperature record needs to be supplied.  Generally, you could state for equipment, the need to manually record temperature “before use”; while  general environmental conditions like room temperature and humidity are recorded “at the beginning and end of each shift”.

Don’t forget if there are specific risks, such as temperature fluctuations which could affect the validity of the results; then the temperature should be recorded at the time, not just at the beginning of shift. If the activity affected by temperature extends outside of operational hours, then the use of a min and max recording may be required, or even live temperature loggers. Consider, for example, the risk of a refrigerator housing valuable reference bacterial cultures or sample, failing on a saturday morning and only being discovered on a monday morning.

For more information, see the ISO 17025 toolkit document templates:  Facilities and Environmental Condition Procedure  and Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/facilities-and-environmental-condition-procedure/ and https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure// as well as the article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/

Some additional information is available in the ISO 17025 Expert Community question regarding Environmental conditions for testing and calibration laboratories, available  at https://community.advisera.com/topic/environmental-conditions-for-testing-and-calibration-laboratories/

ISO 13485 Servicing vs FDA refurbishment of medical devices

This means that service activities can be provided by your supplier, and service activities can be outsourced to some other company. Then, of course, with this outsourcing, the company must be managed as described in 4.1.5.

Is 5S Methodology shall requirement of IATF 16949?

5S is not a requirement of the IATF 16949: 2016 standard. 5S is a customer-specific requirement from Toyota. If TOYOTA is your customer, you have to comply with 5S requirements. 

However, in the article 7.1.4.1 of the IATF standard, "The organization will maintain its facilities in case of an order compatible with the product and production process needs, in case of cleaning and repair".  Even if it is not specified as 5S in the IATF 16949:2016 standard; nevertheless, cleanliness, order, standardization is a very important issue for automotive expectations.

These issues, as you know, are the main foundations of 5S and must be complied with as an IATF 16949:2016 standard requirement.

Procedure for correcting the wrong report

IATF 16949: 2016 standard states as follows in its article 10.2.6. 

‘’The organization shall perform analysis on customer complaints and field failures, including any returned parts, and shall initiate problem-solving and corrective action to prevent a recurrence.  Where requested by the customer, this shall include analysis of the interaction of embedded software of the organization's product within the system of the final customers' product  The organization shall communicate the results of testing/analysis to the customer and also within the organization.’’

Therefore, it is always necessary to send the correct analysis report.

If it is seen in the IATF 16949:2016 audits that you have submitted the wrong report, this issue must be handled as non-conformity. As you realize, you can apologize to your customer and send the correct report.

Are Data Protection Laws extra territorial?

Are Data Protection Laws extra territorial?

GDPR has an extra-territorial effect. According to Article 3 GDPR, it applies to all processing of personal data in the EU and to all processing of EU individuals all around the world. Therefore, UE companies and companies processing EU personal data need to comply with GDPR.

GDPR allows EU Member State to develop some internal regulation in certain fields and these internal rules have a territorial effect in the Member State.

Do Data Protection Regulators in various countries communicate with each other?

Yes, they all belong to the European Data Protection Board (EDPB) where they can cooperate and develop some guidelines to help internal interpretation.

You can find more information here:

• What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
• The obligations of controllers towards Data Protection Authorities according to GDPR: https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/

You may also consider enrolling in this online EU GDPR Foundations Course:

• EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• Requirements for Medical Gown Production under ISO 13485

  There are no strict requirements regarding environmental criteria for the manufacturing of medical gowns. According to the ISO 13485:2016, requirement 6.4.1 Work environment, the organization must document requirements for the work environment needed to ensure that the final product is in conformance with the requirements and specifications. If the medical device is sterile, the manufacturer must document requirements for control of contamination with microorganisms. It means that it is up to the manufacturer to decide which cleanroom classification he will use and how will he control that medical device is sterile. Usually, manufacturers of medical gowns have a cleanroom class ISO 7 according to the ISO 14644-1:2015 Cleanrooms and associated controlled environments — Part 1: Classification of air cleanliness by particle concentration. 

  A cleanroom is any given contained space where provisions are made to reduce particulate contamination and control other environmental parameters such as temperature, humidity, and pressure. The key component is the High Efficiency Particulate Air (HEPA) filter that is used to trap particles that are 0.3 microns and larger in size. All of the air delivered to a cleanroom passes through HEPA filters, and in some cases where stringent cleanliness performance is necessary, Ultra Low Particulate Air (ULPA) filters are used. Cleanrooms are classified by how clean the air is and according to the number and size of particles permitted per volume of air.  

  For more information about the cleanliness of medical device production, please see the following articles:

  • Managing cleanliness of a product and contamination control according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/07/04/managing-cleanliness-of-a-product-and-contamination-control-according-to-iso-134852016/
  • Managing medical device infrastructure requirements according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/

  You can also see in our ISO 13495:2016 Documentation toolkit how Procedure for Infrastructure and work environment look like on the following link: https://advisera.com/13485academy/documentation/procedure-for-infrastructure-and-work-environment-iso-13485-2016/

• ISO 13485 compatibility with EN 14126

  ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes is a standard for a quality management system, while EN 14126:2003 Protective clothing against infective agents is a standard that is used to demonstrate the performance of protective garments against infective agents. Since protective garments against infection are a medical device, the manufacturer is supposed to have implemented a quality management system according to ISO 13485:2016. Therefore, the manufacturer of protective garments against infection must be in compliance with both standards.

  Further articles can provide more information about ISO 13485:2016:

  • What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/
  • Clause-by-clause explanation of ISO 13485:2016 - https://info.advisera.com/13485academy/free-download/clause-by-clause-explanation-of-iso-13485

  • Recommendation for ISO 45001 implementation

    My recommendation for the most practical way to implement ISO 45001 is to follow the diagram linked below, starting with the assurance of top management support as this is necessary for the project to work. Additionally, if you are not using a toolkit that includes a format to follow (for instance, the Advisera toolkits should be implemented in order), then the best idea is to go through the standard in the order it is written. First identify the context of the organization and record the policy (Clause 4), then make sure that leadership commitments are in place (clause 5), etc. The one exception to this is that the first thing you will want to do is to put in place your process for documented information (clause 7.5, for your procedures and records) since you will want to know the rules for documenting information like your OH&S policy before you start.

    One specific thing to note as you work through your context of the organization, is to include all of the interested parties you mentioned (corporate, local and national government, etc.) and their requirements as pert of clause 4.2 assessment. This will give you a full, clear picture of the needs that you must incorporate into your OHSMS.

    You can see the diagram for implementing ISO 45001 here: Diagram of ISO 45001 Implementation Process, https://info.advisera.com/45001academy/free-download/diagram-of-iso-45001-implementation-process

  • ISO 9001:2015 Risk-based Thinking (A.4)

    First, ISO 9001:2015 has no mandatory requirements concerning risks and opportunities – please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ . So, whatever the method used by your organization to document your risk assessment is valid if it suits your needs. Having said that, beware that a risk is not necessarily a nonconformity. Following ISO 9001:2015, I recommend organization to determine risks and opportunities around three areas:

    • Around the business, when considering clauses 4.1 and 4.2 according to clause 6.1 – please check slide about “Intended results” in our free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand//
    • Around products and services, when considering clause 5.1.2 b) - please check slide about “Products and services” in the same free webinar on demand
    • Around processes, when considering clause 4.4.1 f) - - please check slide about “Processes” in the same free webinar on demand 

    A common way to document the risk assessment is to use a Risk Register – please check the sample from our Documentation Toolkit - ISO 9001 document template - Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/

    I take the liberty of recommending my book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - with a strong focus on the risk-based thinking.

  • Is registrar remote audit for surveillance or recertification audits allowed?

    I have a question regarding the registrar remote audits for the surveillance or recertification audits. IATF does not allow remote audits but I believe the ISO community does. is this correct?

    Yes, correct. IATF does not allow any remote audit. 

    Also, my question points out to the risk of companies to lose the certification due to Covid 19 - impossibility to be audited and certified. Is any rule as in IATF for extended the current certificate?

    ‘’IATF Global Waivers and Measures in Response to the Coronavirus’’ the document was published by IATF as revision 03 on 08.06.2020. You can find this document on the website https://www.iatfglobaloversight.org/

    Pandemic Faced with this situation, IATF has defined a document called "Global Measures of the IATF in response to the COVID-19". The objective of this document is to define the guidelines so that all the stakeholders of this Certification Scheme must be know how to act to mitigate the impact on the continuity of the audits and certification processes. IATF has granted a 6-month extension to each certificate issued and currently valid. This will be reflected in the IATF Database and will be visible later on in the validity of the certificate.