Search results

Requirement of mentioning details of outsourced process in Clause 4.1.5 of ISO 13485

In requirement 4.1.5 is stated that the control of the outsourced process should be written in the quality agreement. We in our ISO 13485 Documentation toolkit have a template for Quality agreement for critical suppliers. How template looks and which elements it has as you can find on the following link: 

• Quality Agreement for Critical Supplier - https://advisera.com/13485academy/documentation/quality-agreement-for-critical-supplier/

Another part of this topic is how you will define in your Purchasing process control over companies that provide you outsourced processes. According to the requirement 7.4.1 Purchasing process, an organization must plan monitoring and evaluation of suppliers. Usually, manufacturers that have outsourced processes plan an audit in those companies in a frequency that they find justified. These audits are performed by the same rules as their internal audits.

You can find more information on how to control outsourced processes in the following article:

• How to control outsourced processes using ISO 9001 - https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/

• Objectives for Textile Unit manufacturing isolation gowns

  It is very hard for me to say what objectives you can have for your medical device. According to the requirement 5.4.1 Quality objectives, quality objectives are a tool to highlight essential elements in your quality policy, while giving employees a framework for achieving continual improvement.  For example, one goal can be to have less than 1% scrap in the production; or to reduce customer complaints from 5% to 3%. 

  Following articles can help you in that process:

  • Setting good quality objectives for ISO 13485 - https://advisera.com/13485academy/knowledgebase/setting-good-quality-objectives-for-iso-13485/
  • How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

  You can also see how in our ISO 13485:2016 Documentation toolkit looks the template for setting quality objectives and planning:

  • Quality Objectives and Realization Plan https://advisera.com/13485academy/documentation/quality-objectives-iso-13485-2016/

  • ISO 9001 implementation

    Theoretically, the steps are the same as for any other company. In practice, there are differences around the more or less flexibility of the people involved.

    The first step is to perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis you can develop your Project Plan, listing what needs to be done, by whom, until when.

    Then, an important step is to design a model of how your organization work as a set of interrelated processes. For example:

    

    Decide how to describe and monitor those processes.

    From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

     

    This is a very short description of the journey but below you can find more detailed information:

    • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
    • Free ISO 9001:2015 Gap Analysis Tool -https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
    • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
    • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
    • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
    • Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
    • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    • If you are in a hurry to implement your QMS, perhaps our ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/ may be useful
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
       

  • Effect of medical device class on ISO 13485 documentation

    I would like to know how the class of a medical device affect in the documentation required to implement a quality management system according to ISO13485:2016.  

    The class of medical device does not affect the documentation required to implement a quality management system according to ISO13485:2016. The Claas of medical device only affects the technical documentation necessary to prove compliance with Medical device regulative. 

    For more information, please see the following articles:

    • What is ISO 13485? https://advisera.com/13485academy/what-is-iso-13485/
    • How to structure Quality Management System documentation according to ISO 13485 https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/

    I mean if we manufacturing the medical device of class IIa (specifically a gamma probe) what type of certifications should have it. (IEC60601 for electromedical equipment, electromagnetic compatibility, among other).

    Your medical device must be certified by the notify body and get the CE mark. If it is equipment that is active (need electricity for the operating) then it has to have IEC 60601 certificate for electromagnetic compatibility. If you have some software that drives the device, that it should be validated according to the IEC 62304:2006 Medical device software — Software life cycle processes. Is there any other standard, it is hard to know because I do not have enough data.

    It's possible to know all documentation that is necessary for design and manufacturing gamma probes? thanks 

    All documentation that is necessary for design and development of medical devices according to ISO 13485:2016 you can see in our ISO 13485:2016 Documentation toolkit on the following link: https://advisera.com/13485academy/iso-13485-documentation-toolkit/

    At the end of the page under the title "Toolkit Documents", you can search for Design and development. There you will find all the necessary documents.

  • Risk Treatment Implementation and Risk Treatment Plan

    1. We are discussing the implementation steps and we are a bit confused about the Risk Treatment Implementation and the Risk Treatment Plan. Please what’s the difference between the two. When are the risks actually treated?

    In the risk treatment implementation, you need to define what to do with risks (e.g., risk mitigation, risk avoidance, risk acceptance, and risk transfer), while in the Risk Treatment Plan you define the actions, responsible, and deadlines to implement the chosen option. For example:

    • Risk: information loss due to virus
    • Risk Treatment: mitigate the risk
    • Risk treatment plan: The IT manager must develop and implement a backup policy in the following 90 days.

    These articles will provide you a further explanation about risk treatment and risk treatment plan:

    • Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
    • 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/

    2. Also, what’s the difference between the risk treatment methodology and the risk treatment plan?

    The risk treatment methodology refers to the rules (e.g., steps and criteria) to be followed when performing the risk treatment, while the Risk Treatment Plan is one of the outputs of the risk assessment and risk treatment process as a whole (together with the Statement of Applicability). Please note that the most common reference you will find is about the Risk Assessment and Risk Treatment Methodology because ISO 27001 requires the definition of processes for both risk assessment and risk treatment.

    These articles will provide you a further explanation about risk management process and risk treatment methodology:

    • ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
    • How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

    These materials will also help you regarding risk management:

    • Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    • ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Changing certification bodies

    First, were those unavoidable circumstances related with the certification body? Let us consider that the answer is no.

    Second, the certification body while revoking certification was just following known procedure.

    Third, while choosing the certification body for the first time did your organization followed this set of rules in the article – How to choose a certification body? https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

    Fourth, how did your organization feel during the revoke process? Were they clear, were they reasonable, were they treating your organization fairly?

    If during the revoking process they were clear, reasonable, approachable, and fair, and if they were the right choice at the first time, and since they already know your organization and your organization knows them perhaps pursuing certification from the same certifying body could be a decision to follow.

     

  • Visionary leadership

    Considering the strategic orientation of your organization, what can be expected as consequences, as results of having a visionary leadership? Once defined those consequences or results, you can compare the actual results with the expected or required results.

    For example, a visionary leadership may conclude that an organization should prepare itself for leaving a particular market because of low prices and hypercompetition and start working for a premium segment with premium prices and margins. Now, imagine that the organization followed that path and two years later is enjoying a nice rise in new premium clients, and prices and margins while the old market is in turbulence with price competition. You may call that leadership as visionary for that organization.

    The following material will provide you more information:

    • How to comply with new leadership requirements in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-comply-with-new-leadership-requirements-in-iso-90012015/
    • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Document formatting change

    As long as you avoid obsolete documents in use there should be no problem with that. Be sure to inform people about the change. Personally, I have done that several times in different organizations. The purpose of the revision number is to make easier the verification that the version in use is the last version.

     

    The following material will provide you more information:

    • New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    • Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
    • Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    • Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
       

  • EMS Audits

    Targets are benchmarks that help us check effectiveness. When targets are defined, they represent the best of our knowledge. We believe that meeting those targets is the best for the organization.

    When the due time arrives, we can compare actual performance with the desired performance. In this case the target was 3 audits, but only 1 audit was performed.

    Why the difference?

    • Lack of resources?
    • Lack of commitment?
    • Bad target?
    • Bad control?

    Was that audit enough? Were all areas of the environmental management system audited?

    Should your organization improve target definition for the future? Or should your organization improve resources, commitment and control about audits?

    Whatever the reason, acting this way your organization will be learning.

    Please check this information below with more detailed answers:

    • How to measure the effectiveness of your EMS according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/09/05/how-to-measure-the-effectiveness-of-your-ems-according-to-iso140012015/
    • Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
    • Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
    • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

  • ISO 14001 value

    Implementing an environmental management system can bring benefits such as:

    • Improve your image and credibility allowing your organization to win customers that value the relationship with the environment;
    • Help your organization in complying with legal requirements by having a method in place to identify new or revised legal requirements, determine their applicability and translating them into the organization’s activities;
    • Improve cost control through higher efficiency and less waste. 

    Please check this information below with more detailed answers:

    • 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
    • ISO 14001: The benefits for customers - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/
    • How to get management buy in for an ISO 14001 project - https://advisera.com/14001academy/blog/2015/06/08/how-to-get-management-buy-in-for-an-iso-14001-project/
    • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/