Search results

Quality manual vs Quality system procedure

First, ISO 9001:2015 does not make mandatory having a quality manual. However, keeping a quality manual can be useful as a collection of high level documents that present and explain how the quality system works and what are its priorities – Please check this article - The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/

Second, quality manual is not a quality system procedure – Please check this article about quality system documentation structure - How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/

Third, there is no mandatory structure for a quality system procedure, you may use a flow chart.

Query on documents for ISO 27001 & ISO 9001

Since 2012 ISO management systems share many requirements (e.g., documents and records control, internal audit, management review, etc.), so the individual documents for each system still area applicable, and they can be combined in single documents. For documents covering specifics of each standard (e.g., information security risk assessment and treatment, product planning), it is still better to keep them separated

This article will provide you a further explanation about integrated ISO systems:

• How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/

This material can also help you:

• ISO 27001 vs. ISO 9001 matrix (PDF) https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix

Is AWS 27001 sufficient to show security?

With the AWS ISO 27001 certification, AWS complies with a broad, comprehensive security standard and follows best practices in maintaining a secure environment. ... AWS reports, certifications and third party attestations are discussed in more detail later in this document.

Choosing a certification body

There is not a universal answer. Different organizations choose different certification bodies based on issues like market preferences; client’s preferences and sector experience. You can find a comprehensive analysis in the following articles - How should you pick an ISO 9001 certification body? - https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/ and - How to choose a certification body - https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

Risk Treatment

To improve your knowledge about putting ISO27001 in practice I suggest you read our blog posts and papers because most of them include real examples on how to fulfill requirements of the standard or apply controls. A good general guide is these free download:

• Clause-by-clause explanation of ISO 27001 (PDF) https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
• Step-by-step explanation of ISO 27001 risk management (PDF) https://info.advisera.com/27001academy/free-download/step-by-step-explanation-of-iso-27001-risk-management

Besides the explanation in the papers themselves, they include links to detailed articles.

Regarding your example, please note that the Statement of Applicability is part of the risk management process required by ISO 27001, and it is created after risk analysis and risk treatment. The correct sequence of your example is:

• ISMS scope: where you define which information you want to protect and where it is located
• Risk analysis: the identification of relevant risks that can negatively impact your scope
• Risk treatment: the definition of the general approach to treat relevant risks (e.g., risk mitigation, risk avoidance, risk acceptance, and risk transfer)
• SoA: where you identify the controls that are considered applicable for you ISMS, the justification for include such controls, the justification for not including some of the controls of ISO 27001 Annex A (if necessary), and the implementation status of applicable controls.

These articles will provide you a further explanation about risk management according to ISO 27001 and implementation steps:

• ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
• ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
• How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These materials will also help you regarding ISO 27001:

• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Adherence to procedure

Perhaps the approach represented in this picture can help you:

Think about the not-adherence to the procedure as a rationale decision. Surprised?

• Sometimes people don’t want to change because there is inertia, there are things holding them back from changing. For example: Do they have all the resources or information needed to apply the new procedure? It is not unusual that a change requires an extra resource, or a new lay-out, that is still not in place.
• Sometimes people don’t want to change because there is anxiety, there are fears and concerns about the new procedure that hold them back from changing.
  Try an open and calm conversation about these topics. Normally, they only surface after some trust and honest digging.

After listening to their side present your side not as imposed rules but as a need to minimize business pain and increase success rate:

• Sometimes people don’t know that the current practice is not working anymore. Present facts about the current performance and how bad it is for all.
• Sometimes people can’t imagine the positive consequences of change. Show them
  You can present all these four topics and at the end invite them to review the procedure with you and update it with their inputs.

You can find more information in the following links:

• QMS Change Management in 7 steps - https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/
• Gaining employee buy-in for your ISO 9001:2015 implementation - https://advisera.com/9001academy/blog/2015/12/15/gaining-employee-buy-in-for-your-iso-90012015-implementation/
• Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Evolving QMS system of home blood test kit

First, you need to define what is the classification of your product. Then you need to make technical documentation for the medical device requested by MDR 2017/745, and documentation for the quality management system, which is mostly done by ISO 13485:2016.

This documentation you can do by yourself, hiring a consultant, or by buying a documentation toolkit. Buying a documentation toolkit is the fastest way because there you have all the documents requested by the standard prepared and you only need to adjust it to your company, product, and processes. 

For more information, please see MDR Annex VIII – Classification rules: https://advisera.com/13485academy/mdr/classification-rules/

What is the content of the ISO 13485:2016 & MDR toolkit you can find on the following link: https://advisera.com/13485academy/iso-13485-eu-mdr-documentation-toolkit/ 

After you prepare all necessary documentation, you need to find a certification body for the certification according to the ISO 13485:2016. If your medical device is Class I, then it does not need to be certified by a Notified body. Class I medical devices need to be registered in the local agency for medical devices. If your medical device is a higher class (Is, Im, IIa, or Iib, III) than the certification process under the Notified body is required. 

For more information about the certification process, please see the following links:

• How to get ISO 13485 certified? - https://advisera.com/13485academy/iso-13485-certification/
• How to use ISO 13485 to get your devices approved for CE Marking - https://advisera.com/13485academy/blog/2017/10/12/how-to-use-iso-13485-to-get-your-devices-approved-for-ce-marking/
• How can ISO 13485 help with MDR compliance? https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/

• Regulatory requirements applicable for Ventilators

  According to the Article 8 – use of harmonized standard, medical devices must be in compliance with relevant harmonized standards, or the relevant parts of those standards, the references of which have been published in the Official Journal of the European Union. From this list, the following standards are applicable for the ventilators:
  • EN 794-3:1998+A2:2009 Lung ventilators — Part 3: Particular requirements for emergency and transport ventilators
  • EN ISO 8835-5:2009 Inhalational anesthesia systems — Part 5: Anaesthetic ventilators (ISO 8835-5:2004)
  • EN ISO 10651-2:2009 Lung ventilators for medical use — Particular requirements for basic safety and essential performance — Part 2: Home care ventilators for ventilator-dependent patients (ISO 10651- 2:2004)
  • EN ISO 10651-4:2009 Lung ventilators — Part 4: Particular requirements for operator-powered resuscitators (ISO 10651-4:2002)
  • EN ISO 10651-6:2009 Lung ventilators for medical use — Particular requirements for basic safety and essential performance — Part 6: Home-care ventilatory support devices (ISO 10651-6:2004)
  • EN 60601-2-12:2006 Medical electrical equipment — Part 2-12: Particular requirements for the safety of lung ventilators — Critical care ventilators IEC 60601-2-12:2001
  The following harmonized standards are applicable for all manufacturers of the medical devices:
  • EN 1041:2008 Information supplied by the manufacturer of medical devices
  • EN ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes (ISO 13485:2016)
  • EN ISO 15223-1:2016 Medical devices — Symbols to be used with medical device labels, labeling and information to be supplied — Part 1: General requirements (ISO 15223-1:2016, Corrected version 2017-03)

  For the decision are all of these standards applicable to your specific type of ventilators, I do not have enough data. Are there some other standards that are also applicable, the manufacturer must decide.

  For more details, please see:

  • EU MDR Article 8 – use of harmonized standard https://advisera.com/13485academy/mdr/use-of-harmonised-standards/
  • Official Journal of the European Union https://ec.europa.eu/growth/single-market/european-standards/harmonised-standards/medical-devices_en

  For more information on determining regulatory requirements according to ISO 13485:2016, see the following article:

  • How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/

  • Manufacturing sectors for ISO 9001 and ISO 16949

    ISO 9001:2015 have generic requirements and is intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.

    ISO 16949 was developed for the Automotive industry, and is based on ISO 9001, with several additional requirements to satisfy Automotive Industry Quality Management System requirements.

    You can find more information in the following links:

    • What is ISO 9001? https://advisera.com/9001academy/what-is-iso-9001/
    • Download free IATF 16949 materials - https://advisera.com/16949academy/free-downloads/
    • Free webinars on demand - https://advisera.com/9001academy/webinars/
    • ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
    • Books - https://advisera.com/books/iso-standard/iso-9001/

  • ISO 14001 Implementation

    Start with a self-assessment compliance checklist to list the initial gaps between ISO 14001:2015 requirements and your organization’s current environmental practices and performance. As long as you have top management support, any sound environmental management system starts with a clear identification of environmental aspects and impacts and its evaluation, and with an identification of any compliance obligations. Then, you have to plan your implementation project about how to improve and control environmental aspects situations and meet your environmental objectives aligned with an environmental policy.

    Please check this information below with more detailed answers:

    • Article - How to use an ISO 14001 self-assessment compliance checklist - https://advisera.com/14001academy/blog/2019/12/04/iso-14001-self-assessment-checklist-how-to-use-it/
    • Article - Is a gap analysis desirable for ISO 14001 implementation? - https://advisera.com/14001academy/blog/2016/11/14/is-a-gap-analysis-desirable-for-iso-14001-implementation/
    • ISO 14001:2015 Gap Analysis Tool - https://advisera.com/14001academy/iso-14001-gap-analysis-tool/
    • List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
    • Project checklist for ISO 14001 implementation - https://info.advisera.com/14001academy/free-download/project-checklist-for-iso-14001-implementation
    • ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
    • Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
    • Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
    • Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
    • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/