Search results

Choosing a certification body

There is not a universal answer. Different organizations choose different certification bodies based on issues like market preferences; client’s preferences and sector experience. You can find a comprehensive analysis in the following articles - How should you pick an ISO 9001 certification body? - https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/ and - How to choose a certification body - https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

Risk Treatment

To improve your knowledge about putting ISO27001 in practice I suggest you read our blog posts and papers because most of them include real examples on how to fulfill requirements of the standard or apply controls. A good general guide is these free download:

• Clause-by-clause explanation of ISO 27001 (PDF) https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
• Step-by-step explanation of ISO 27001 risk management (PDF) https://info.advisera.com/27001academy/free-download/step-by-step-explanation-of-iso-27001-risk-management

Besides the explanation in the papers themselves, they include links to detailed articles.

Regarding your example, please note that the Statement of Applicability is part of the risk management process required by ISO 27001, and it is created after risk analysis and risk treatment. The correct sequence of your example is:

• ISMS scope: where you define which information you want to protect and where it is located
• Risk analysis: the identification of relevant risks that can negatively impact your scope
• Risk treatment: the definition of the general approach to treat relevant risks (e.g., risk mitigation, risk avoidance, risk acceptance, and risk transfer)
• SoA: where you identify the controls that are considered applicable for you ISMS, the justification for include such controls, the justification for not including some of the controls of ISO 27001 Annex A (if necessary), and the implementation status of applicable controls.

These articles will provide you a further explanation about risk management according to ISO 27001 and implementation steps:

• ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
• ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
• How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These materials will also help you regarding ISO 27001:

• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Adherence to procedure

Perhaps the approach represented in this picture can help you:

Think about the not-adherence to the procedure as a rationale decision. Surprised?

• Sometimes people don’t want to change because there is inertia, there are things holding them back from changing. For example: Do they have all the resources or information needed to apply the new procedure? It is not unusual that a change requires an extra resource, or a new lay-out, that is still not in place.
• Sometimes people don’t want to change because there is anxiety, there are fears and concerns about the new procedure that hold them back from changing.
  Try an open and calm conversation about these topics. Normally, they only surface after some trust and honest digging.

After listening to their side present your side not as imposed rules but as a need to minimize business pain and increase success rate:

• Sometimes people don’t know that the current practice is not working anymore. Present facts about the current performance and how bad it is for all.
• Sometimes people can’t imagine the positive consequences of change. Show them
  You can present all these four topics and at the end invite them to review the procedure with you and update it with their inputs.

You can find more information in the following links:

• QMS Change Management in 7 steps - https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/
• Gaining employee buy-in for your ISO 9001:2015 implementation - https://advisera.com/9001academy/blog/2015/12/15/gaining-employee-buy-in-for-your-iso-90012015-implementation/
• Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Evolving QMS system of home blood test kit

First, you need to define what is the classification of your product. Then you need to make technical documentation for the medical device requested by MDR 2017/745, and documentation for the quality management system, which is mostly done by ISO 13485:2016.

This documentation you can do by yourself, hiring a consultant, or by buying a documentation toolkit. Buying a documentation toolkit is the fastest way because there you have all the documents requested by the standard prepared and you only need to adjust it to your company, product, and processes. 

For more information, please see MDR Annex VIII – Classification rules: https://advisera.com/13485academy/mdr/classification-rules/

What is the content of the ISO 13485:2016 & MDR toolkit you can find on the following link: https://advisera.com/13485academy/iso-13485-eu-mdr-documentation-toolkit/ 

After you prepare all necessary documentation, you need to find a certification body for the certification according to the ISO 13485:2016. If your medical device is Class I, then it does not need to be certified by a Notified body. Class I medical devices need to be registered in the local agency for medical devices. If your medical device is a higher class (Is, Im, IIa, or Iib, III) than the certification process under the Notified body is required. 

For more information about the certification process, please see the following links:

• How to get ISO 13485 certified? - https://advisera.com/13485academy/iso-13485-certification/
• How to use ISO 13485 to get your devices approved for CE Marking - https://advisera.com/13485academy/blog/2017/10/12/how-to-use-iso-13485-to-get-your-devices-approved-for-ce-marking/
• How can ISO 13485 help with MDR compliance? https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/

• Regulatory requirements applicable for Ventilators

  According to the Article 8 – use of harmonized standard, medical devices must be in compliance with relevant harmonized standards, or the relevant parts of those standards, the references of which have been published in the Official Journal of the European Union. From this list, the following standards are applicable for the ventilators:
  • EN 794-3:1998+A2:2009 Lung ventilators — Part 3: Particular requirements for emergency and transport ventilators
  • EN ISO 8835-5:2009 Inhalational anesthesia systems — Part 5: Anaesthetic ventilators (ISO 8835-5:2004)
  • EN ISO 10651-2:2009 Lung ventilators for medical use — Particular requirements for basic safety and essential performance — Part 2: Home care ventilators for ventilator-dependent patients (ISO 10651- 2:2004)
  • EN ISO 10651-4:2009 Lung ventilators — Part 4: Particular requirements for operator-powered resuscitators (ISO 10651-4:2002)
  • EN ISO 10651-6:2009 Lung ventilators for medical use — Particular requirements for basic safety and essential performance — Part 6: Home-care ventilatory support devices (ISO 10651-6:2004)
  • EN 60601-2-12:2006 Medical electrical equipment — Part 2-12: Particular requirements for the safety of lung ventilators — Critical care ventilators IEC 60601-2-12:2001
  The following harmonized standards are applicable for all manufacturers of the medical devices:
  • EN 1041:2008 Information supplied by the manufacturer of medical devices
  • EN ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes (ISO 13485:2016)
  • EN ISO 15223-1:2016 Medical devices — Symbols to be used with medical device labels, labeling and information to be supplied — Part 1: General requirements (ISO 15223-1:2016, Corrected version 2017-03)

  For the decision are all of these standards applicable to your specific type of ventilators, I do not have enough data. Are there some other standards that are also applicable, the manufacturer must decide.

  For more details, please see:

  • EU MDR Article 8 – use of harmonized standard https://advisera.com/13485academy/mdr/use-of-harmonised-standards/
  • Official Journal of the European Union https://ec.europa.eu/growth/single-market/european-standards/harmonised-standards/medical-devices_en

  For more information on determining regulatory requirements according to ISO 13485:2016, see the following article:

  • How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/

  • Manufacturing sectors for ISO 9001 and ISO 16949

    ISO 9001:2015 have generic requirements and is intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.

    ISO 16949 was developed for the Automotive industry, and is based on ISO 9001, with several additional requirements to satisfy Automotive Industry Quality Management System requirements.

    You can find more information in the following links:

    • What is ISO 9001? https://advisera.com/9001academy/what-is-iso-9001/
    • Download free IATF 16949 materials - https://advisera.com/16949academy/free-downloads/
    • Free webinars on demand - https://advisera.com/9001academy/webinars/
    • ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
    • Books - https://advisera.com/books/iso-standard/iso-9001/

  • ISO 14001 Implementation

    Start with a self-assessment compliance checklist to list the initial gaps between ISO 14001:2015 requirements and your organization’s current environmental practices and performance. As long as you have top management support, any sound environmental management system starts with a clear identification of environmental aspects and impacts and its evaluation, and with an identification of any compliance obligations. Then, you have to plan your implementation project about how to improve and control environmental aspects situations and meet your environmental objectives aligned with an environmental policy.

    Please check this information below with more detailed answers:

    • Article - How to use an ISO 14001 self-assessment compliance checklist - https://advisera.com/14001academy/blog/2019/12/04/iso-14001-self-assessment-checklist-how-to-use-it/
    • Article - Is a gap analysis desirable for ISO 14001 implementation? - https://advisera.com/14001academy/blog/2016/11/14/is-a-gap-analysis-desirable-for-iso-14001-implementation/
    • ISO 14001:2015 Gap Analysis Tool - https://advisera.com/14001academy/iso-14001-gap-analysis-tool/
    • List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
    • Project checklist for ISO 14001 implementation - https://info.advisera.com/14001academy/free-download/project-checklist-for-iso-14001-implementation
    • ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
    • Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
    • Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
    • Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
    • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
       

  • ISO 14001 Lead Auditor

    Can one implement ISO 14001 without been an ISO 14001 Lead Auditor?

    Answer:

    Yes, there is no mandatory requirement to be a Lead Auditor, to be able to implement an ISO 14001 environmental management system (EMS). Anyone wanting to implement an ISO 14001 EMS can do it as long as he/she get knowledge about the standard and/or get help from a consultant.

    Which is a better qualification to possess as an environmental manager introduction to ISO 14001 certification or Lead Auditor course ISO 14001?

    Answer:

    As an environmental manager, if you need an introduction to ISO 14001 then ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/ is the right course for you. The focus is on ISO 14001 and you will be able to understand the standard and feel more confident for starting an implementation project. Alternatively you can have a course like ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ because that way you will be able to perform internal audits during the implementation. The ISO 14001:2015 Internal Auditor Course has 9 modules, and the first 5 are included in the ISO 14001:2015 Foundations Course. Another possibility is our ISO 14001:2015 Lead Implementer Course - https://advisera.com/training/iso-14001-lead-implementer-course/ with 11 modules. The first 5 are included in the ISO 14001:2015 Foundations Course, the other 6 are about techniques to implement a management system.

    Please check this article - How to choose the most appropriate training - https://advisera.com/training/compare/

  • Requirements for ISO 45001 implementation

    ISO 45001 is not just about writing documents, what is really important is having all the necessary processes and records in place for the OHSMS; and be actively using these processes. If you are thinking about certification, the certification body will have some requirements before they will audit your OHSMS after implementation; so, this is also needed for you to know your system is fully implemented. The certification body will expect:

    - You use the system for a number of months (often 6) to ensure there are enough records collected to adequately audit.

    - You have performed a complete set of internal audits for all your processes, and taken corrective actions where needed.

    - You have performed at least 1 full management review of all required management review inputs and taken corrective actions where needed.

    This is really what you need to do to say you are fully implemented, and then continue using your system with internal audits and management reviews to maintain.

    For a graphical view of the full implementation process, see this: Diagram of ISO 45001 Implementation Process, https://info.advisera.com/45001academy/free-download/diagram-of-iso-45001-implementation-process

  • Replacing OHSAS 18001 by ISO 45001

    Moving your OHSMS from a system based on OHSAS 18001 to ISO 45001 is not that difficult as most of the processes form OHSAS 18001 are used in the new ISO 45001 standard. The main additions for ISO 45001 are the inclusion of the definition of the context of the organization; specifically identifying the issues that affect the OHSMS and the interested parties and their needs.

    Some helpful tools that will assist with this are as follows:

    For an easier transition, the whitepaper: Twelve-step transition process from OHSAS 18001 to ISO 45001, https://info.advisera.com/45001academy/free-download/twelve-step-transition-process-from-ohsas-18001-to-iso-45001

    To understand the main changes, the webinar: ISO 45001 vs OHSAS 18001 the main changes, https://advisera.com/45001academy/webinar/iso-45001-2017-vs-ohsas-18001-2007-the-main-changes-on-demand/

    To make sure you don’t miss any required documentation, the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001