Search results

Requirement of ISO 13485 for manufacturing of semi-finished product

Yes, you need to prove that your prosthetic liner is biocompatible with the human body. To prove it, you need to perform certain tests according to the ISO 10993-1:2018 Biological evaluation of medical devices — Part 1: Evaluation and testing within a risk management process. Guidance on which tests you need to perform you can find in Annex A of this standard. The number and scope of tests will depend on the length of contact of the medical device with the skin, the type of contact, and the like. 

Considering the test for durability, you need to prove how long your product is stable when using in compliance with instructions of use. This includes, for example: how long the prosthesis is worn during the day, whether it is properly maintained, whether it is left somewhere in the strong sun or not.

As for testing, I don’t know what part of the world you’re in. If you are in Europe, there is a whole chain of Eurofins labs that do different tests, so you can ask them.

ISO 13485 requirements for outsourced processes under MDR

Hi, my question concerns companies that provide sales, service, repair, and installation services to customers. Obviously, they don't have control over the outsourced process, as it can only be justified by legal manufacturer, not distributors. Do you have any advice for managing the outsourced process in such cases? Also, I would appreciate it if you could point out any specific regulation under UKMDR that would be applicable to this matter.

Integration suggestion on QMS (AS9100) & ISMS (27001)

Inclusions and exclusions in the scope of ISMS will depend on the information, your organization wants to protect.
You need to identify in which part of your company is your most valuable information - see the details here: How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

For example, if the most important information is about new products, then the Research & Development process/department must be in the scope. If the most important information is about customers, then the Customer support process/department must be in the scope. You can also define all the organization's information as part of the ISMS scope.

This article can provide you further answer about integrating management systems (the general concept applies to your case):

• How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/

These materials will also help you regarding scope definition:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Certified company not taking the audit comments

Thank you for sharing about 4 effective risk mitigation strategies, these will be really helpful for me. I love reading this blog; it talks so much about planning a great idea about it. Keep sharing such informative articles in future, will be appreciated. See @ https://parapet.com/Solution****************************

How to report to senior management

ISO 9001:2015 does not prescribe a specific method. Clause 7.4 mentions the use of:

• what to communicate;
• when to communicate
• with whom to communicate;
• how to communicate;
• who communicates.

So, about communicating to senior management we need to decide first what do they want or need to receive. Perhaps:

• performance information about processes and the whole management system;
• sales performance information;
• complaints information;
• costs information;
• defects information;
• customer satisfaction information

Then, decide frequency, the when: Weekly? Monthly? Quarterly?

And the how – Meeting report? Special report? Digital dashboard?

The following material will provide you information about communication:

• Communication requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/11/01/communication-requirements-according-to-iso-9001-2015/
• You can enroll for free in this ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Incorporation of conformity assessment in QMS

Conformity assessment is a process that is used to demonstrate that a product meets specified requirements. In the case of medical devices, it means that conformity assessment is a process of demonstrating whether the requirements of MDD (93/42/EEC) or MDR (2017/745) relating to the device have been fulfilled. So, all documentation, tests, and reports according to the applicable regulations need to be done. It means that you need to define your processes in the way to collect all of it. 

Here you have a direct link to Annex 9 of the MDR

• Conformity assessment based on a quality management system and assessment of the technical documentation: https://advisera.com/13485academy/mdr/conformity-assessment-based-on-a-quality-management-system-and-assessment-of-the-technical-documentation/

• Defining Scope

  1. How to define Scope

  You need to identify in which part of your company is your most valuable information. You can start this by identifying which information is important for your organization to achieve its objectives and be compliant with applicable legal requirements (e.g., laws, regulations, and contracts)

  Generally speaking, for a company of up to 100 employees, the best option is to include the whole company in the scope.

  These articles will help you:

  • How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
  • Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

  2. Can we say that a company is certified if it is just a part that meets the standards?

  You need to check the specific procedures on how to communicate the certification status to external parties with the certification body, but generally speaking, wherever you display information about the certification status you also need to provide information for people to verify the certification scope (e.g., the certification number, a link to a copy of the certification, etc.).

  3. A company that builds an IT solution. Can we make a difference between its business infrastructure and the product infrastructure?

  You can define the ISMS scope considering only specific parts of your organization, but in general, this is worthy only for bigger organizations.

• ISO 27001 + TISAX

  We are not experts on TISAX, but what we can tell you, based on ISO scenario, is that you have to consider:

  • legal requirements (e.g., laws, regulations, and contracts), to understand if TISAX is mandatory for your industry
  • business objectives, to understand if the TISAX certification and maintenance effort is worth the expected benefits

  This article will provide you a further explanation about TISAX and ISO 27001:

  • How ISO 27001 and TISAX are related https://advisera.com/27001academy/blog/2019/03/11/how-iso-27001-and-tisax-are-related/

• Context of organization - culture, beliefs, values, or principles

  Clause 4.1 of ISO 9001:2015 mentions internal and external issues. Culture, beliefs, values, or principles inside the organization are internal issues. For example, different organizations have different risk aversion cultures. For example different organizations have different beliefs concerning short and long term investment.

  The following material will provide you information about the context of a management system:

  • How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
  • How to Align Company Culture with ISO 9001 - https://advisera.com/9001academy/blog/2014/10/14/align-company-culture-iso-9001/
  • Free webinar - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Process approach auditing

   

  how to use the approach with top management and some support functions

  I use the process approach in my audits for many years. However, when auditing top management, I mix the process approach with the clause approach. For example: management review, quality policy and objectives, risks and opportunities, context and interested parties, monitoring, and evaluation.

  Am on the right thought path with "the process style" of auditing?

  Yes, I believe you are, based on your description.

  what clauses are most useful to audit against for different types of processes?

  Let me show you the turtle diagram:

  

  You can audit a process and consider one or more ISO 9001:2015 clause(s) relevant from section 8. But for any process, you can use the turtle diagram and list several other clauses that you can audit:

  

  You can find more information about auditing below:

  • Article - ISO 9001 Audit checklist: https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/
  • Article - How to create a checklist for an ISO 9001 internal audit for your QMS: https://advisera.com/9001academy/blog/2016/07/12/how-to-create-a-check-list-for-an-iso-9001-internal-audit-for-your-qms/
  • Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about developing checklist questions)
  • ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/