Search results

ISO 13485 vs. ISO 9001

No, you can not relay completely to ISO 9001:2015 because ISO 13485 does not have the same structure as ISO 9001 (ISO 9001:2015 has 10 sections, while ISO 13485 still have 8). Also, ISO 13485 has some specific requirements (like requirements for sterilization, implantable medical devices, service or installation). So, you need to get acquainted in details with ISO 13485:2016.

For more information please read the following articles:

ISO 9001 vs. ISO 13485 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/

What are the ISO 13485 structure and requirements https://advisera.com/13485academy/what-is-iso-13485/

What are the requirements for Production and service provision process in ISO 13485 https://advisera.com/13485academy/blog/2017/12/13/production-and-service-provision-process-in-iso-13485/

E-mail use

ISO 27001 does not prescribe specific rules on email security, only that related unacceptable risks are treated. Considered that, it is possible to create exclusions for the use of email service to fulfill this specific need, provided that unacceptable risks related to e-mail forwarding/relay are treated.

Condominium administrator

I really don't think it is necessary for the owner and tenants to attend this course as the GDPR is not applicable to household processing of personal data.

I think that the only interested party should be the representatives of the company administering the property.

However, if you want to find out more about the EU GDPR check out this free EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).

Document signatures requirement

Please check ISO 9001:2015 clause 7.5.2 c).

There are no requirements about how many signatures are needed. So, it is up to your organization to decide.

As a minimum, one signature by document can evidence check and approval simultaneously. Or, your organization can decide to have two signatures by document, one for check and another for approval. Or, your organization can decide to have three signatures by document, one for writing, other for checking and another for approval.

The following material will provide you more information about document control:

- Article - New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Enroll for free in this course -  ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
 

AS9100 Revision C vs Revision D

The biggest change in the AS9100 standard from Rev C to Rev D is the incorporation of ISO 9001:2015, which brings in some necessary processes like identifying the context of the organization, identifying the needs and expectations of interested parties, as well as risk-based thinking at the top level. Additionally, they have brought in aerospace requirements for controlling counterfeit parts and product safety.

For more detail please see the articles: AS9100 Rev D vs. Rev C: What has changed?, https://advisera.com/9100academy/knowledgebase/as9100-rev-d-vs-rev-c-what-has-changed/  and 12 Steps to transition from AS9100 Rev C to Rev D, https://advisera.com/9100academy/knowledgebase/12-steps-to-transition-from-as9100-rev-c-to-rev-d/

Exemption for design clause 8.3

I believe it is a common situation among manufacturers that work for brands. The customer (the brand) designs and specifies the product, the manufacturer because of any of several motifs can suggest changes. Changes have to be validated by the customers. So, the final word on the product and the final responsibility is always on the customer side. In these cases, exemption for design clause 8.3 is applicable.

The following material will provide you more information about scope and clause applicability:

- Article - What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- Free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Enroll for free in this course -  ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Vendor risk management career

Considering ISO standards, you should focus on courses related to ISO 27036, which covers information security for supplier relationships: https://www.iso27001security.com/html/27036.html 

This standard provides guidance on the evaluation and treatment of risks involved in the acquisition of goods and services from suppliers.

For additional information about supplier security, see:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

Audit planning

For certification maintenance purposes, all elements included in the ISMS scope of each certification must be audited at least once during the 3-year period of the certificate validity, so all applied controls must be audited.

Considering your situation, an alternative approach would be for your organization to hire an external audit company to perform internal audits covering less critical controls, leaving you two free to focus on the audits covering the most critical controls.

However, you might have a problem with the level of details you are auditing - it is not necessary to audit each and every record, you can select only a representative sample. Learn more here: ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

This article will provide you further explanation about planning audits:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

Questions regarding GDPR

1. Is the GDPR applicable to the clinic if we have EU customers?

If you are specifically targeting clients in the EU then in relation to the processing activities of the health data the EU GDPR would be applicable.

2. We ask for some information form possible patients details about their health conditions and allergies. Is there any specific conditions to comply with?

If the health data is required strictly in relation to the medical procedure than it should be ok to ask for this information, You need to specify in your Privacy Notice for what purpose you are asking for health data.

If you want to find out more about Privacy Notices check out this webinar "Privacy Notices under the EU GDPR" (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/).

3. Do we need a DPO?

If your main activities imply the processing health data of EU data subjects you should consider hiring a DPO or contracting a third party that can provide such services.

4. Do we need to ask for consent before asking the health data?

No, consent is not needed provided you ask for the health data in order to protect the vital interest of the patients.

5. We have a contract with a hotel where we keep the patients after the procedure. We send them the names of the patients to the hotel. Do we need to do something?

This highly depends on your activity and the types and categories of personal data you are processing, 

6. How much would it take to be compliant with GDPR?

You can get an idea on the duration by accessing this EU GDPR Compliance Calculator (https://advisera.com/eugdpracademy/eu-gdpr-compliance-duration-calculator/)

ISO13485 and MDSAP

Yes, our ISO 13485 Toolkit supports requirements of ISO 13485 in the MDSAP. ISO 13485 Toolkit takes you through all the MDSAP requirements and tells you WHAT needs to be done. MDSAP guides you on HOW to make individual requirement. So ISO 13485 Toolkit and MDSAP complement each other.