Search results

Is technical file of device mandatory to put on device on market?

Yes, you understand it right. 

27001 audits

I’m assuming that:

• the ISMS scope covers only the company’s head office and the sub-sites only interact with the ISMS scope (they are not part of it)
• you are referring to an internal audit, not to a certification audit.

Considering that, when the scope is only the head office, you do not need to audit the sub-sites.

In this case, the sub-sites can be audited as part of the supplier monitoring process, which is a completely separated process.

At most, during the audit of the head office, you can ask for the audit reports from the sub-sites, to check if audits were performed and if treatment of raised non-conformities is being followed up, but you do not need to enter in further detail.

This article will provide you with further explanation about auditing:

• How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit

These materials will also help you regarding auditing:

Question from ISO 27001 Foundations Course

Please note that at the beginning of the video (at the 10th second) it is said that requirements and interested parties need to be “determined”, which is different from being documented. You only need to identify them.

Only in the case that control A.18.1.1 - Identification of applicable legislation and contractual requirements is deemed applicable for an ISMS, such requirements and interested parties need to be documented.  

Links between 14001, 27001 and 45001

Please note that ISO 31000 is only one of many available approaches for risk management an organization can adopt (other examples are NIST RMF, German BSI, USA OCTAVE-S, etc.), according to their specific business needs, and promoting a single approach over others is not an objective of ISO.

If an organization has implemented a systematic risk management approach that works for its context and is aligned with applicable legal requirements, then it is enough to be compliant with ISO management standards.

Please also note that, in general, legal requirements that demand the implementation of an ISO standard are not specific to mandatory risk management approaches.

Applying Project Checklist for ISO 13485:2016 Implementation in a food processing organization

Although there are some similarities, food processing has its own requirements, and our project checklist is not completely applicable to food processing organizations. HACCAP checklist is more applicable for that type of organization, but also some other standards that are specified for the food industry. 

Mandatory information in Conformity Declaration for Medical Device Class I

If the new product has the same intended purpose, same name, and same GMDN, then yes, it is not necessary to have a new Declaration of conformity. This situation is called medical device family and for one medical device family, it is OK to have a unique Declaration of conformity. Usually, in cases when there are a lot of models, then there is an annex to the Declaration of conformity with the whole list of models.

What I am concerned about here is the use of GMDN codes. EU published EU codes which are called EMDN codes and all medical devices under the MDR must have that codes. In the links are EMDN codes and a database where you can find which codes are applicable for your medical device family.

For more information, see:

• European Medical Device Nomenclature (EMDN) https://webgate.ec.europa.eu/dyna2/emdn/

For further information, see:

• EU MDR Article 123 - Entry into force and date of application https://advisera.com/13485academy/mdr/entry-into-force-and-date-of-application/

The next thing which is important to be on the Declaration of conformity according to the MDR is the Single registration number (SRN), so please check if that information is on it.

GDPR implementation

There are many methodologies in order to drive a GDPR-compliance project. At Advisera, we have an EU GDPR Toolkit containing 39 document templates – all documents required by GDPR, plus commonly used non-mandatory documents – which can help you drive your GDPR-compliance project, as the toolkit is designed in a structured way, allowing you to start the project while filling the documents in the first directory, Preparations for the Project. This directory contains a Readiness Assessment Template and a Project Plan Template, which can be filled using our step-by-step indications in the comments from the documents. Then you can start filling the templates available in all the directories in the toolkit. The toolkit also provides you access to video tutorials, email support, expert review of a document, one hour of live one-on-one online consultations with a GDPR expert, and many other benefits.

We can also help you with free GDPR training (at the end you can purchase a certification), free articles, and free webinars.

Please also consult these resources:

• EU GDPR Documentation Toolkit: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
• EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/
• EU GDPR Data Protection Officer Course: https://advisera.com/training/eu-gdpr-data-protection-officer-course/
• 9 steps for implementing GDPR: https://advisera.com/articles/9-steps-for-implementing-gdpr/
• List of mandatory documents required by EU GDPR: https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
• A summary of 10 key GDPR requirements: https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/

ISO 13485 Internal Auditor

One solution is that all of you are educated for internal auditors and audit each other. Another solution is to hire an external company that will provide the internal audit for you. It can be a consultant company that knows the ISO 13485 (you need proof of that), or a person who is an auditor for other notify bodies and with whom you will have a contract that he/she is your internal auditor.