Search results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Mandatory information in Conformity Declaration for Medical Device Class I

    If the new product has the same intended purpose, same name, and same GMDN, then yes, it is not necessary to have a new Declaration of conformity. This situation is called medical device family and for one medical device family, it is OK to have a unique Declaration of conformity. Usually, in cases when there are a lot of models, then there is an annex to the Declaration of conformity with the whole list of models.

    What I am concerned about here is the use of GMDN codes. EU published EU codes which are called EMDN codes and all medical devices under the MDR must have that codes. In the links are EMDN codes and a database where you can find which codes are applicable for your medical device family.

    For more information, see:

    Considering the UDI, for the class I medical devices, according to Article 123, the deadline for implementation of UDI is May 2025. So, this means that there is still no need to have a BASIC UDI on the Declaration of conformity.

    For further information, see:

    The next thing which is important to be on the Declaration of conformity according to the MDR is the Single registration number (SRN), so please check if that information is on it.

  • GDPR implementation

    There are many methodologies in order to drive a GDPR-compliance project. At Advisera, we have an EU GDPR Toolkit containing 39 document templates – all documents required by GDPR, plus commonly used non-mandatory documents – which can help you drive your GDPR-compliance project, as the toolkit is designed in a structured way, allowing you to start the project while filling the documents in the first directory, Preparations for the Project. This directory contains a Readiness Assessment Template and a Project Plan Template, which can be filled using our step-by-step indications in the comments from the documents. Then you can start filling the templates available in all the directories in the toolkit. The toolkit also provides you access to video tutorials, email support, expert review of a document, one hour of live one-on-one online consultations with a GDPR expert, and many other benefits.

    We can also help you with free GDPR training (at the end you can purchase a certification), free articles, and free webinars.

    Please also consult these resources:

  • ISO 13485 Internal Auditor

    One solution is that all of you are educated for internal auditors and audit each other. Another solution is to hire an external company that will provide the internal audit for you. It can be a consultant company that knows the ISO 13485 (you need proof of that), or a person who is an auditor for other notify bodies and with whom you will have a contract that he/she is your internal auditor.   

  • Special Interest Groups

    Examples of special interest groups are manufacturers, specialized forums, and professional associations. The government is another example of a special interest group.

    This article will provide you with further explanation about special interest groups:

  • SOA Based ISMS Manual

    If I understood correctly, you’ve sent the SoA-based ISMS Manual.

    Considering that, first is important to note that an SoA compliant with ISO 27001 must contain the following information:

    • All applied controls
    • Justification for inclusions
    • Implementation status
    • justification for exclusions of controls from Annex A

    In case any of this information is missing, the SoA document will not be accepted by an auditor.

    As for the 2nd level document (the SoA Based ISMS Manual), we do not recommend such an approach to our customers, because this kind of document requires a great effort to be written but is of very limited use for employees in the company. Instead, you should focus on writing the security policies and procedures (included in your toolkit) that describe how to implement and maintain security in your company.

    For further information about an ISMS manual, please see:

    • Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/

    • Position Description Question

      ISO 27001 does not prescribe how to define information security roles and responsibilities, so organizations are free to define them as best fit their needs, i.e., either as roles and responsibilities included in an existing Position Description that performs some information security activities (e.g., the Network Engineer) or as roles and responsibilities in a new Position Description on which information security is the core activities (e.g., the Chief Information Security Officer). 

      Considering your example, in small and midsized businesses, a Network Engineer can perform information security activities (e.g., backup), then roles and responsibilities can be included in this Position Description. In bigger companies, it may be required that you have a specific role to perform a backup, so a Backup Engineer may be a required Position Description.

      This article will provide you with further explanation about documenting roles and responsibilities:

Page 64-vs-13485 of 1130 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +