Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Product Realization requirements for distribution and manufacturing facility
1. The facility is a manufacturing and distribution warehouse. Do I still need to meet clause 7. Product realization requirements as per the standard?
2. Do we need to keep medical device files for all our stored substances or is this for a manufacturer only?
Thanks for your help
Answer:
1. I am currently doing an ISO 13485 system for the first time. I have several years of experience in ISO 9001 and EHS but need help in 13485, please. The facility is a manufacturing and distribution warehouse. Do I still need to meet clause 7. Product realization requirements as per the standard?
Answer: If you are providing services of distribution and manufacturing to external medical device clients, yes you have to meet Clause 7
2. Do we need to keep medical device files for all our stored substances or is this for a manufacturer only?
Answer: Yes, keep a copy of the medical device files.
For further information, you can refer, to :
What is ISO 13485?
https://advisera.com/13485academy/what-is-iso-13485/
Clause-by-clause explanation of ISO 13485:2016
https://info.advisera.com/13485academy/free-download/clause-by-clause-explanation-of-iso-13485
Checklist of ISO 13485 implementation and certification steps
https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/ -
Environmental aspects with a jeans producing company
Answer:
I have no previous experience of working with a jeans producing company. However, I would start by designing the jeans life-cycle:
Raw material production and transport
Raw material preparation
Denim production
Garment production
Transport and retailing
Distribution to the end user
Recycle or Reuse or Waste management
Then, according to the organization’s capacity for controlling or influencing interested parties along the jeans life-cycle, I would start listing environmental aspects. Their evaluation can be done according to one of several methodologies easily available.
The following material will provide you information about environmental aspects assessment and their evaluation:
- ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Environmental aspect identification and c lassification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
What is the purpose of the scope of a QMS
Answer:
An organization, a business unit or a hospital, can have several lines of products, can have different markets, can provide different services. Once an organization decides to implement a quality management system (QMS) and certify it, the organization is not obliged to integrate all those services, lines and products under the QMS and subject all activities to certification. For example, a hospital with 10 different services can decide to certify only 2 (Diagnostic Imaging and Gastroenterology). Deciding the scope of the QMS is not a technical decision, it is a management decision.
The certificate describes the scope of the QMS in order to avoid misleading any interested party.
The following material will provide you more information about scope definition:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- free online training ISO 9001:2015 Fo undations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Organizing documentation
Answer:
First thing to do is to identify which documents must be accessed by which persons or roles, so you can group them in a way that will minimize risks of unauthorized access.
Considering that, files and folders generally are organized in terms of departments or processes where they are used.
These articles will provide you further explanation about control of documents and records:
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
- Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/ (Although this article is about a different standard, these principles are still applicable to ISO 27001). -
Scope definition and its implications
Answer:
Yes, your company can limit the scope to the production of a set of specific chemicals.
The following material will provide you more information about scope definition:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/ urse/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Emergency Situation identification
For example:- Fire & explosion emergency and how identify emergency situations from Fire & Explosions.
Answer:
The main requirement form ISO 45001 and the OHS management system is to identify potential emergency situations and then create response plans for them, these situations need not be broken down further unless the company determines this to be necessary. There are a number of ways to identify emergency situations; look at legal requirements for emergency response, review the hazards and risks you identified for your processes, and look to industry guidelines and rules that might exist.
Remember the important this is to identify what could go wrong in your workplace that could lead to an emergency and make a plan to respond.
You can learn more about hazard identification in this article: How to identify and classify OH&S hazards, https://advisera.com/45001academy/blog/2015/05/14/how-to-identify-and-classify-ohs-hazards/
For more information on what needs to be documented for ISO 45001 see our whitepaper “Checklist of Mandatory Documentation Required by ISO 45001”, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001 -
Risk assessment and risk management
Answer: Risk assessment is the process to identify, analyse and evaluate risks, so you can prioritize them, allowing you to focus on the most relevant risks and optimize resources.
2. What is the difference between threat and risk?
Answer: Threat is an agent (e.g., a person, a malware, a natural event, etc.) that has the potential to cause an incident, while the risk is the relation between the impact and the probability of an incident to happen.
These articles will provide you further explanation about risk and threats:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
This material will also help you regarding risk and threats:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Security Awareness Training: https://advisera.com/training/awareness-session/security-awareness-training/– this is a series of 25 videos that cover various topics related to security. -
Legal basis for processing personal data
Answer:
If you refer to which legal basis you should use for processing personal data such as CV of candidates, the most suitable one would be a contractual obligation. In your specific case, the processing is necessary for the performance of a contract with the individual or in order to take steps at the request of the individual prior to entering into a labor agreement/contract. The same legal basis should be used for processing employees personal data after joining the company. For the background check prior to employment, you should use legitimate interest as the legal basis for processing.
If you want to find out more about the legal basis for processing personal data check out this article: Is consent needed? Six legal bases to process data according to GDPR (https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/). -
Change Control in an Agile DevOps environment
Answer:
The Change Management Policy template included in your toolkit can be adapted to the requirements of Agile DevOps environment. You only have to see the included comments in the template to see where you can include your specific requirements. By following the guidance of the comments you can adapt the Change Management Policy to support Agile DevOps environment while in compliance with ISO 27001. This template is located in folder 8. Annex A, subfolder A.12 Operations security
This article will provide you further explanation about change control:
- How to manage changes in an ISMS according to ISO 27001 A.12.1.2 https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/
These materials will also help you regarding change control:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Integrating the Risk Management Framework (RMF) with DevOps https://resources.sei.cmu.edu/asset_files/Presentation/2018_017_001_517074.pdf
- NIST Special Publication 800-53 (Rev. 4) - CM-3 CONFIGURATION CHANGE CONTROL https://nvd.nist.gov/800-53/Rev4/control/CM-3 -
Applicable ISO Standards for Sterilization
Answer:
Please refer to the following standards applicable for sterilization:
1. ISO 11135:2014-Sterilization of health-care products -- Ethylene oxide -- Requirements for the development, ,validation and routine control of a sterilization process for medical devices
2. ISO 11137-1:2006-Sterilization of health care products -- Radiation -- Part 1: Requirements for development, validation and routine control of a sterilization process for medical devices
3. ISO 17665-1:2006: Sterilization of health care products — Moist heat — Part 1: Requirements for the development, validation and routine control of a sterilization process for medical devices
4. ISO 20857:2010-Sterilization of health care products -- Dry heat -- Requireme nts for the development, validation and routine control of a sterilization process for medical devices
5. ISO 25424:2018-Sterilization of health care products -- Low temperature steam and formaldehyde -- Requirements for development, validation and routine control of a sterilization process for medical devices
You may refer further to the link: https://www.iso.org/committee/54576/x/catalogue/p/1/u/0/w/0/d/0 which will provide detailed description of each standard.