Quality Management Systems for the Food industry

Since its launch in 2005, ISO 22000 has been adopted as the food safety management system of choice for more than 32,000 organisations worldwide (based on data from the annual ISO survey, 2016). The first major revision to this standard is expected to be published in 2018. In line with agreed policy for management system standards, ISO 22000:2018 will adopt the 10-section, high-level structure created by ISO, based on identical core text, and common terms and definitions. It will in essence become a business management system and will have implications for the future training of...

ISO 13485:2016 Quality Management Systems

There is a new handbook ISO 13485:2016 – Medical devices – A practical guide just published. It was written by a group of technical experts from ISO’s technical committee ISO/TC 210. The handbook provides users with practical guidance and accurate interpretation of the requirements specified in the ISO 13485:2016, Medical devices –Quality management systems – Requirements for regulatory purposes. Mapped to the structure of ISO 13485:2016, the new handbook offers a step-by-step guidance for all organisations in the medical devices sector wishing to implement and maintain a quality management system. It covers guidance applicable to various stages of a medical device’s life cycle, including the gathering of customer requirements, design, development, production, supply chain, installation, servicing and post-market surveillance of medical devices. The handbook can serve as a practical guide for auditors, regulatory agencies and certification bodies, providing in-depth perspective on how requirements can be fulfilled to meet national regulations. It thus allows for a better understanding of the standard when preparing or conducting external and internal audits, as well as establishing local regulations and guidelines. Alongside its thorough description of ISO 13485, the new handbook also incorporates information from other sources of best practice most commonly used in the medical devices industry to meet the requirements of...

Food Safety and Quality Management System Standard

Since its launch in 2005, ISO 22000 has been adopted as the food safety management system (FSMS) standard of choice for more than 32,000 organisations worldwide (based on data from the annual ISO Survey last published in 2016). In addition, more than 16,000 organisations have been certified under the Food Safety System Certification 22000 (FSSC) private certification scheme, the core requirements of which replicate ISO 22000. Given that many of these organisations are global players in the food manufacturing and processing sectors, these figures demonstrate the considerable influence that the standard exerts on global food safety. The first major revision to ISO 22000 since its launch is expected to be published in 2018. The Draft International Standard (DIS) is now available and indicates that some significant changes are planned. This will affect not only those organisations that wish to maintain their system certification, but also those that are involved in the associated auditing programmes. In line with agreed policy for management system standards, ISO 22000:2018 will adopt the 10-section, high-level structure created by ISO based on identical core text and common terms and definitions. It will therefore follow the same structure as ISO 9001. This change alone will impact the system scope, top management involvement, documentation of the system, application of the risk-based approach to organisational needs, and create a clear focus on the process approach through the Plan-Do-Check-Act (PDCA) cycle. The changes will facilitate assimilation of the FSMS with other management system disciplines using this...

Business Continuity Management System

ISO 22301 is a management systems standard for business continuity management. It is a ‘generic standard’ in that it is designed to be used by organisations regardless of size and type or nature. It specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of, prepare for, respond to, and recover from disruptive incidents. Like ISO 9001, the standard uses the common language structure and it’s layout is similar to that of 9001. Organisations can obtain accredited certification against this standard and so demonstrate to legislators, regulators, customers, prospective customers and other interested parties that they are adhering to good practice in BCM. At present there are relatively few certificates issued, some 3,133 (ISO Survey 2015), compared to ISO 9001:2015 at 1,033,000. But this number is growing quickly, up 78 per cent over the previous year, making it the fastest growing of all ISO standards at...

Medical Device Single Audit Program

The International Medical Device Regulators Forum (IMDRF) recognises that a global approach to auditing and monitoring the manufacturing of medical devices could improve their safety and oversight on an international scale. At its inaugural meeting in Singapore in 2012, the IMDRF identified a work group to develop specific documents for advancing a Medical Device Single Audit Program (MDSAP). The Medical Device Single Audit Program allows an MDSAP recognised Auditing Organisation to conduct a single regulatory audit of a medical device manufacturer that satisfies the relevant requirements of the regulatory authorities participating in the program. International partners that are participating in the MDSAP include: Therapeutic Goods Administration of Australia Brazil’s Agência Nacional de Vigilância Sanitária Health Canada Japan’s Ministry of Health, Labour and Welfare, and the Japanese Pharmaceuticals and Medical Devices Agency The World Health Organization (WHO) Prequalification of In Vitro Diagnostics (IVDs)Programme and the European Union (EU) are Official Observers This Program was piloted for three years in the period 2014 to 2016. On 29 June 2017, a report was generated summarising the outcomes of prospective “proof-of-concept” criteria established to confirm the viability of the MDSAP. The outcomes documented in the Final MDSAP Pilot Report are based on data generated during the three year pilot. Based on its evaluation of the MDSAP Final Pilot Report, the MDSAP Regulatory Authority Council (the international MDSAP governing body) determined that the MDSAP Pilot had satisfactorily demonstrated the viability of the Medical Device Single Audit Program....

ISO 45001

The latest draft of ISO 45001 has now been approved and will replace OHSAS 18001:2007. When published the final ISO 45001 will join a suite of management systems standards including ISO 9001. The structure and layout will be similar to 9001 which will make the integration and auditing of integrated standards much easier....

Auditor Training in Quality Management System Auditing

Providing an organisation’s stakeholders with the necessary assurance that the business is meeting its legal requirements and other requirements is a key function of audit, there is also an important role for the management system auditor. Whether acting as a first, second or third party assessor, auditors are ideally placed to drive through organisational improvement. For third party (certification body) auditors this ability is somewhat restricted as a result of not being able to directly offer their clients consultancy. Nevertheless, by ensuring that the organisation is fully meeting the improvement requirements contained within clause 10 of the latest Annex SL-based management system standards such as ISO 9001, the third party auditor is still able to make an important contribution in moving an organisation forwards. For first and second party auditors there are no such constraints. These individuals should, indeed must, actively seek out opportunities to improve their own organisation’s policies, processes and people, and in the case of second party assessors, the performance of their external providers. All those attending auditor training courses must take this as a key learning to be...

Organisational Resilience

A new standard, ISO 22316, Security and resilience – Organizational resilience – Principles and attributes, provides a framework to help organizations future-proof their business, detailing key principles, attributes and activities that have been agreed on by experts from all around the...

Information Security Management System

The recent malware attack serves as a reminder for businesses to have a rigorous information security management system in place to mitigate against such threats. This is why the use of ISO/IEC 27001:2017 can be very beneficial for organisations to: • Examine the information security risks, taking account of the threats, vulnerabilities, and impacts. • Design and implement a coherent and comprehensive suite of information security controls and other forms of risk treatment such as risk avoidance, or risk transfer to address those risks that are deemed unacceptable, and • Adopt an overarching management process to ensure that the information security controls continue to meet the organisation’s information security needs on an ongoing...

Quality Management Systems for Education

While educational organisations can never guarantee the success of its learners, there are a number of ways that it can more effectively meet their needs and contribute to better learning outcomes. ISO 21001, Educational organizations – Management systems for educational organizations – Requirements with guidance for use, is a management system standard that is partially aligned with ISO 9001:2015 for quality management systems. It provides a common management tool for educational organizations aiming to improve their processes and address the needs and expectations of those who use their services. The standard has just reached Draft International Standard (DIS) stage, meaning that interested parties can submit feedback on the draft, which will be considered before it is published as a standard early next...