The webinar covers:
• Risk assessment in medical device management systems
• Key issues pertaining to ISO 13485
• FMEA model in medical devices management systems
Presenter:
This webinar will be presented by Mohmed EL Mahdy, PECB Certified Trainer who has extensive experience in Lead Auditor ISO 13485.
A comprehensive description of the new requirements introduced by ISO 14971:2019 Application of risk management to medical devices and ISO/TR 24971 Technical Report for the FDA, MDR and IVDR
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...Greenlight Guru
The 3rd Edition of the medical device risk management standard, ISO 14971:2019, and its companion guidance document, ISO TR 24971:2019, will be published by year-end.
The new structure of the two documents will be presented so that the manufacturer can determine any changes to the risk management system and possibly the quality system that may be required.
These may include simple reference changes in procedures or revision to production and post-production processes that may be required.
Presenter Edwin Bills is an international member of the technical committee, ISO TC 210 JWG1, responsible for the revision of the third edition of ISO 14971 risk management standard.
TALK TAKEAWAYS:
• A detailed look at the new changes to ISO 14971:2019 and ISO TR 24971:2019.
• Reasons for the changes to the latest version
• How to prepare for the coming changes in the standard
This session took place live at the Greenlight Guru True Quality Virtual Summit, a three-day event for medical device professionals to learn to get their devices to market faster, stay ahead of regulatory changes, and use quality as their multiplier to grow their device business.
This presentation consist of what ISO 13485 is and why is it important to consider this standard while designing a medical device. It will help u understand what Quality actual is and its importance in medical device industry. It gives you insight about quality management system and its documentation.
This presentation consist of what ISO 14971 is and why is it important to consider this standard while designing a medical device or any device for that matter. It will help u understand what Risk actual is and importance of risk management in medical device industry. It gives you insight about Risk management technique. You will Understand FMEA and how to use it.
Medical devices – Quality management
systems – Requirements for regulatory
Purposes. ISO is an organization that develops Standards for use
worldwide.
ISO 13485 helps companies do their share in protecting
consumers and users of medical devices.
ISO 13485 Outlines criteria for a good Quality
Management System (QMS).
QMS criteria are good business practices ...
for example:
• Set Quality goals
• Ensure that regulations and other requirements are
understood and met
• Train employees
• Control your production processes
• Purchase from suppliers that can provide products that
meet your requirements
• Correct problems and make sure they do not happen again
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
ISO 13485:2016 is an international standard that sets out the requirements for a quality management system (QMS) specific to the medical devices industry. The standard focuses on meeting customer and applicable regulatory requirements and is intended for any organization partially or fully involved in the medical device life-cycle.
This presentation can be used to brief your employees, new hires and potential auditees so as to create awareness of the ISO 13485:2016 standard. Alternatively, the presentation may be used to supplement your materials for the training of QA professionals and internal auditors in the medical devices industry.
It covers the what and why of ISO 13485, the QMS key clause structure, the audit approach and also offers practical tips on how to handle an audit session. When you are done teaching this material to your employees, they will be much more informed and comfortable with ISO 13485:2016.
LEARNING OBJECTIVES
1. Provide background knowledge on ISO 13485:2016
2. Gain an overview of ISO 13485:2016 structure and the certification process
3. Understand the audit approach
4. Gather useful tips on handling an audit session
CONTENTS
1. Overview of ISO 13485
About ISO
What are Standards?
Why are Standards Important?
What is ISO 13485?
Who is ISO 13485 For?
What is a Medical Device?
What is a Quality Management System?
How Does ISO 13485 Work?
Benefits that ISO 13485 Will Bring to the Organization
Advantages of Certification
Development of ISO 13485
Why Was ISO 13485 Revised?
Key Improvements to ISO 13485:2016
Relationship of ISO 13485 with ISO 9001
2. ISO 13485:2016 Structure
The ISO 13485:2016 Structure
The Plan-Do-Check-Act (PDCA) Process Model
ISO 13485:2016 Approach is Based on the PDCA Cycle
Documentation Requirements
ISO 13485:2016 Key Clause Structure (4-8)
Clause 4: Quality Management System
Clause 5: Management Responsibility
Clause 6: Resource Management
Clause 7: Product Realization
Clause 8: Measurement, Analysis & Improvement
3. ISO 13485:2016 Certification
Becoming ISO 13485:2016 Certified
ISO 13485:2016 Certification Process
4. Audit Approach
What is a Quality Audit?
What Are Audits Used For?
Types of Quality Audits
Internal Quality Audit
Principles of Auditing
Audit Focus
Audit Approach
Audit Emphasis
Document Review
Audit Findings
5. Handling an Audit Session
Rights of Auditee
Rights of Auditor
How to Handle an Audit Session?
Auditee's Conduct
Interacting with Auditors: Do's
Interacting with Auditors: Don'ts
A comprehensive description of the new requirements introduced by ISO 14971:2019 Application of risk management to medical devices and ISO/TR 24971 Technical Report for the FDA, MDR and IVDR
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...Greenlight Guru
The 3rd Edition of the medical device risk management standard, ISO 14971:2019, and its companion guidance document, ISO TR 24971:2019, will be published by year-end.
The new structure of the two documents will be presented so that the manufacturer can determine any changes to the risk management system and possibly the quality system that may be required.
These may include simple reference changes in procedures or revision to production and post-production processes that may be required.
Presenter Edwin Bills is an international member of the technical committee, ISO TC 210 JWG1, responsible for the revision of the third edition of ISO 14971 risk management standard.
TALK TAKEAWAYS:
• A detailed look at the new changes to ISO 14971:2019 and ISO TR 24971:2019.
• Reasons for the changes to the latest version
• How to prepare for the coming changes in the standard
This session took place live at the Greenlight Guru True Quality Virtual Summit, a three-day event for medical device professionals to learn to get their devices to market faster, stay ahead of regulatory changes, and use quality as their multiplier to grow their device business.
This presentation consist of what ISO 13485 is and why is it important to consider this standard while designing a medical device. It will help u understand what Quality actual is and its importance in medical device industry. It gives you insight about quality management system and its documentation.
This presentation consist of what ISO 14971 is and why is it important to consider this standard while designing a medical device or any device for that matter. It will help u understand what Risk actual is and importance of risk management in medical device industry. It gives you insight about Risk management technique. You will Understand FMEA and how to use it.
Medical devices – Quality management
systems – Requirements for regulatory
Purposes. ISO is an organization that develops Standards for use
worldwide.
ISO 13485 helps companies do their share in protecting
consumers and users of medical devices.
ISO 13485 Outlines criteria for a good Quality
Management System (QMS).
QMS criteria are good business practices ...
for example:
• Set Quality goals
• Ensure that regulations and other requirements are
understood and met
• Train employees
• Control your production processes
• Purchase from suppliers that can provide products that
meet your requirements
• Correct problems and make sure they do not happen again
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
ISO 13485:2016 is an international standard that sets out the requirements for a quality management system (QMS) specific to the medical devices industry. The standard focuses on meeting customer and applicable regulatory requirements and is intended for any organization partially or fully involved in the medical device life-cycle.
This presentation can be used to brief your employees, new hires and potential auditees so as to create awareness of the ISO 13485:2016 standard. Alternatively, the presentation may be used to supplement your materials for the training of QA professionals and internal auditors in the medical devices industry.
It covers the what and why of ISO 13485, the QMS key clause structure, the audit approach and also offers practical tips on how to handle an audit session. When you are done teaching this material to your employees, they will be much more informed and comfortable with ISO 13485:2016.
LEARNING OBJECTIVES
1. Provide background knowledge on ISO 13485:2016
2. Gain an overview of ISO 13485:2016 structure and the certification process
3. Understand the audit approach
4. Gather useful tips on handling an audit session
CONTENTS
1. Overview of ISO 13485
About ISO
What are Standards?
Why are Standards Important?
What is ISO 13485?
Who is ISO 13485 For?
What is a Medical Device?
What is a Quality Management System?
How Does ISO 13485 Work?
Benefits that ISO 13485 Will Bring to the Organization
Advantages of Certification
Development of ISO 13485
Why Was ISO 13485 Revised?
Key Improvements to ISO 13485:2016
Relationship of ISO 13485 with ISO 9001
2. ISO 13485:2016 Structure
The ISO 13485:2016 Structure
The Plan-Do-Check-Act (PDCA) Process Model
ISO 13485:2016 Approach is Based on the PDCA Cycle
Documentation Requirements
ISO 13485:2016 Key Clause Structure (4-8)
Clause 4: Quality Management System
Clause 5: Management Responsibility
Clause 6: Resource Management
Clause 7: Product Realization
Clause 8: Measurement, Analysis & Improvement
3. ISO 13485:2016 Certification
Becoming ISO 13485:2016 Certified
ISO 13485:2016 Certification Process
4. Audit Approach
What is a Quality Audit?
What Are Audits Used For?
Types of Quality Audits
Internal Quality Audit
Principles of Auditing
Audit Focus
Audit Approach
Audit Emphasis
Document Review
Audit Findings
5. Handling an Audit Session
Rights of Auditee
Rights of Auditor
How to Handle an Audit Session?
Auditee's Conduct
Interacting with Auditors: Do's
Interacting with Auditors: Don'ts
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...Greenlight Guru
While the enforcement of EU MDR might have been delayed another year, your preparations addressing requirements for post-market surveillance (PMS) should not be! These new PMS requirements push manufacturers to take a more active role in monitoring of their devices to ensure that the benefit-risk profile of the device remains current. Performing PMS activities, according to the risk class of the device, requires a cross-functional team to ensure the required sources of data can be accessed and accurate data gathered. In this session, learn why it is important that PMS is not a one-size fits all approach, with considerations for risk of device, lifetime of device, time of the market, and more.
Talk takeaways:
• Understanding the new requirements of PMS under MDR
• What is the impact to the business?
• How do the requirements affect your current product lifecycle approach/QMS?
• Relationship between PMCF and PMS
• What to include in your plans and reports?
This session took place live at the Greenlight Guru True Quality Virtual Summit, a three-day event for medical device professionals to learn to get their devices to market faster, stay ahead of regulatory changes, and use quality as their multiplier to grow their device business.
Significant changes are underway that impact the quality and regulatory systems of medical device companies and their suppliers. ISO 13485:2016 adds new requirements to address risk management and to better align the standard with global regulatory requirements (FDA, MDD, JPAL, etc.). With the release of ISO 9001:2015, the ISO 9001 and ISO 13485 standards are no longer integrated. A new single audit MDSAP program will be in effect beginning 2017 that incorporates applicable FDA, Canadian, Brazilian, Australian and Japanese quality system requirements into the annual ISO 13485 audit cycle. The presentation will provide an overview of these changes and the steps required to incorporate these changes into existing quality management systems.
Software as a Medical Device (SaMD) - IMDRF Definition and Categorisationpi
Following the growing importance of technology in healthcare, Medical Devices have begun to play an increasingly important role in the further development of the life sciences landscape.
One of its more remarkable and fastest growing segments goes under the name Software as a Medical Device. This presentation zooms in on the definition and categorisation, as used by the International Medical Device Regulators Forum.
Post-marketing safety surveillance of medical devices and drug-device combina...Arete-Zoe, LLC
ISoP Medical Device SIG Webinar on Post-marketing safety surveillance of medical devices and drug-device combination products
https://isoponline.org/special-interest-groups/medical-devices-group/
PMS is an integral part of a quality management system described in ISO 13485. ISO 13485 references inclusion of applicable regulatory requirements on post market surveillance into the quality management system.
Regulatory requirements are country specific and are continuously evolving. The regulatory processes for devices are significantly different than for drugs. Moreover, the requirements for drug-device combination products are not always clearly articulated.
• In Europe, according to the EU MDR, post-market surveillance shall also allow a comparison to be made between the device and similar products available on the market.
• The first challenge is identifying similar products on the market, that is out of the scope of this webinar. The second challenge is finding relevant information on equivalent and similar products.
• Since EUDAMED does not currently have a post-marketing module, manufacturers have to rely on a large number of national databases. The focus of this webinar is on regulatory requirements in major jurisdictions. There will be another webinar coming soon that will focus on how to obtain the information required to comply with all these requirements.
• With some effort, it is possible to locate information on advisory notices.
• However, adverse events or incidents are not publicly available. This is a major difference from medicinal products.
• In addition, certain AEs are subject to the National Competent Authority Report (NCAR) Exchange. These reports are shared between agencies and can potentially result in FSCA. So even when unable to monitor competitor product adverse event profile, it is important to know about their FSCAs.
Understanding the New ISO 13485:2016 RevisionGreenlight Guru
he much anticipated revision to ISO 13485, the global medical device quality management system (QMS) standard, was released late last month (Feb, 2016).
The new ISO 13485:2016 ushers in a whole new wave of changes and requirements medical device manufacturers must adhere to, which we covered on our previous webinar here (http://www.greenlight.guru/webinar/iso-13485-2016-changes).
ISO tells us that there will be a three year transition period after which the guidance says, “any existing certification issued to ISO 13485:2003 will not be valid.”
The time to start planning your organization's transition to ISO 13485:2016 is now. Or face playing expensive catch up later.
(You can view the full webinar here: http://www.greenlight.guru/webinar/iso-13485-2016-transition-planning)
In this webinar, you'll learn specifically:
What your organization needs to be doing to prepare for the transition to ISO 13485:2016
Why the transition presents an opportunity for your organization to implement better processes
An overview of the specific changes coming with ISO 13485:2016
The actions you should be taking now and how to plan for the implementation of the standard
Risk management in the development of medical devices. This presentation was for a webinar where we discussed the basics of risk management, a general risk management lifecycle, the requirements of certain relevant standards (ISO 14971, IEC 62304, US FDA Title 21 CFR Part 11), and the practical method called HFMEA. The live demonstration shows you how risks can be managed and compliance achieved using the advanced risk management features of codeBeamer ALM, and also demonstrates the use of our (general) FMEA template.
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...Greenlight Guru
While the enforcement of EU MDR might have been delayed another year, your preparations addressing requirements for post-market surveillance (PMS) should not be! These new PMS requirements push manufacturers to take a more active role in monitoring of their devices to ensure that the benefit-risk profile of the device remains current. Performing PMS activities, according to the risk class of the device, requires a cross-functional team to ensure the required sources of data can be accessed and accurate data gathered. In this session, learn why it is important that PMS is not a one-size fits all approach, with considerations for risk of device, lifetime of device, time of the market, and more.
Talk takeaways:
• Understanding the new requirements of PMS under MDR
• What is the impact to the business?
• How do the requirements affect your current product lifecycle approach/QMS?
• Relationship between PMCF and PMS
• What to include in your plans and reports?
This session took place live at the Greenlight Guru True Quality Virtual Summit, a three-day event for medical device professionals to learn to get their devices to market faster, stay ahead of regulatory changes, and use quality as their multiplier to grow their device business.
Significant changes are underway that impact the quality and regulatory systems of medical device companies and their suppliers. ISO 13485:2016 adds new requirements to address risk management and to better align the standard with global regulatory requirements (FDA, MDD, JPAL, etc.). With the release of ISO 9001:2015, the ISO 9001 and ISO 13485 standards are no longer integrated. A new single audit MDSAP program will be in effect beginning 2017 that incorporates applicable FDA, Canadian, Brazilian, Australian and Japanese quality system requirements into the annual ISO 13485 audit cycle. The presentation will provide an overview of these changes and the steps required to incorporate these changes into existing quality management systems.
Software as a Medical Device (SaMD) - IMDRF Definition and Categorisationpi
Following the growing importance of technology in healthcare, Medical Devices have begun to play an increasingly important role in the further development of the life sciences landscape.
One of its more remarkable and fastest growing segments goes under the name Software as a Medical Device. This presentation zooms in on the definition and categorisation, as used by the International Medical Device Regulators Forum.
Post-marketing safety surveillance of medical devices and drug-device combina...Arete-Zoe, LLC
ISoP Medical Device SIG Webinar on Post-marketing safety surveillance of medical devices and drug-device combination products
https://isoponline.org/special-interest-groups/medical-devices-group/
PMS is an integral part of a quality management system described in ISO 13485. ISO 13485 references inclusion of applicable regulatory requirements on post market surveillance into the quality management system.
Regulatory requirements are country specific and are continuously evolving. The regulatory processes for devices are significantly different than for drugs. Moreover, the requirements for drug-device combination products are not always clearly articulated.
• In Europe, according to the EU MDR, post-market surveillance shall also allow a comparison to be made between the device and similar products available on the market.
• The first challenge is identifying similar products on the market, that is out of the scope of this webinar. The second challenge is finding relevant information on equivalent and similar products.
• Since EUDAMED does not currently have a post-marketing module, manufacturers have to rely on a large number of national databases. The focus of this webinar is on regulatory requirements in major jurisdictions. There will be another webinar coming soon that will focus on how to obtain the information required to comply with all these requirements.
• With some effort, it is possible to locate information on advisory notices.
• However, adverse events or incidents are not publicly available. This is a major difference from medicinal products.
• In addition, certain AEs are subject to the National Competent Authority Report (NCAR) Exchange. These reports are shared between agencies and can potentially result in FSCA. So even when unable to monitor competitor product adverse event profile, it is important to know about their FSCAs.
Understanding the New ISO 13485:2016 RevisionGreenlight Guru
he much anticipated revision to ISO 13485, the global medical device quality management system (QMS) standard, was released late last month (Feb, 2016).
The new ISO 13485:2016 ushers in a whole new wave of changes and requirements medical device manufacturers must adhere to, which we covered on our previous webinar here (http://www.greenlight.guru/webinar/iso-13485-2016-changes).
ISO tells us that there will be a three year transition period after which the guidance says, “any existing certification issued to ISO 13485:2003 will not be valid.”
The time to start planning your organization's transition to ISO 13485:2016 is now. Or face playing expensive catch up later.
(You can view the full webinar here: http://www.greenlight.guru/webinar/iso-13485-2016-transition-planning)
In this webinar, you'll learn specifically:
What your organization needs to be doing to prepare for the transition to ISO 13485:2016
Why the transition presents an opportunity for your organization to implement better processes
An overview of the specific changes coming with ISO 13485:2016
The actions you should be taking now and how to plan for the implementation of the standard
Risk management in the development of medical devices. This presentation was for a webinar where we discussed the basics of risk management, a general risk management lifecycle, the requirements of certain relevant standards (ISO 14971, IEC 62304, US FDA Title 21 CFR Part 11), and the practical method called HFMEA. The live demonstration shows you how risks can be managed and compliance achieved using the advanced risk management features of codeBeamer ALM, and also demonstrates the use of our (general) FMEA template.
Changing medical device regulations in Europe and the U.S.Maetrics
Topics covered at our recent ABHI (UK) event. Slides cover the reprocessing of single-use devices, the benefits of unique device identification, and supporting clinical evidence.
Parte del proceso de diseño de productos médicos consiste en el desarrollo de una gestión de riesgos que acompañe toda la vida útil del dispositivo desde su concepción inicial hasta su disposición final de acuerdo con un proceso definido en la norma ISO14971
Devices Sponsor Information Day: 0 - Developments in medical device regulationTGA Australia
Presentations by TGA and Industry (combined) to help sponsors and manufacturers better understand the regulation of medical devices and in-vitro diagnostic medical devices
PECB Webinar: Overview of ISO 13485 - Medical DevicesPECB
The webinar covers:
• The key section of ISO 13485
• The benefits of ISO 13485
• In brief how ISO 13485 & ISO 9001 correlate
Presenter:
This webinar was presented by Raza Shah, Chief Editor and Owner of Bitehqeeq.
Link of the recorded session published on YouTube: https://youtu.be/gZlhUlqgo1g
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...YourEncoreInc
The new EU Medical Device Regulation (MDR) represents one of the most disruptive changes to impact the global medical technology sector in recent times.
But with the regulations not finalized, three years to comply, and overall fatigue on the topic, what are the appropriate steps companies should take today to prepare?
In this session, Minnie Baylor-Henry and Jon Lange will briefly outline the current state of EU MDR, its likely impact to medtech company strategy and compliance requirements, and provide appropriate steps companies should take today to prepare.
About Minnie Baylor-Henry, J.D.: Minnie Baylor-Henry, J.D. is a Strategic Advisor to YourEncore and the Medical Devices Practice Lead. Prior to assuming her current role in 2015, she was the Worldwide Vice-President for Regulatory Affairs for Johnson & Johnson’s (J&J) Medical Devices & Diagnostics business.
About Jon Lange: Jon Lange is a Principal in the Advisory Services practice of EY and its EU MDR lead. He has spent 25+ years leading strategic growth initiatives and business transformation change programs for large and mid-tier life science companies.
Japan PMDA Medical Device Regulatory Approval ProcessEMERGO
Watch the recorded webinar: https://www.emergogroup.com/resources/video-webinar-japan-registration-process
Japan's medical device market is one of the most robust markets in Asia, but its regulatory system can be confusing. Before deciding to sell your device in the Japanese market, it is important to understand how the regulations apply to your device, which steps to take, and what resources are required to complete the process. In this presentation, Ann Marie Boullie, Vice President of Business Development for EMERGO, will discuss some of the most complex aspects of the Japanese registration process, including:
JMDN codes: device classification and predicates
Clinical data requirements and PMDA pre-submission meetings
Registration routes (Todokede, Ninsho, Shonin)
QMS (Ordinance 169) requirements
Role of the Marketing Authorization Holder (MAH)
Plus more ...
This presentation provides a nice introduction to Failure Mode, Effects and Criticality Analysis (FMECA). Includes history and background, definitions, timelines for implementing and describes the FMEA methodology.
This webinar goes over the major changes of the new ISO 13485:2016 standard, including the upgrade process. Program Manager Rick Burgess presented and responded to questions live on the webinar.
Risk Management in IES 60601. Medical Devices, Creation and content of RMF, Methods for the visualization and identification of harms and hazards,
Creating a RMF – Minimal Documentation,
Common errors when creating a RMF.
Session 08_Risk Assessment Program for YSP_Risk Treatment and CommunicationMuizz Anibire
Program Objectives
In light of industrialization trends across the globe, new hazards are constantly introduced in many workplaces. This program aims to provide Young Safety Professionals (YSPs) from diverse backgrounds with the requisite skill to address the health and safety hazards in the modern workplace.
Risk managements documents required for the market placement of a medical dev...PEPGRA Healthcare
• The necessity of the risk management plan (RMP) has been studied before the launch of the medical device and medicinal product.
• Risk management documents/plan for medical device is done and verified through FDA QS regulations and ISO 14971.
• For medicinal products the risk management documents/plan is achieved by
• If more than one medicinal product is studied, article 14(2) of Regulation (EC) No 1394/2007 provides a layout for RMP for such advanced therapy medicinal products (ATMP)
To Continue reading : https://bit.ly/3e1harA
Contact us;
website: https://bit.ly/2W1nV6r
Email: sales.cro@pepgra.com
Accelerating the Development of Medical Devices: The Value of Proactive Risk ...Cognizant
Identifying risks and working to mitigate them during the early stages of product development is critical for medical-device manufacturers worldwide. By focusing on four strategies - risk limitation, risk transfer, risk avoidance and risk acceptance, companies can evaluate risk effectively, take appropriate actions, and reduce the time and costs associated with New Product Development (NPD).
This presentation f=gives Overview of Quality Risk Management Process and presents case studies for application of QRM in Manufacturing Operations.
◦ Drug Substance Attributes
◦ Excipient Selection
◦ Process Selection
◦ Formulation Development & Optimisation
◦ “Manufacturing Process Development
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
The global implications of DORA and NIS 2 Directive are significant, extending beyond the European Union.
Amongst others, the webinar covers:
• DORA and its Implications
• Nis 2 Directive and its Implications
• How to leverage directive and regulation as a marketing tool and competitive advantage
• How to use new compliance framework to request additional budget
Presenters:
Christophe Mazzola - Senior Cyber Governance Consultant
Armed with endless Excel files, a meme catalog worthy of the best X'os (formerly twittos), and a risk register to make your favorite risk manager jealous, I swapped my computer scientist cape a few years ago for that of a (cyber) threat hunter with the honorary title of CISO.
Ah, and I am also a quadruple senior certified ISO27001/2/5, Pas mal non ? C'est francais.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Date: April 25, 2024
Tags: Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: Digital Operational Resilience Act (DORA) - EN | PECB
NIS 2 Directive - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
In an era where digital transformation is inevitable, the landscape of cybersecurity is constantly evolving.
Amongst others, the webinar covers:
• DORA and its Implications
• ISO/IEC 27005: Risk Management in Information Security
• Leveraging Artificial Intelligence for Enhanced Cybersecurity
Presenters:
Geoffrey L. Taylor - Director of Cybersecurity
Geoffrey Taylor brings a wealth of experience from multiple roles within various industries throughout his career. As a Certified ISO 27001 Implementer and Auditor, as well as certified ISO 27005, CISM and CRISC, he brings a unique perspective on cybersecurity strategy, risk management and the implementation of an Information Security Management System, having helped multiple organizations in aligning their strategy based on their threat landscape.
Martin Tully - Senior Cyber Governance Consultant
Martin is a Senior Consultant at CRMG with over twenty years of experience, and has previously been employed at two of the ‘Big Four’ professional services firms. Martin has worked across most industry sectors in the development of the best practice guidance and risk analysis methodologies. Martin is also accomplished at: leading the implementation of an ISMS; delivering a number of information risk assessments; reviewing information security policies; assessing security requirements across the supply chain; and updating a complete framework of supporting standards. Prior to the ISF, Martin’s roles have included delivering operational risk reporting, running research projects and benchmarking information security investments for major clients. Martin holds a Bachelors degree from Royal Holloway University of London.
Date: March 27, 2024
Tags: ISO, ISO/IEC 27005, ISO/IEC 42001, Artificial Intelligence, Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27005 Information Security Risk Management - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/ffX-Xbw7XUk
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 42001 and their key components
• Latest trends in AI Governance
• Ethical AI practices
• Benefits of Certification
Presenters:
Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001
Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001).
Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001
Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations.
Date: February 28, 2024
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/DujXaxBhhRk
The importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27002 and ISO/IEC 27032 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• CMMC Frameworks
Presenters:
Dr. Oz Erdem
Governance, Risk and Compliance (GRC) consultant, trainer, auditor, and speaker
Dr. Erdem has over 25 years of experience in information security, trade compliance, data privacy, and risk management. He took leadership roles in governance and compliance at various Fortune 100-500 companies and SMBs, including Siemens Corporation, Siemens Industry, Linqs, Texas Instruments, Rtrust, ICEsoft Technologies, NATO C3A, and BILGEM. In addition, successfully managed software development (i.e., embedded, cloud, and SaaS) and digital product projects involving information security, mobile networks, and IoT networks. Further, Dr. Erdem led several non-profit organizations, such as National Association of District Export Councils (NADEC), Government Contractors Council (GovConCouncil), and Central-North Florida District Export Council as the Chairman of the Board.
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
George Usi - CEO of Omnistruct
An internet pioneer and award-winning leader in internet governance with over 25 years of experience, George Usi knows that getting hacked is not a matter of ‘if’ but, ‘when’ and the fiscal and reputational effects that has on a business, the executives, and the board. George is the Co-Founder of Omnistruct, a cyber risk company. Omnistruct protects and expands revenue creation, reputation, and customer retention through cyber risk transference, governance, and compliance. We ensure that security and privacy programs work.
Date: January 24, 2024
YouTube Video: https://youtu.be/9i5p5WFExT4
Website: https://bit.ly/3SjovIP
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
As we approach the new year, the importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 27035 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• Best practices for building a resilient cybersecurity strategy in 2024
Presenters:
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Loris Mansiamina
A Senior GRC Professional consultant for Small, Medium and large companies. Over 10 years, Loris has been assisting clients in both public and private sectors about various matters relating to Gouvernance, Risk Management and Compliance (GRC), Digital transformation, cyber security program management, ISO 27k & ISO 20k implementation, COBIT & ITIL implementation, etc.
Date: December 19, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27035, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27035 Information Security Incident Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/yT8gxRZD_4c
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27005 and ISO/IEC 27001 and their key components
• The standard’s alignment
• Identifying AI risks and vulnerabilities
• Implementing effective risk management strategies
Presenters:
Sabrina Feddal
With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams.
Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation.
Her values: excellence, discretion, professionalism.
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Date: November 22, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27005 Information Security Risk Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/TtnY1vzHzns
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
In today's digital age, cybersecurity is more critical than ever. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27032:2023 and ISO/IEC 27701 and their key components
• The standard’s alignment
• Emerging Cybersecurity Threats
• What is new to the ISO/IEC 27032:2023
Presenters:
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Jeffrey Crump
Mr. Jeffrey Crump is the Principal Consultant at Arizona-based Cyber Security Training and Consulting LLC and a graduate of the Certified NIS 2 Directive Lead Implementer course. He is a Certified CMMC Assessor, Certified CMMC Professional, and Instructor. Mr. Crump is also the author of Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. His book has been expanded into a triad of certification courses on cyber crisis planning, exercises, and leadership.
Date: October 25, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/a21uasr8aLs
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
Cybersecurity is an ongoing journey. The regular update and improvement of security measures is essential to stay ahead of evolving threats.
Amongst others, the webinar covers:
• Benefits of Compliance
• Digital Transformation: Why
• ISO/IEC 27001 and ISO/IEC 27032
• ISO/IEC 27001: Information Security Management System (ISMS)
• ISO/IEC 27032: Cybersecurity Framework
Presenters:
Douglas Brush
Douglas Brush is a federally court-appointed Special Master, and Court Appointed Neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery.
He is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues.
He is the founder and host of Cyber Security Interviews, a popular information security podcast.
Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, diversity, equity, and inclusion, in the information security industry.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Carole Njoya
Founder in 2018 of Alcees, a Paris-based management consulting fabric specialized in cybersecurity, data privacy governance and digital trust, Carole Njoya provides independent, tailored and expert advisory to companies doing business in European markets and serving both B2B and B2C customers. With more than 100 cybersecurity projects delivered, she assists entities in preparing, implementing and maintaining the right best practices under the ISO 27001 compliance framework and GDPR article 25 obligation (Privacy by design) for their vendors. Carole Njoya featured in the « Women Know Cybersecurity » 2019 Twitter list edited by Cybercrime Magazine. Carole Njoya is committed in science and engineering since pre-teen period.
Date: September 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
YouTube video: https://youtu.be/U7tyzUrh8aI
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
The management of AI systems is a shared responsibility. By implementing the ISO 31000 Framework and complying with emerging regulations like the EU ACT, we can jointly create a more reliable, secure, and trustworthy AI ecosystem.
Amongst others, the webinar covers:
• Understanding AI and the regulatory landscape
• AI and the threat landscape
• A risk driven approach to AI assurance - based on ISO 31000 principles
• Stress testing to evaluate risk exposure
Presenters:
Chris Jefferson
Chris is the Co-Founder and CTO at Advai. As the Co-Founder of Advai, Chris is working on the application of defensive techniques to help protect AI and Machine Learning applications from being exploited. This involves work in DevOps and MLOps to create robust and consistent products that support multiple platforms, such as cloud, local, and edge.
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG. Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant. In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense that prioritized key risks to the organisation and helped minimize disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicist in the Oil and Gas Industry.
Date: August 24, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/MXnHC6AvjXc
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
Generative AI offers great opportunities for innovation in various industries. Hence, by adopting ISO/IEC 27032, you can enhance your cybersecurity resilience and efficiently address the risks associated with generative AI.
Amongst others, the webinar covers:
• AI & Privacy
• Generative AI, Models & Cybersecurity
• AI & ISO/IEC 27032
Presenters:
Christian Grafenauer
Anonymization expert, privacy engineer, data protection officer, LegalTech researcher (GDPR, Blockchain, AI) Christian Grafenauer is an accomplished privacy engineer, anonymization expert, and computer science specialist, currently serving as the project lead for anonymity assessments at techgdpr. With an extensive background as a senior architect in Blockchain for IBM and years of research in the field since 2013, Christian co-founded privacy by Blockchain design to explore the potential of Blockchain technology in revolutionizing privacy and internet infrastructure. As a dedicated advocate for integrating legal and computer science disciplines, Christian’s expertise in anonymization and GDPR compliance enables innovative AI applications, ensuring a seamless fusion of technology and governance, particularly in the realm of smart contracts. In his role at techgdpr, he supports technical compliance, Blockchain, and AI initiatives, along with anonymity assessments. Christian also represents consumer interests as a member of the national Blockchain and DTL standardization committee at din (German standardization institute) in ISO/TC 307.
Akin Johnson
Akin J. Johnson is a renowned Cybersecurity Expert, known for his expertise in protecting digital systems from potential threats. With over a decade of experience in the field, Akin has developed a deep understanding of the ever-evolving cyber landscape.
Akin is an advocate for cybersecurity awareness and frequently shares his knowledge through speaking engagements, workshops, and publications. He firmly believes in the importance of educating individuals and organizations on the best practices for safeguarding their digital assets.
Lucas Falivene
Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards.
Date: July 26, 2023
YouTube Link: https://youtu.be/QPDcROniUcc
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
The EU has implemented a range of regulations aimed at strengthening its cybersecurity posture. In this context, the ISO/IEC 27001 standard offers a comprehensive framework for managing and safeguarding sensitive information, such as personal data.
Amongst others, the webinar covers:
• Quick recap on the ISO/IEC 27001:2013 & 2022
• ISO/IEC 27001 vs legislation
• The EU Cyber Legislation landscape
• Some considerations and consequences
• How to stay on top of the ever changing context
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Jean-Luc Peters
Jean-Luc Peters brings 25 years of IT technology, information and cybersecurity expertise to boards, executives, and employees. Since the younger age he has held management positions in the private and government sector. He is currently the Head of the Cyber Emergency Response team for the National Cybersecurity Authority in Belgium. In addition to this, he is also a trainer, coach and trusted advisor focusing on enhancing cyber resilience.
Jean-Luc has helped in the technical implementation of the NIS 1 (Network and Information Security) Directive transposition in Belgium, defining the Baseline Security Guidelines governmental ISMS framework and many other projects. He holds several certifications, including ISO/IEC 27001 Lead Implementer, ISO/IEC 27005 Auditor, CISSP, GISP, Prince 2 Practitioner, ITIL etc.
Date: May 31, 2023
Tags: ISO, ISO/IEC 27001, Information Security, Cybersecurity
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/rsjwwF5zlK8
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
Integrating ISO/IEC 27001 and ISO 31000 can help organizations align their information security and risk management efforts with their overall business objectives, leading to more effective risk management and better decision-making.
Amongst others, the webinar covers:
• Aligning the ISMS process with ISO/IEC 27001
• Using ISO 31000 within the ISMS
• Aligning the RM process with ISO 31000
• How/where does ISO/IEC 27001 fit?
Presenters:
Nick Riemsdijk
As a highly experienced and multi-skilled leader in Information and Physical Security, Nick is known as a collaborative, focused, driven and highly analytical individual with a broad portfolio of successes in client engagements. His expertise spans devising, implementing, managing and delivering information security, physical security, organizational resilience and facilities management solutions for organizations. He is certified as a Certified Information Security Manager (CISM), Certified Protection Professional (CPP), in Project Management (Prince2), ISO 22301 (Business Continuity), ISO 27001 (Information Security), and ISO 31000 (Risk Management).
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Date: March 23, 2023
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/Xj0U2mbpZUs
IT Governance and Information Security – How do they map?PECB
Effective IT Governance requires proper Information Security practices to ensure that the organization's data is secure. On the other hand, Information Security policies and procedures must be aligned with the organization's overall IT Governance framework to ensure that security measures do not negatively impact business operations.
Amongst others, the webinar covers:
▪ Bring Governance and InfoSec Together
▪ Answering WIIFM
▪ Business Terms
Presenters:
Dr. Edward Marchewka
Dr. Edward Marchewka is a seasoned executive that has come up through the ranks in the IT vertical, expanding into information security, quality management, and strategic planning.
Edward founded and serves as the Principal for 3LC Solutions, enabling YOU to Tell a Better Story in business, with our vCIO, vCISO, quality, and strategy consulting services, through metrics and relating risk to the business with our CHICAGO Metrics® SaaS solution.
He has also held several roles leading information technology, most recently with Gift of Hope Organ and Tissue Donor Network, leading the Information and Technology Services department as the Director of IT, Data, and Security Services. Prior to Gift of Hope, he ran information security for Chicago Public Schools.
Edward has earned a Doctorate of Business Administration from California Southern University and Masters’ degrees in Business Administration and Mathematics from Northern Illinois University. He earned Bachelors’ degrees in Liberal Studies and Nuclear Engineering Technologies from Thomas Edison State College, N.J. Edward maintains several active IT, security, and professional certifications from (ISC)2, ASQ, ITIL, PCI, PMI, ISACA, Microsoft, and CompTIA. He has held legacy IT certifications from Cisco and HP, and a designation from the National Security Agency.
Date: February 22, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-38500
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/2bSbAdL5Idg
Student Information Session University Digital Encode.pptxPECB
oin us as our Director for Business Mustafe Bislimi teams up with Dr. Obadare Peter Adewale, our academic partner Digital Encode Limited, to provide valuable information about our programs, admissions process and specialization and elective courses.
Discover the opportunities available to you as a student at PECB University and get a firsthand look at what makes us a top choice for education.
Whether you're a prospective student or simply curious about PECB University, don't miss this informative session! Subscribe to our channel and stay tuned for more videos.
For inquiries regarding admission process contact us: university.studentaffairs@pecb.com
-EMBA in Cybersecurity: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHJQUUpjMmY2NmcyeURhTzE5VlRSNjg2Y1hwd3xBQ3Jtc0tuLTZqdmZyWkc2VVNQV21YRTlKZUQ2SEtUenNXbzYyb1ZianV5cldDYTViWjZ1eVhCNWtxWHI3VTNwRS1BOE4wTERkZ3BtcndwM0sxdVoydWZYSXBkV2hYd2lwU0NLSTk5WERWMlhtVk1Ud2tuWTRjTQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fcybersecurity&v=3YJbbr708pk
-EMBA in Business Continuity Management: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3JQTGVhd1VfeG1weWNzUzRrMmg2bk0tc3kxUXxBQ3Jtc0tsOVF5VG82TkhRU3R5TVRWWmdhMzBrSTU2eW9wby1OYWN4VTg5bkJBY0lhTmNsOFhETzB5cVp0WU8zbTQwTlZkdk9Dby1fSXdhWmRpZFFPUmk3NS1QOGpMOVBlaDFhVVpwa2JZMkxKNGRnTnppMm93SQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fbusiness-continuity-management&v=3YJbbr708pk
-EMBA in Governance, Risk, and Compliance: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUplMGtjOFRWbzdGWERmdTR2QjdSbTBuQUxCd3xBQ3Jtc0tsNVdOU1p6UERWM3ZySE55V2FlWlJ1aFlzUU85VEt0aVRoR0hyTjNHbUNVYVMyb0lzTkZycUtJRzNxazlDWGRqTHZQMWJPZEYwbG1xWjVJN1JNOW1QUjJBZDY3NkU5LVl0b2xxOFpkZW1ZX2F3QmF5cw&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fgovernance-risk-compliance&v=3YJbbr708pk
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
2. Prelude
This training session is not designed to anticipate all
requirements of ISO 14971 instead it addresses key issues
thereto.
3. Key Terms and Definitions
• harm
physical injury or damage to the health of people, or damage to property or the
environment
• hazard
potential source of harm
• hazardous situation
circumstance in which people, property, or the environment are exposed to one
or more hazard(s)
• life-cycle
all phases in the life of a medical device, from the initial conception to final
decommissioning and disposal
• post-production
part of the life-cycle of the product after the design has been completed and the
medical device has been manufactured
• residual risk
risk remaining after risk control measures have been taken
8. ISO 14971 Process Overview
Risk Analysis
o determining user needs / intended uses
o hazard identification
o risk estimation
Risk Evaluation
o risk acceptability decisions
Risk Control
o option analysis
o implementation
o residual risk evaluation
o overall risk acceptance
Post Production
o post production experience
o review of risk management experience
RiskAssessment
RiskManagement
Risk Analysis
Risk Evaluation
Risk control
• Risk control option analysis
• Implementation of risk control measures
• Residual risk evaluation
• Risk / benefit analysis
• Risk arising from risk control measures
• Completeness of risk control
Risk management report
• Intended use and identification of characteristics related to the safety
of the medical device
• Identification of hazards
• Estimation of the risk for each hazardous situation
Production and post-production information
Evaluation of overall residual risk acceptability
9. High-Level Combinations of
Severity and Probability
Increasing Severity of Harm/Consequence
IncreasingProbabilityof
Occurrence
Low
Risk
Medium
Risk
High Risk
10. • Risk Matrix
• PHA= Preliminary Hazard Analysis
• FTA=Fault Tree Analysis
• FME(C)A=Failure Mode Effects (Criticality) Analysis
• HAZOP=Hazard Operability Analysis
• HACCP=Hazard Analysis and Critical Control Point
Risk assessment methodology
11. FTA=Fault Tree Analysis
•A team-based method used to identify the
causal chain that creates a hazard or a
failure mode (effects are typically ignored)
•FTA represents the sequence and
combination of possible events that may
lead to a failure mode
•Once causes are identified, preventive
action can be taken
Fire Breaks
Out
Ignition
Source
Open
Flame
Spark Exists
Grinder
Spark
Frayed
Electrical
Cord
Welding
Spark
Flammable
Material
Causes of Fire in a Machine Shop
Fire Breaks
Out
Ignition
Source
Open
Flame
Spark Exists
Grinder
Spark
Frayed
Electrical
Cord
Welding
Spark
Flammable
Material
Causes of Fire in a Machine Shop
12. 12
POTENTIAL FAILURE MODE AND EFFECTS ANALYSIS
X-Ray ZM Device FMEA Number
Subsystem Page of
Component ____________________ Responsibility Prepared By
Process FMEA Date (Orig.) (rev.)
Core Team:
_______________________________________________________________________________________________
Device/ Potential Potential S Potential O Current D R Recommended Responsibility Action Results
Function Failure Effect(s) Cause(s) Controls P Action(s) and Target Actions R
Mode of Failure of Failure N Complete Date Taken S O D P
N
Field Defining
Light
Visible Treatment
Field Indication
1) Light
Failure
Treatment
setup time
increases
2 Burn Out
Bulb
4 4 32 -Better light
source
-Redundant
source
-Quick change
light bulb
2
1
1
3
1
1
4
2
4
24
2
4
2)
Alignment
Failure
Wrong Field
Defined
Causing
Repeat x-
rays and
additional
setup time
3 a) light
source
moved
1 4 12
3 b) Mirror
moved
5 4 60
FMEA Model
13. Create SOD Tables
• Severity (S)
• Link to end product functional failure
• Medical Department involvement
• Occurrence (O)
• Use historical data
• Similar processes products
• Detection (D)
• Method validation studies
• Historical data
14. FMEA types
• System FMEA
• Subsystem FMEA
• Component FMEA
• Equipment FMEA
• Automation FMEA
• Design FMEA
• Process FMEA
• Service FMEA
• Improvement FMEA
15. 15
HAZOP
Transfer Material Destination
No Valve closed
Line blocked
Pump broken
Tank empty Valve closed
Hopper full
More Pump fast Larger tank
Inaccurate
gage
Other
than
Liquid
Wrong powder
16. Robert C. Menson, PhD
16
HACCP
Hazard Analysis and Critical Control Point
• Risk Management System
• Biological Hazards
• Chemical Hazards
• Physical Hazards
• Requires
• Prerequisite Quality System Program
• Traditionally GMPs
• A method of identifying and
controlling sources of variation at
critical process steps that could
lead to a hazardous condition
• Similar to a control plan
• Cannot be used effectively
without manual or automated
process control methods,
including statistical process
control
17. 9 I N T O L E R -
8 A B L E
7
6 A R E G -
5 L I O N
4 A
3 B R
2 A P
ProbabilityofOccurrence
1 R
1 2 3 4 5 6 7 8 9
Severity
l Intolerable
Region
l As Low As
Reasonably
Practicable
Region
(ALARP)
l Broadly
Acceptable
Region (BAR)
Risk Concept According to ISO 14971
April 2001 Tony C. Chan
18. ALARP against ALARA
• As-low-as-reasonably-practicable approach
• as-low-as-reasonably-achievable approach
19. Practicability considerations
• It might be thought that any risk associated with a medical device would be
acceptable if the patient’s prognosis were improved. This cannot be used as
a rationale for the acceptance of unnecessary risk. All risks should be
reduced to the lowest level practicable, bearing in mind the state of the art
and the benefits of accepting the risk and the practicability of further
reduction.
• Practicability refers to the ability of a manufacturer to reduce the risk.
Practicability has two components:
• ⎯ technical practicability;
• ⎯ economic practicability.
Annex D.8.4 ISO 14971:2007
22. Classification
Effective implementation of risk assessment
Classification of the medical device is a reflection to the risk level of
the product
Severity
vulnerability
IIaIm;sITransient
Modeofcontact
invasiveness
IIbIIaIm;s
Short to
long term
IIIIIbIIa
Long term
implant
My approach for simplicity purpose only
23. Effective implementation of risk assessment
ER Essential req. MDD 2007/74/EC
1 The devices must be …………………………provided that any risks which may be associated with their intended use constitute
acceptable risks when weighed against the benefits to the patient and are compatible with a high level of protection of
health and safety.
2 – eliminate or reduce risks as far as possible (inherently safe design and construction), – where appropriate take adequate
protection measures including alarms if necessary, in relation to risks that cannot be eliminated, – inform users of the
residual risks due to any shortcomings of the protection measures adopted.
6 Any undesirable side-effect must constitute an acceptable risk when weighed against the performances intended.
7.2 The devices must be designed, manufactured and packed in such a way as to minimize the risk posed by contaminants and
residues to the persons involved in the transport, storage and use of the devices and to the patients, taking account of the
intended purpose of the product. Particular attention must be paid to the tissues exposed and to the duration and
frequency of exposure.
7.4 Various parts in addressing risk of incorporating medicinal substance
7.5 The devices must be designed and manufactured in such a way as to reduce to a minimum the risks posed by substances
leaking from the device.
If the intended use of such devices includes treatment of children or treatment of pregnant or nursing women, the
manufacturer must provide a specific justification for the use of these substances with regard to compliance with the
essential requirements, in particular of this paragraph, within the technical documentation and, within the instructions for
use, information on residual risks for these patient groups and, if applicable, on appropriate precautionary measures.
24. Effective implementation of risk assessment
ER Essential req. MDD 2007/74/EC
7.6 Devices must be designed and manufactured in such a way as to reduce, as much as possible, risks posed by the
unintentional ingress of substances into the device taking into account the device and the nature of the environment in
which it is intended to be used.
8.1 The devices and manufacturing processes must be designed in such a way as to eliminate or reduce as far as possible the
risk of infection to the patient, user and third parties. The design must allow easy handling and, where necessary, minimize
contamination of the device by the patient or vice versa during use.
8.6 Packaging systems for non-sterile devices must keep the product without deterioration at the level of cleanliness stipulated
and, if the devices are to be sterilized prior to use, minimize the risk of microbial contamination; the packaging system must
be suitable taking account of the method of sterilization indicated by the manufacturer
9.2 Devices must be designed and manufactured in such a way as to remove or minimize as far as is possible:
– the risk of injury, in connection with their physical features, including the volume/pressure ratio, dimensional and where
appropriate ergonomic features,
– risks connected with reasonably foreseeable environmental conditions, such as magnetic fields, external electrical
influences, electrostatic discharge, pressure, temperature or variations,
– the risks of reciprocal interference with other devices normally used in the investigations or for the treatment given,
– risks arising where maintenance or calibration are not possible (as with implants), from ageing of materials used or loss of
accuracy of any measuring or control mechanism.
25. Effective implementation of risk assessment
ER Essential req. MDD 2007/74/EC
9.3 Devices must be designed and manufactured in such a way as to reduce, as much as possible, risks posed by the
unintentional ingress of substances into the device taking into account the device and the nature of the environment in
which it is intended to be used. Devices must be designed and manufactured in such a way as to minimize the risks of fire or
explosion during normal use and in single fault condition. Particular attention must be paid to devices whose intended use
includes exposure to flammable substances or to substances which could cause combustion.
11.
2.1
Where devices are designed to emit hazardous levels of radiation necessary for a specific medical purpose the benefit of
which is considered to outweigh the risks inherent in the emission, it must be possible for the user to control the emissions.
Such devices shall be designed and manufactured to ensure reproducibility and tolerance of relevant variable parameters
11.
4.1
The operating instructions for devices emitting radiation must give detailed information as to the nature of the emitted
radiation, means of protecting the patient and the user and on ways of avoiding misuse and of eliminating the risks
inherent in installation
12 Various types of energy source risks
13 method by which user is informed about risk
29. Does ISO 14971 deemed sufficient as a
stand alone harmonized standard to
presume compliance with Medical
device directive?
30. NOHowever; It is harmonized standard……
YesBut; we have to consider issues raised while harmonization
thereto……
31. Harmonization issues
ER ISO 14971
1 ER 1 is not directly covered by EN ISO 14971, since the standard does not provide requirements on design and manufacture.
However, the standard provides a tool to generate the information that is a necessary preliminary step for a manufacturer
to demonstrate that the device is in conformity with ER 1.
2 - The second sentence of ER 2 is partly covered by 6.2. For content deviations, see points 1, 2, 3, 5, 6, 7 below.
- The other parts of ER 2 are not directly covered by EN ISO 14971, since the standard does not provide requirements on
design and construction, nor does it apply the concept of 'safety principles' as intended in the MOD. However, the standard
provides a tool to generate the information that is a necessary preliminary step for a manufacturer to demonstrate that the
device is in conformity with ER 2.
4 ER 4 is not directly covered by EN ISO 14971, since the standard does not apply the concept of 'safety principles' as
intended in the MOD. However, the standard provides a tool to generate the information that is a necessary preliminary
step for a manufacturer to demonstrate that the device is in conformity with ER 4.
5 ER 5 is not directly covered by EN ISO 14971, since the standard does not provide requirements on design, manufacture or
packaging. However, the standard provides a tool to generate the information that is a necessary preliminary step for a
manufacturer to demonstrate that the device is in conformity with ER 5.
6 ER 6 is covered. However, for content deviations, see points 1, 2, 3, 4 below
7.1 ER 7.1 is only partly covered by EN ISO 14971, since the standard does not provide requirements on design and
manufacture and does not cover performances and characteristics related thereto. Furthermore, it does not provide
specific requirements on the items that must be paid particular attention. However, the standard provides a tool to
generate the information that is a necessary preliminary step for a manufacturer to demonstrate that the device is in
conformity with ER 7.1, For content deviations, see points 1 to 7 below.
32. 14971 non adherence to the MDD
The following aspects have been identified where the
standard deviates or might be understood as deviating
from the Essential Requirements:
33. 14971 non adherence to the MDD
1. Treatment of negligible risks:
a) According to standard ISO 14971, the manufacturer may discard
negligible risks
b) However, Sections 1 and 2 of Annex I to Directive 93/42/EEC require that
all risks, regardless of their dimension, need to be reduced as much as
possible and need to be balanced, together with all other risks, against
the benefit of the device.
c) Accordingly, the manufacturer must take all risks into account when
assessing Sections 1 and 2 of Annex I to Directive 93/42/EEC.
34. 14971 non adherence to the MDD
2. Discretionary power of manufacturers as to the acceptability of risks:
a) ISO 14971 seems to imply that manufacturers have the freedom to
decide upon the threshold for risk acceptability/ and that only non-
acceptable risks have to be integrated into the overall risk-benefit
analysis,
b) However, Sections 1 and 2 of Annex I to Directive 93/42/EEC require that
all risks have to be reduced as far as possible and that all risks combined,
regardless of any "acceptability" assessment, need to be balanced,
together with all other risks, against the benefit of the device,
c) Accordingly, the manufacturer may not apply any criteria of risk
acceptability prior to applying Sections 1 and 2 of Annex I to Directive
93/42/EEC,
35. 14971 non adherence to the MDD
3. Risk reduction "as far as possible" versus "as low as reasonably practicable":
a) Annex 0.8 to ISO 14971, referred to in 3.4, contains the concept of reducing
risks "as low as reasonably practicable" (ALARP concept). The ALARP concept
contains an element of economic consideration.
b) However, the first indent of Section 2 of Annex I to Directive 93/42/EEC and
various particular Essential Requirements require risks to be reduced "as far as
possible" without there being room for economic considerations.
c) Accordingly, manufacturers and Notified Bodies may not apply the ALARP
concept with regard to economic considerations.
36. 14971 non adherence to the MDD
4. Discretion as to whether a risk-benefit analysis needs to take place:
a) 6.5 of ISO 14971 says: "If the residual risk is not judged acceptable using the criteria established in the risk
management plan and further risk control is not practicable, the manufacturer may gather and review data and
literature to determine if the medical benefits of the intended use outweigh the residual risk." Clause 7 of ISO
14971 says: "If the overall residual risk is not judged acceptable using the criteria established in the risk
management plan, the manufacturer may gather and review data and literature to determine if the medical benefits
of the intended use outweigh the overall residual risk." Both quotes imply that an overall risk-benefit
analysis does not need to take place if the overall residual risk is judged acceptable when
using the criteria established in the risk management plan. Equally, 0.6.1 says: "A
risk/benefit analysis is not required by this International Standard for every risk.“
b) According to Section 1 of Annex I to Directive 93/42/EEC, an overall risk-benefit
analysis must take place in any case, regardless of the application of criteria established in
the management plan of the manufacturer.
Furthermore, Section 6 of Annex I to Directive 93/42/EEC requires undesirable side
effects to "constitute an acceptable risk when weighed against the performance
intended".
c) Accordingly, the manufacturer must undertake the risk-benefit analysis for the
individual risk and the overall risk-benefit analysis (weighing all risks combined against
the benefit) in all cases.
37. 14971 non adherence to the MDD
5. Discretion as to the risk control options/measures:
a)6.2 of ISO 14971 obliges the manufacturer to "use one or more of the following risk
control options in the priority order listed:
i) inherent safety by design;
ii) protective measures in the medical device itself or in the manufacturing process;
iii) information for safety" and leaves a discretion as to the application of these three
options: shall the second or third control option still be used when the first was used? 6.4
indicates that further risk control measures do not need to be taken if, after applying one
of the control options, the risk is judged acceptable according to the criteria of the risk
management plan.
b) However, the second sentence of Section 2 of Annex I to Directive 93/42/EEC requests
"to conform to safety principles, taking account of the generally acknowledged state of
the art" and "to select the most appropriate solutions" by applying cumulatively what has
been called "control options" or "control mechanisms" in the standard.
c) Accordingly, the manufacturer must apply all the "control options" and may not stop
his endeavors if the first or the second control option has reduced the risk to an
"acceptable level" (unless the additional control option(s) do(es) not improve the safety).
38. 14971 non adherence to the MDD
6. Deviation as to the first risk control option:
a) 6.2 of ISO 14971 obliges the manufacturer to "use one or more of the following
risk control options in the priority order listed:
“inherent safety by design ... " without determining what is meant by this term.
a) However, the first indent of the second sentence of Section 2 of Annex I to
Directive 93/42/EEC requires to eliminate or reduce risks as far as possible
(inherently safe design and construction)".
b) Accordingly, as the Directive is more precise than the standard, manufacturers
must apply the former and cannot rely purely on the application of the
standard.
39. 14971 non adherence to the MDD
7. Information of the users influencing the residual risk:
a) The residual risk is in 2.15 and in 6.4 of ISO 14971 defined as the risk remaining
after application of the risk control measures. 6.2 of ISO 14971 regards
"information for safety" to be a control option.
b) However, the last indent of Section 2 of Annex I to Directive 93/42/EEC says that
users shall be informed about the residual risks. This indicates that, according to
Annex I to Directive 93/42/EEC and contrary to the concept of the standard, the
information given to the users does not reduce the (residual) risk any further.
c) Accordingly, manufacturers shall not attribute any additional risk reduction to
the information given to the users.
40. Last but not least
Risk assessment in the new version of ISO 13485:201X
What about risk assessment and the new version of ISO 13485?
41. New 13485:201? And risk assessment
• The publication of the next version of ISO 13485 is postponed to 2016. Welcome
ISO 13485:2016!
• During the last meeting of the Technical Committee Working Group held in July,
the published draft version of ISO 13485 was submitted to the vote of the
Working Group members. The draft was not approved.
• ISO TC 210 is the Technical Committee of the ISO organization
• Risk assessment will appear in section 6.1 mimicry ISO 9001:2015
42. Risk assessment expectation in ISO 13485:2016
http://medicaldevices.bsigroup.com/en-GB/our-services/ISO-13485-Revision/