6.3 Infrastructure Procedure/Requirement - Example wanted

[pammesue]

I have been looking at the changes to ISO 9001:2008 and making sure we are up to par on our old procedures....
Our auditor must have been blind to not have noticed how lacking we are on 6.3.

Our 6.3 procedure is called Preventative Maintenance, and nowhere in it does it discuss anything other than the PM of the big equipment out on the floor.

Please show me examples of what you have done. Im guessing my first article of business is to rewrite this procedure and call it Infrastructure and figure out how to include all of c) supporting services(such as transport, communication or information systems)!!

thanks for helping me

 

[Groo3]

Re: Can I see a sample of your 6.3 Infrastructure Procedure/Requirement?

Our Infrastructure procedure is very high level and links to our Management of Change procedure and the Maintenance PM procedure, the rest of the Infrastructure procedure is filled with a table outlining the various elements of our infrastructure and who is responsible (directly responsible, or responsible for managing the suppliers) for each... For example, the table identifies which department is responsible for which infrastructure elements (at either the corporate or site level):

• our corporate IT is responsible for all our business cell phones, computers (including back-up services and computer security), fax machines, copiers, program updates, etc.
• site IT is responsible for our telephone system, site computer maintenance and support (including software support), etc.
• our site Maintenance group is responsible for city water, forklifts, fire control equipment, electrical, natural gas, HVAC, landscaping, grounds maintenance, pest control, transportation, waste disposal, recycling, etc.
• our corporate EHS is responsible for our environmental permits, our safety equipment (including hard-hats, safety glasses, gloves, etc.), MSDS's, etc.
• etc.

 

[Colin]

Groo3, I like the sound of what you have done to address this. There is no requirement to have a documented procedure to address 6.3 & 6.4 and in many cases, it would be pretty ineffective to have one just for the sake of it.

Of course, in more specialised industries like pharmaceuticals and food, that may be different but generally, I would not have a documented procedure. I think identifying what needs to be done and assigning responsibilities is the way to go. It is then down to the person responsible to control each process how ever they see fit and works best.

 

[somashekar]

I have been looking at the changes to ISO 9001:2008 and making sure we are up to par on our old procedures....
Our auditor must have been blind to not have noticed how lacking we are on 6.3.

Our 6.3 procedure is called Preventative Maintenance, and nowhere in it does it discuss anything other than the PM of the big equipment out on the floor.

Please show me examples of what you have done. Im guessing my first article of business is to rewrite this procedure and call it Infrastructure and figure out how to include all of c) supporting services(such as transport, communication or information systems)!!

thanks for helping me

First determine your requirement of infrastructure as applicable to your products and to organization., like for example Captive power generator, AHU, Air compressor manufacturing machines , other equipments, etc etc., transport vehicles other material handling equipments, data base servers , telecom, video conferencing setup, etc etc etc ... you determine what you need broadly. bring them in the top management's commitment to provide by way of an output in the management review records. Now you provide them and maintain them. Decide to have your procedures for the maintenance and records of maintenance to demonstrate this maintenance activity ...

 

[DrM2u]

(...) There is no requirement to have a documented procedure to address 6.3 & 6.4 and in many cases, it would be pretty ineffective to have one just for the sake of it.

Of course, in more specialised industries like pharmaceuticals and food, that may be different but generally, I would not have a documented procedure. I think identifying what needs to be done and assigning responsibilities is the way to go. It is then down to the person responsible to control each process how ever they see fit and works best.

I echo Colin's statement. Why develop a procedure if it is not required and in some cases not necessary?!? A documented procedure could lead to discrepancies between the actual practice and the documentation, grounds for the auditor to pick and expand on.

 

[pammesue]

but, nowhere is this(IT, Transport, communicaiton, utilities etc) mentioned. If the auditor questions these items, I totally have no response.

We "know" that our IT department takes care of things. I guess that when that time comes the auditor would call the IT dept and ask them how they do things? There is no procedure or policies regarding anything regarding 6.3 except our PM program for the machines on the floor.

 

[DrM2u]

but, nowhere is this(IT, Transport, communicaiton, utilities etc) mentioned. If the auditor questions these items, I totally have no response.

We "know" that our IT department takes care of things. I guess that when that time comes the auditor would call the IT dept and ask them how they do things? There is no procedure or policies regarding anything regarding 6.3 except our PM program for the machines on the floor.

:truce: Oh, dear, but you do! Wherever you have a process you should have a systematic method of executing that process. This method is commonly known as 'procedure' and sometimes it is documented. So, when your IT department 'takes care of things' (the process) they probably follow a procedure (documented or not). You might not need to know it but they do and should be able to demonstrate it to the auditor!

 

[sueliu - 2012]

I know this is an old thread, but I hope I can get some feedback here.
I've written the following parts in the Quality Manual to meet the requirement of Clause 6.3 and 6.4 of ISO 13485. Can somebody comment on this? It is for a software medical device company.


6.3 Infrastructure
ABC determines and manages the work environment needed to achieve conformity to product requirements. ABC develops medical device software using standard PC and Macintosh computer equipment running on a standard Microsoft Windows network. Maintenance, in the conventional sense as it regards process equipment, is not applicable to our environment.

6.4 Work environment
The work environment at ABC is a typical office environment for a software development organization. A documented protection of software work environment has identified three areas of risk in terms of product quality or disruption to operations: Backups, Version Control, and Virus Protection. No special environmental or cleanliness controls are applicable.

 

[DrM2u]

I know this is an old thread, but I hope I can get some feedback here.
I've written the following parts in the Quality Manual to meet the requirement of Clause 6.3 and 6.4 of ISO 13485. Can somebody comment on this? It is for a software medical device company.

Since you've asked ... here's my :

- nowhere in the standard is required that your quality manual addresses each clause individually (see requirements of clause 4.2.2).
- the first part of your 6.3 statement sounds like your organization's scope; try to avoid redundant statements because they create grouds for discrepancies
- 6.3: there is no maintenance for your PCs?!? no regular cleaning & dusting inside, no software updates, no change of components or even complete replacement?
- 6.4: can anyone access your work environment? could temperature, humidity, pressure, fire or water hazards have any impact on your product? if yes, how are these controlled and prevented?
- 6.4: any safety concerns? what happens if someone gets injured at work? how does that affect the product and/or the customer?
- what is the benefit TO YOUR ORGANIZATION to state these things in writing? does anyone within the company read this on a regular basis?

 

[ChrissieO]

Re: Can I see a sample of your 6.3 Infrastructure Procedure/Requirement?

Our Infrastructure procedure is very high level and links to our Management of Change procedure and the Maintenance PM procedure, the rest of the Infrastructure procedure is filled with a table outlining the various elements of our infrastructure and who is responsible (directly responsible, or responsible for managing the suppliers) for each... For example, the table identifies which department is responsible for which infrastructure elements (at either the corporate or site level):

• our corporate IT is responsible for all our business cell phones, computers (including back-up services and computer security), fax machines, copiers, program updates, etc.
• site IT is responsible for our telephone system, site computer maintenance and support (including software support), etc.
• our site Maintenance group is responsible for city water, forklifts, fire control equipment, electrical, natural gas, HVAC, landscaping, grounds maintenance, pest control, transportation, waste disposal, recycling, etc.
• our corporate EHS is responsible for our environmental permits, our safety equipment (including hard-hats, safety glasses, gloves, etc.), MSDS's, etc.
• etc.

As Colin has said, it is not a requirement to have a documented procedure for 9001, but it keeps our external TS auditors happy. Ours is along similar lines to yourself:-

Scope

This procedure is valid for the Infrastructure & Work Environment within the ***** UK Logistics organisation.

Introduction

Infrastructure and Work Environment deemed necessary to achieve conformity of product and service requirements have been outlined by ***** UK Logistics Management team.

Infrastructure

***** will determine, manage and provide suitable facilities to perform the appropriate business tasks and functions to achieve conformity to product and service requirements.

Work environment

The working environment shall be suitable to perform the expected tasks in a professional manner. These shall comply with current and relevant health and safety legislation.

Chrissie