ISO 13485 - Security and Control of ERP System

R

rdesmond

#1
Hello!

We are a contract manufacturer working toward an ISO13485 registration. Question about control of production: we have an old ERP system & are working toward a new one but not in time for a REG audit. The system itself has no security controls per se; i.e. anyone sufficiently skilled & motivated could make changes, however this has not happened without our documented change & approval process so far. We use this system to issue job orders / travelers that designate a lot # and reference the process steps, documents, materials, etc. I am already transferring the forms that print out into our Doc system that does have the customary controls, however we have to issue production lots from the existing system. It ties to everything - shipping, billing, etc. The question then, is can we use a Risk Analysis to possibly justify the continued use of this system for the travelers & let them still contain the same information? Things like materials are referenced which, again tie-in to our ERP system. I understand the necessity of control, and indeed, we are heading in that direction. I just need to know what will be acceptable to a REG auditor in addressing this. THANK YOU Very much for any assistance that you can provide!!:bigwave:
 
Elsmar Forum Sponsor
I

isoalchemist

#2
:2cents:The Auditors or the FDA is be focused on ?Control? of the system to ensure the documentation that is created out of the system is what was intended and has not been changed outside of your process. If your process is small and stable this could be as simple as an approved specification that is compared against prior to release to manufacturing.
You stated ?anyone sufficiently skilled & motivated? could make changes but that is true of most ERP systems especially in smaller organizations where individuals wear many hats and have access to certain areas they ?should not be allowed? because they require access to others. Most ERP systems have some level of security it just may not be set up (especially in smaller organizations IMHO).
The Risk analysis is an approach that could work, but personally I would look hard again at other control points. With that said the Risk Analysis would point out potential control point if done well. Good Luck with your Audit!
 
Thread starter Similar threads Forum Replies Date
P ISO 13485 and network security protection - Medical device manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 5
Ed Panek ISO 13485:2016 Section 5.5.3 ISO 13485:2016 - Medical Device Quality Management Systems 3
ebrahim QMS as per ISO 13485, Clause 4.2 Requirements for regulatory purposes for Medical Devices Authorized Representatives. ISO 13485:2016 - Medical Device Quality Management Systems 3
D ISO 13485 scope (implantable) - Polymers for dental application EU Medical Device Regulations 9
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
A ISO 13485 procedure change and reflect to legacy manufacture items ISO 13485:2016 - Medical Device Quality Management Systems 2
D ISO 13485 & CE Certification for Surgical Gloves CE Marking (Conformité Européene) / CB Scheme 0
S Inventory Listing and ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 3
M ISO 13485:2016 Certification Scope ISO 13485:2016 - Medical Device Quality Management Systems 2
D Reports under change management | ISO 13485:2016 & ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 3
M Scope for ISO 13485 Certification of a Translation Service Provider ISO 13485:2016 - Medical Device Quality Management Systems 17
Q ISO 13485 7.5.6 Validation - Off the shelf Software ISO 13485:2016 - Medical Device Quality Management Systems 3
A ISO 13485 Certification for Resin Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 4
A ISO 13485 Sterilization Clause Applicability ISO 13485:2016 - Medical Device Quality Management Systems 7
K ISO 13485 and compliance of electronic signature ISO 13485:2016 - Medical Device Quality Management Systems 5
T ISO 13485 - Assembly instructions written vs. online ISO 13485:2016 - Medical Device Quality Management Systems 5
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
N 93/42/EEC certification without ISO 13485 EU Medical Device Regulations 3
M How Specific in an ISO 13485:2016 Scope for a Contract Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 9
A ISO 13485 for Class 1 Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 7
0 ISO 13485:2016 Chapter 8 Integration of the subsections ISO 13485:2016 - Medical Device Quality Management Systems 3
M Change in Constitution / Ownership of firm -------ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
E ISO 13485 QMS certification as a Supplier ISO 13485:2016 - Medical Device Quality Management Systems 8
T ISO 13485:2016 Clauses related to process matrix ISO 13485:2016 - Medical Device Quality Management Systems 3
J Can signed agreements over-ride review of every "contract" under ISO 13485:2016? ISO 13485:2016 - Medical Device Quality Management Systems 2
J Implementing an ISO 13485 QMS Software ISO 13485:2016 - Medical Device Quality Management Systems 6
Q EN ISO 13485:2016/AC:2018 - AC:2018 being stated in the applicable harmonized standard listing Other ISO and International Standards and European Regulations 1
J Leveraging another company's ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 5
J New Job Position - Achieving ISO 13485 Certification ISO 13485:2016 - Medical Device Quality Management Systems 5
A Scope of ISO 13485 certificate ISO 13485:2016 - Medical Device Quality Management Systems 1
A ASL requirement when the supplier is certified for ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 6
M ISO 13485-2016 online certification ISO 13485:2016 - Medical Device Quality Management Systems 3
S Thoughts on managing ISO 9001, 13485, IATF 16949 and 17025 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
S Supplier Management ISO 13485: 2016- Which supplier needs to fill in a self assessment form? ISO 13485:2016 - Medical Device Quality Management Systems 6
J Possible to get ISO 13485 certified with only OEM Product? ISO 13485:2016 - Medical Device Quality Management Systems 4
D Definition of equipment for ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
M ISO 13485:2016 Complaint Definition Clarity Customer Complaints 2
D Rules for Paper Forms outside of an eQMS - 3 Questions (ISO 13485) Document Control Systems, Procedures, Forms and Templates 9
S Qualification question - ISO 13485 - Setting up a small lab Reliability Analysis - Predictions, Testing and Standards 2
K ISO 13485 clause 8.5.2 'Any necessary CA shall be taken without undue delay' ISO 13485:2016 - Medical Device Quality Management Systems 11
J How much to charge for helping a startup company with initial ISO 13485 certification? Consultants and Consulting 3
J ISO 13485 System 'soft start' - How to best reflect this in initial audits, management review minutes and other records? ISO 13485:2016 - Medical Device Quality Management Systems 3
D ISO 13485 - 7.3.6 Design and development verification - Do most folks create a separate SOP? ISO 13485:2016 - Medical Device Quality Management Systems 6
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
D ISO 13485 8.2.1 and 8.2.2 - Customer Feedback and Customer Complaints ISO 13485:2016 - Medical Device Quality Management Systems 5
Sravan Manchikanti How to interpret '8.3 Control of nonconforming product' for SaMD device while implementing ISO 13485 & MDSAP ISO 13485:2016 - Medical Device Quality Management Systems 7
M Getting started in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 31
P ISO 13485:2016 MDSAP Certification Fee Survey ISO 13485:2016 - Medical Device Quality Management Systems 6
C SOP Template needed for ISO 13485 6.3 Infrastructure ISO 13485:2016 - Medical Device Quality Management Systems 9
T ISO 13485 8.3 - Non-Conforming Materials - on-line rework or part of process? ISO 13485:2016 - Medical Device Quality Management Systems 11

Similar threads

Top Bottom