Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Binding Corporate rules

    If a company is based in non-European country wants to transfer European data to non-European country, what are GDPR requirements?


    GDPR requirements for the transfer of data outside the EU are listed in Chapter V GDPR and require to the data controller to ensure that the level of data protection offered by the GDPR is not undermined. The steps are the following:
    1. Verify if the destination country benefits from an adequate decision of the EU Commission. If so, you can proceed with the data transfer. Here you can find the countries with adequacy decisions: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
    2. If the country importing EU data is not included you need to assess the security of the country and select another transfer mechanism like the Standard Contractual Clauses (SCC) which incorporates the requirements of the EU GDPR.  https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes
     

    Does a company need to create binding corporate rules if it has only one branch?


    No, the mechanism of approval of Binding corporate rules is long and complex and requires approval from the Supervisory Authority or the European Commission. Usually, large multinational company groups require the approval of Binding Corporate Rules (BCR), while many companies (included large tech companies, like Google) prefer the Standard Contractual Clauses.

    Is there any available approved binding corporate rules approved by authorities to be followed


    Yes, I believe you can find it on the web, but the BCR adapts to the structure of the company, is tailored to the processing and transfers.

    Here you can find more information about data transfer:
    3 steps for data transfers according to GDPR https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
    EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/

  • Stage-1 Audit

    1. What do auditor look for in Stage- 1 audit?

    According to IATF 16949:2016 rules 5; the documents, I mentioned below should be ready for Stage -1 audit. In other words, the quality management system should be established, an internal audit should be done, and a management review should be completed before the stage 1 audit.

    Documents and subjects should be ready before Stage 1 audit:

      a) Description of the remote location and the support they provide.

      b) Description of processes showing the sequence and interactions, including the identification of remote supporting functions and outsourced processes.

      c) Key indicators and performance trends for the previous twelve (12) months, minimum.

      d) Evidence that all the requirements of IATF 16949 are addressed by the client's processes.

      e) Quality manual, including the interactions with support functions on-site or remote.

      f) Evidence of one full cycle of internal audits to IATF 16949 followed by a management review.

      g) List of qualified internal auditors and the criteria for qualification.

      h) List of automotive customers and their customer-specific requirements, if applicable.

      i) Customer complaint summary and responses, scorecards, and special status, if applicable.

    2. Is it mandatory that MRM & Internal audit is conducted before a stage-1 audit?

    As you can see as listed above, the completion of the management review and internal audits are mandatory matters.

  • Lead Auditor vs Lead implementer courses

    A lead implementer can work as lead auditor if he or she does not audit her own work, that can happen if the lead implementer is also a member of the audited organization.

    About course adequacy this is my recommendation:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/7fc00ef0-54be-4e9b-a220-7e6bfd7d7835

  • Question about software

    The hash is a random set of characters that can be used to uniquely identify a file, and it is provided so you can verify if a downloaded file is a valid copy of the one you wanted to download (i.e., you can verify if the downloaded file was not tampered with).

    The process is simple:

    • you download the file
    • you use the file with a hash generator (you can easily find free hash generators on the Internet) and check the generated sequence against the hash provided by the site. If the values are equal the file is ok (i.e., it is a copy of the file provided by the site).

  • What does it mean to have security classification in a document?

    To have a security classification in a document means that this document requires to be protected according to a set of rules, depending on the security classification level.

    For example, considering the confidentiality point of view, top-secret documents need to be protected against loss of confidentiality, while public documents do not require such protection.

    This article will provide you with a further explanation about information classification:

    This material will also help you regarding information classification:

  • Conformio - Justification in SoA

    ISO 27001 requires a justification for all applicable controls (clause 6.1.3 “d”), so if you are adding controls in the Statement of Applicability you need to fill in the ‘justification’ field to be compliant with the standard.  

    This article will provide you a further explanation about the Statement of Applicability:

  • Environmental Standard Maintenance

    No. A new version makes previous versions obsolete.

    So, if you are about to start working with ISO 14001:2015 perhaps the following information may be useful for you.

  • Project Plan for ISMS Implementation

    A mentor is someone closer to an advisor, i.e., he gives suggestions on matters related to the project (e.g., project management, information security, ISO 27001, etc.) and provides experience about previous situations he had encountered, so that the project team can have more information to make a decision on how to act, while a consultant can also have a more direct role in the project, carrying out tasks.

    About where to find a mentor, in general, he is someone who already works in the organization. In case such a person is not available in your organization, you can seek one on work-oriented social networks, like LinkedIn.

  • Chemistry

    A competent ISO 9001 auditor should have the necessary auditing skills to assess conformance of management requirements of any quality management system, thus in ISO 17025 all the clauses of Clause 8. This is because the management requirements are based on ISO 9001, and the auditor would use an ISO 17025 checklist and your own documented procedures as the criteria. 

    The shortfall is that an ISO 9001 auditor would not be able to audit the technical requirements of 17025 – in fact, many ISO 17025 lead auditors would not be able to either, if they have no technical knowledge of ISO 17025 and the test methods. It requires knowledge of techniques and method risks.

    The following will provide more information on Internal Audits:

    How to perform an internal audit using ISO 19011 at https://info.advisera.com/free-download/how-to-perform-an-internal-audit-using-iso-19011
    ISO 17025 document template: Internal Audit Procedure at https://advisera.com/17025academy/documentation/internal-audit-procedure/
    Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
    Book - ISO internal audit: A plain English guide at https://advisera.com/books/iso-internal-audit-plain-english-guide/
Page 123-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +