Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 14001 lineamiemtos precisos para establecer en una empresa minera

    La implementación de ISO 14001:2015 en una empresa minera es igual que en otro tipo de sectores, teniendo en cuenta que en el caso del sector de la minería se emplean muchos recursos naturales y por lo tanto hay número de aspectos ambientales e impactos significativos para los cuales se tendrán que implantar los consecuentes controles operacionales. 

    También es importante destacar la necesidad de estar al día en cuanto a los requisitos de cumplimiento, especialmente regulatorios, que son bastante numerosos en el sector de la minería, pero también aquellos relacionados con los requisitos contractuales

    En primer lugar es muy importante contar con el apoyo lo de la alta dirección, que va a facilitar los recursos tanto de personal como económicos para poder llevar a cabo el proyecto de implementación.

    Más adelante puede llevar a cabo un análisis de brecha (o GAP, por sus siglas en inglés) que le ayudará a identificar aquellos requisitos con los que la organización aún no cumple. Esto le va a facilitar la implementación ya que reducirá significativamente el tiempo de implementación. Aquí puede llevar a cabo el análisis de forma gratuita - Herramienta de análisis de brecha en ISO 14001: https://advisera.com/14001academy/es/herramienta-gap-analysis-iso-140012015/

    También le recomiendo que defina un plan de proyecto, donde determine las responsabilidades, hitos durante la implementación, plazos, etc. Aquí puede descargar de forma gratuita un plan de proyecto - Project Plan for ISO 14001:2015 implementation: https://info.advisera.com/14001academy/free-download/project-plan-for-iso-140012015-implementation-ms-powerpoint

    Más tarde ya podrían empezar con lo que es la implementación en sí de la norma, definiendo el alcance del Sistema de Gestión Ambiental, para lo cual le recomiendo que primeramente de las cuestiones internas y externas del contexto de la organización, ya que le puede ser de gran ayuda a la hora de saber cuáles van a ser los límites de su SGA. A continuación, puede determinar tanto la política de su SGA así como los objetivos del SGA. Aquí puede obtener más información de cómo definir el alcance de su SGA - How to determine the scope of the EMS according to ISO 14001:2015: https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/

    Más adentante, deberá de establecer todos los procesos relacionados con el sistema e implentarlos para finalmente realizar la auditoría interna y finalmente llevar a cabo la revisión por la dirección.

    Estos materiales  pueden ayudarle a saber cuáles son los pasos en la implementación de ISO 14001:2015:

    - Why mining companies should obtain ISO 14001 certification: https://advisera.com/14001academy/blog/2018/04/17/why-mining-companies-should-obtain-iso-14001-certification/

    - Artículo: Lista de pasos para la implementación de la ISO 14001: https://advisera.com/14001academy/es/knowledgebase/lista-de-pasos-para-la-implementacion-de-la-iso-14001/

    - Curso gratuito - Fundamentos de ISO 14001:2015:  https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

    - Libro - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/

  • Documents needed in term of testing methods

    You asked 

    ....what all documents would we need in term of testing for the said methods? for example, do I need to validate/ verify these methods?

    Yes, you do need to validate all test methods that are going to be on your scope of accreditation. You need to meet requirements of ISO 17025 clauses 7.2 and 7.6 for this activity

    You would need to include at least all mandatory procedures and records.
    See the Whitepaper Checklist of mandatory documents required by ISO 17025:2017
    For more detail on what is requires, read the whitepaper Clause-by-clause explanation of ISO 17025:2017
    Both are available for download from https://advisera.com/17025academy/free-downloads/

    You asked How?

    The ISO 17025 toolkit includes the procedure for validation and verification of methods, named Test and Calibration Method Procedure, along with two supporting documents Test Method Development, Verification and Validation Register and Test Method Development, Verification and Validation Record. The procedure is also available separately at https://advisera.com/17025academy/documentation/test-and-calibration-method-procedure/

    The overall techniques for method validation are listed as well as the required records. It is the responsibility of the laboratory to choose the suitable technique and performance parameters, plan experiments and use suitable calculations. This is not in the scope of the toolkit. It is important to reference sector specific guidelines and meet specific regulatory and accreditation body requirements. 

  • Questions regarding EU GDPR & ISO 27001 Integrated Documentation Toolkit

    1. Regarding EU GDPR & ISO 27001 Integrated Documentation Toolkit:
    Does it cover also ISO 27701:2019?

    Please note that ISO 27701 was developed as an extension of ISO 27001 and ISO 27002. Considering that, ISO27001/GDPR toolkit is approximately 80% compliant with ISO 27701. The remaining 20% refers to small adjustments to include the protection of privacy in the context of the documents (e.g., where a document states “information security”, it now should state “information security and privacy”, and applicable controls should consider complementary privacy protection measures), and the inclusion of applicable controls specifically developed for ISO 27701 (in a total of 49 controls).

    For further information, read:

    2. Does it cover also GDPR cases where EU customer personal data is processed outside of EU in a country like ***? (like using standard data protection clauses adopted by the EU Commission, etc?)

    The EU GDPR & ISO 27001 Integrated Documentation Toolkit has a full section dedicated to the transfer of personal data in a third country. The templates are indicated for all controllers subject to the EU GDPR wherever they are located. This section of the EU GDPR & ISO 27001 Integrated Documentation Toolkit includes templates of:

    • Cross Border Personal Data Transfer Procedure
    • Processor GDPR Compliance Questionnaire
    • Supplier Data Processing Agreement
    • Controller to Controller Data Processing Agreement
    • Agreement for the Appointment of an EU Representative

    3. Does there exist an employee contract template which takes into account GDPR?

    Employee contracts are subject to local labor legislation so there is not template. However, in the EU GDPR & ISO 27001 Integrated Documentation Toolkit you can find:

    • The Employee personal data protection policy on how the company handles the personal data of its own employee
    • The employee privacy notice to inform the employee about the processing of their own personal data by the company when signing a job contract
    • In the security measures section, there are most policies about how employees should handle personal data (of clients, suppliers, colleagues) like Access control policies, teleworking policies, etc. These policies should be known by employees and can be attached to their job contracts.

    For more information, see:

    4. Does there exist a B2B contract template which takes into account GDPR when processing EU customer personal data in a country like ***?

    As mentioned above, in the section of the EU GDPR & ISO 27001 Integrated Documentation Toolkit about data transfer there are some templates about the data transfer between controller and processor and among controllers.
    This agreement can be used as an annex to the B2B agreement (your general terms and conditions) and signed jointly. You need to remember to insert a clause in your B2B agreement in which undertakers are aware of compliance with GDPR requirements and comply with the terms in the attached data processing agreement. Of course, you should also mention compliance with your local privacy law requirements!

    This article may provide additional information:

    5. Does there exist a B2B contract template which takes into account GDPR when EU customer personal data is processed outside of EU in a country like ***??

    Because of the extraterritorial applicability of the EU GDPR, templates are not affected by the location of the company but only if the company is subjected to the EU GDPR requirements. If so, and the processing takes place in a third country, the transfer of the data section of the Toolkit will help to comply with contractual requirements. The easiest way is to develop a Data Processing Agreement and Standard Contractual Clauses as annexes to your own B2B agreement template (which vary depending on your own kind of activity).

    To understand how to comply with GDPR requirements when a transfer of data outside the EU is involved, you can consider enrolling in our free online training:

  • ISO / IEC 38500 question

    Do you have any thoughts on the ISO/IEC 38500?

    SO/IEC 38500 provides guiding principles for governance specifically directed for Information Technology. It can be used to help integrate business strategy, information technology, and information security initiatives.

    For additional information, see:

    Would we want to add this after our ISO/IEC 27001 that we are working on?

    ISO 27001 does not require the implementation of any other standard, so the decision about the application of ISO/IEC 38500 would depend on the evaluation of potential benefits that can be achieved and the costs of implementing an additional standard.

    Also, in regards to the ISO 22301, does this compliment the GDPR that we are working on?

    ISO 22301 is about business continuity and resilience of systems. It can help you to demonstrate compliance with security measures under Article 32 GDPR (which requires technical and organizational security measures) but it does not cover all GDPR requirements (i.e. the information to be provided to data subjects, or the respect of data subject rights are outside the purposes of ISO 22301 and they are the core of GDPR). GDPR refers to all data processing regardless of the form and it is not only about data security (yet it is crucial), it is also about information, transparency, and lawful processing.

    For more information, see:

  • 04.2 Personal Data Protection Policy Integrated

    The Toolkit requires you to insert your national privacy law if any. Most countries, even EU Member States adopted internal laws and regulations to implement GDPR requirements in certain fields. Video surveillance, controls of workers, social security, criminal conviction, or health data are some examples of topics nationally implemented. 

    You should consult the website of your local Data Protection Authority (or Surveillance Authority) to discover what are the applicable laws and regulations adopted in your country. Therefore, you should check if your organization is subjected to other extraterritorial privacy laws like the California Consumer Protection Act (CCPA) or the Brazilian Data Protection Act (LGPD). In such a case, you should also insert those references in your data protection policy.

    Here you can find the list of relevant Data Protection Authorities and the list of laws and regulations on information security:

  • A.9.2.5 Review of user access rights

    Please note that ISO 27001 does not prescribe how to document the review, so organizations can develop the form as best fit their needs.

    Considering that, to record reviewed access rights you can use the Internal Audit Report template included in your toolkit, using the field Audit Trail to record this information.

    In case you need a more generic approach, you can use a word or excel file.

    In both cases, it is important to cover at least this information:

    • review date
    • who performed the review
    • who approved the review
    • name of system/network / service / physical area reviewed
    • results of the review: uses reviewed and if they were compliant or not with the defined access rules

  • Aerospace and Napcap standards

    The aerospace community have taken the ISO 9001:2015 standard and added some aerospace specific requirements into it, releasing this document as the AS9100 Rev D standard (https://advisera.com/9100academy/what-is-as9100/) which forms the requirements for a quality management system for aircraft, space and defense organizations. This standard is audited using a process audit approach just as other ISO standards for management systems are. It should also be noted that there is a replacement QMS standard for 2 specific types of aerospace companies; aircraft repair and overhaul organizations (AS9110) and stockist distributors (AS9120). Both of these standards are also based on ISO 9001:2015 but have different additions than AS9100 which is more generic. Training for AS 9100 auditing can be obtained from many of the same organizations that train for ISO 9001 auditing.

    NADCAP auditing, on the other hand, is not like process auditing of a management system. This is a compliance auditing against the specific requirements for a NADCAP process to certify that each and every detailed requirement is met in the process; step by step. For this type of auditing, you would need to contact a NADCAP certified training organization where they can train and certify you to do NADCAP auditing. This may only be necessary for a company that has NADCAP specific processes.

    You can read more on the companion standards to AS9100 in the article:

Page 230-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +