Search results

Minimum required distance between a primary and secondary data center

ISO 9001 Implementation and Procedures

Setup a project sponsor, a project manager and a project team. Ensure top management support, get training and as a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis you can develop your Project Plan, listing what needs to be done, by whom, until when.

Then, an important step is to design a model of how your organization work as a set of interrelated processes. For example:

Decide how to describe, procedures and/or work instructions, and monitor those processes. You can accelerate implementation by customizing a documentation set like our ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/

From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

This is a very short description of the journey but below you can find more detailed information:

• Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
• Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
• Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
• ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• Enroll for free course - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Compliance check: Controller with no establishment and/or representative in EEA - Data and processing happens within EEA

In order to be compliant, you need to appoint a representative in the EU this is an obligation of the controller stated in Article 27 GDPR and you should appoint it in Ireland since you are going to store data in that country. In fact, according to Article 27 paragraph 3 GDPR  “The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behavior is monitored, are.”

You don’t need a representative if the processing:

• is occasional,
• does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offenses referred to in Article 10,
• and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope, and purposes of the processing.
• is carried by a public authority or body. 

Appointing a representative is not too difficult, you require a service contract with an individual, a company, or organization established in the EU, who must be able to represent you regarding your obligations under the EU GDPR (e.g. a law firm, consultancy or private company).

Of course, you need also to comply with all the GDPR requirements.

You can find more information here:

• What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
• 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/
• List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
• A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/ 

You can also consider enrolling in our free EU GDPR Foundations Course

EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Meaning of "E" in ISO 27001:2013(E)

The (E) complement at the end of the name of the standard means the language on which it was written was English. According to the ISO/IEC Directives, Part 1 Consolidated ISO Supplement, ISO official languages are English (E), French (F), and Russian (R): https://www.iso.org/sites/directives/current/consolidated/index.xhtml

ISO27001 Documentation and Accreditation - Thank you!

I received notification from my Auditor today that we have achieved accreditation with 0 non-conformities and in 6 months from commencement.  I had never tackled this type of thing before I would like to say that I don't believe this would have been acheived had I not purchased your documentation and training videos along with this discussion site.  I thank you very much for your support and material, it proved invaluable to me.  

My next challenge will be ISO9001 and I will not hesitate to purchase your documentation again for this standard.

ISO 13485:2016 clause 4.1.1 - documenting roles

You can also present it in some chart, in the table or just in the text where you will describe the roles of a particular entity.

• EU MDR Article 11 Authorised representative https://advisera.com/13485academy/mdr/authorised-representative/
• EU MDR Article 13 General obligations of importers https://advisera.com/13485academy/mdr/general-obligations-of-importers/
• EU MDR Article 14 General obligations of distributors https://advisera.com/13485academy/mdr/general-obligations-of-distributors/