Search results

Data Protection Matrix

You need to make an inventory of data processing, for each process you need to identify the lawful basis for data processing, the information given to the data subject, the risk for freedom and rights of the data subject, the security measure taken, and the data retention period.

You can use our Data Mapping and DPIA Toolkit: https://advisera.com/eugdpracademy/eu-gdpr-data-mapping-dpia-toolkit/

You can consider enrolling in our free EU GDPR Foundations Course

• EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• ISMS Risk Assessment & COSO Enterprise Risk Management

  Is there anyone who has implement COSO ERM and ISMS together? Can you use COSO ERM to do ISMS risk assessment? Can someone share how it is being implemented? Do you use any tools?

  Can ISMS use its own risk assessment methodology and approach that is different from COSO ERM?

   

• EMS and Environmental Compliance Software

  I hope I understood your question. Any EMS must be aware of compliance obligations and its changes. I use an Environmental Compliance Software in my work. It allows me to identify environmental legislation changes, its content and applicability.

  You can find more information below:

  • How to create an ISO 14001 list of legal and regulatory requirements - https://advisera.com/14001academy/blog/2019/11/04/iso-14001-legislation-checklist-how-to-create-it/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

• Quality in production and warehousing

  Production, packaging and warehouse for finished products is mainly treated in clauses 8.5, 8.6 and 8.7 of ISO 9001:2015 in things like is concerned with:

  • Specifications for products/services
  • Quality control plans
  • Process control plans
  • Work instructions describing what to do
  • Monitoring resources requirements
  • Specifications for equipment and working environment
  • Competency requirements for people
  • Process validation requirements, if applicable
  • Identification and traceability, if applicable
  • Handling of materials belonging to customers and other outside parties
  • Preservation and protection of products
  • After sales guarantees
  • Quality control activities
  • Treating of nonconformities
     

  You can find more information below:

  • ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - where I extensively use the process approach.
     

• Steps in validation of documents

  As far as I understand your question, top management must determine who has the authority to approve each document relevant for the quality management system.

  So, validating a QMS document requires its approval by an authorized person. Please consider this article - Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/ - with the main steps for controlling documents

  You can find more information about documents and records below:

  • How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
  • New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
  • Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

• Interested party

  Organizations exist to serve interested parties. While trying to do that, organizations are constrained, helped or hindered by other interested parties. So, organizations have to consider and manage what each interested party need or expect in order to meet expected results and minimize risks.

  You can find more information about interested parties below:

  • Understanding the needs & expectations of interested parties in ISO 14001 - https://advisera.com/14001academy/blog/2017/04/03/understanding-the-needs-expectations-of-interested-parties-in-iso-14001/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
     

• ISO 14001 Internal Audit

  I would verify if:

  • all clauses of the standard were audited;
  • there are evidences of the internal auditor’s competency;
  • all nonconformities raised were closed; 

  You can look for more information below:

  • Using internal audits to drive real improvement in ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/using-internal-audits-to-drive-real-improvement-in-iso-140012015/
  • Enroll for free in ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• Is it a requirement that you perform simulations on your Contingency Plans?

  IATF 16949: 2016 standard 6.1.2.3 e) says "periodically test the contingency plans for efficiency (eg simulations as appropriate)".

  Also in article c) "prepare contingency plans for continuity of supply in the event of any of the following: key equipment failures (also see Section 8.5.6.1.1); interruption from externally provided products, processes, and services; recurring natural disasters; wastage; utility interruptions; labor shortages; or infrastructure disruptions".

  In the following case, for the cases specified in article c); testing or simulation is mandatory. The organization can determine the frequency of testing or simulation according to the risk and its impact on the customer.

  So, at least for all cases, you can test or simulate once; then you can determine the frequency according to the results, risk.

• Difference between list of internal documents and list of type of records

  The list of internal documents are all documents that you will prepare for your Quality management system (documented procedures). Records are documents that arise as a result of some work, testing, reports, and similar. 

  For more information, please see the following articles:

  • How to structure Quality Management System documentation according to ISO 13485 https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/

  • Observations about non-conformances

    Yes, you can add OFI (observation for Improvement) to your audit report.

    You can find more information below:

    • ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
    • Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
    • Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
    • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/