Search results

Distance between server sites

Most regulations and industry practices do not define any specific distance to recovery sites, because many factors can affect what would be considered a “safe” distance (e.g., type of disaster, access to public services, risk level, etc.). From our experience, we suggest you start a discussion suggesting a distance between 30 miles (50 kilometers) and 100 miles (160 kilometers) away from your primary location and from that analyze your organization's context (a geographic situation, available resources, required investment, etc.).

This article will provide you a further explanation about the distance of recovery site:

• Disaster recovery site – What is the ideal distance from primary site? https://advisera.com/27001academy/knowledgebase/disaster-recovery-site-what-is-the-ideal-distance-from-primary-site/

This material will also help you regarding the distance of the recovery site:

• Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

ISO 9001 punto del diseño y desarrollo

Si realiza algún tipo de diseño y desarrollo, entonces esta cláusula sí que aplica a su organización. Por ejemplo, en el caso de la capacitación, sí que aplicaría la cláusula 8.3 - Diseño y desarrollo si su empresa elabora el material de capacitación o la metodología de aprendizaje. No aplicaría si recibiesen los materiales de capacitación que van a impartir, por ejemplo en el caso de que un organismo gubernamental sea el encargado de suministrar los contenidos que van a utilizar.  

En el caso de validación de equipos probablemente no aplique el numeral, ya que su organización se estará basando en una metodología ya establecida para tal fin.

Para más información sobre la aplicabilidad de la cláusula de diseño y desarrollo, vea los siguientes materiales:

- What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

- ISO 9001 design process explained: https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/

- Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Libro - Discover ISO 90001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Which tool to use for unstructured data?

Yes, the email address is considered personal data when refers to an individual (i.e. name@domain.com, name.surname@domain.com). Email can also contain other personal data, like the signature, or information in the text box. However, GDPR requires to comply with its requirements for every personal data you process either electronically or not (paper-based documents, phone calls, etc.).

If you need to learn how GDPR works, I suggest you follow our online free foundation course:

• EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

We also developed a Toolkit to help you to implement GDPR requirements inside your activity.

• EU GDPR Documentation Toolkit: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ 

• Selection and approval criteria for new suppliers according to IATF 16949

  We certainly have a very robust and multidisciplinary selection process in place as you mentioned. This question was entirely asked for the sub-dealers or representatives working with our approved suppliers. It is pleasing to see that we share the same views on every detail you mentioned. Thank you very much.Best regards

   

• Global background checks

  Guidelines for background checks as you requested require legal expertise, which are out of our line of business (expertise in ISO management systems).

  What we can offer you is a list of some legal requirements per country in this post:

  • Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/

  Please note that this list does not cover all countries nor is fully up-to-date because it depends on voluntary contributions from our readers. To make sure you have the latest list of laws and regulations related to background checks,  it would be best to hire a local legal adviser.

  Regarding the impact of such background checks in complying with the certification, if they are done under the applicable legal requirements that are relevant to the ISMS scope, they will not negatively impact the certification process

  This article will provide you a further explanation about the background checks:

  • How to perform background checks according to ISO 27001 https://advisera.com/27001academy/blog/2018/03/26/how-to-perform-background-checks-according-to-iso-27001/

• Compliance with ISO 45001

  ISO 45001 has some mandatory procedures and records that need to be kept, and these are indicated in the standard with the use of the term “documented information”. When ISO 45001 uses this term, it means you need to document this information; with the additional requirement that when you determine you will have a nonconformance if you don’t document, then you need to document. It is important to remember that Iso 45001 is not just about writing documents though, the important thing is to have the necessary processes for your OHSMS to prevent injury and ill health.

  You can find our full assessment of the mandatory documents in the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001

• Principles of Quality Management System

  Try to see the world from their point of view: What is in it for me? What can I gain from it? What present pain could be removed? What future success could be attained?

   

  The following material will provide you more information:

  • Article - Gaining employee buy-in for your ISO 9001:2015 implementation - https://advisera.com/9001academy/blog/2015/12/15/gaining-employee-buy-in-for-your-iso-90012015-implementation/
  • Article - What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
  • Article - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Quality manual vs Quality system procedure

  First, ISO 9001:2015 does not make mandatory having a quality manual. However, keeping a quality manual can be useful as a collection of high level documents that present and explain how the quality system works and what are its priorities – Please check this article - The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/

  Second, quality manual is not a quality system procedure – Please check this article about quality system documentation structure - How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/

  Third, there is no mandatory structure for a quality system procedure, you may use a flow chart.

• Query on documents for ISO 27001 & ISO 9001

  Since 2012 ISO management systems share many requirements (e.g., documents and records control, internal audit, management review, etc.), so the individual documents for each system still area applicable, and they can be combined in single documents. For documents covering specifics of each standard (e.g., information security risk assessment and treatment, product planning), it is still better to keep them separated

  This article will provide you a further explanation about integrated ISO systems:

  • How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/

  This material can also help you:

  • ISO 27001 vs. ISO 9001 matrix (PDF) https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix

• Is AWS 27001 sufficient to show security?

  With the AWS ISO 27001 certification, AWS complies with a broad, comprehensive security standard and follows best practices in maintaining a secure environment. ... AWS reports, certifications and third party attestations are discussed in more detail later in this document.