Search results

EU GDPR Readiness Assessment - Supervisory Authority

"On Q23, of EU GDPR Readiness Assessment

23) Is a process in place to ensure the appropriate supervisory authority is notified within 72 hours of a confirmed data breach?

Who would the "Supervisory Authority" be? If in US, who? If in EU who?

Supervisory Authority is your own country Data Protection Authority as established in article 51 GDPR.

You can find the full list of Data Protection Authorities in the following link.

If you are based in the US, you may have a representative in the EU and therefore you will notify the Data Protection Authority of the country where your EU representative under article 27 GDPR is located.

If you do not have an EU representative (i.e. your data processing is occasional), and you are based in the US, you should, in any case, follow the Federal Trade Commission’s guidelines on data breach: https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business

Useful resources for complying with EU GDPR: https://advisera.com/eugdpracademy/knowledgebase/useful-links/

Basically, who is to be notified within 72 hours of confirmed data breach?"

According to article 33 GDPR, the data controller must notify the data breach to its own country data protection authority without undue delay and within 72 hours. If there is a risk for freedom and rights of data subjects, it may be requested to notify the data breach to data subjects in order to allow them to take precautions. Paragraph 86 of the Preamble of GDPR states that such notification shall be made without undue delay within 72 hours or in accordance with the Supervisory Authority instructions.

Here you can find some useful resources about Data protection Authorities:

• The obligations of controllers towards Data Protection Authorities according to GDPR:  https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/
• Free webinar – What to expect from Data Protection Authorities under GDPR: https://advisera.com/eugdpracademy/webinar/what-to-expect-from-data-protection-authorities-under-gdpr-free-webinar-on-demand/

You may also consider enrolling in this online EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

ISO/IEC 17025:2017 accreditation timeline

We are vetting an opportunity to expand our lab for Heavy Metal testing and pathogen testing (salmonella). What type of timeline would you suggest after a lab is fully operational including ISO/IEC 17025:2017 accreditation?   Best guess in getting a lab certification set up? I’m assuming some amount of time before lab is operational to get application data submitted and then some amount of time after the lab is operational to validate procedures, processes, etc. and then finally third party validation. Is this a fair assessment?

I would not be able to accurately predict a timeframe. This will depend on your situation and resources. Processes, including technical competencies for people and equipment need to be established; validations and calibrations performed; procurement of materials made, including reference materials; and enrolment and participation in an interlaboratory proficiency scheme need to be complete. If all is available and implementation is efficient, typically it would take a minimum of 3 months to implement and then on the application for accreditation, it is typically another 3 months at least before assessment.

Accreditation assessment starts with a document review by the accreditation body, so it may be possible to complete certain activities, such a complete your audit program, and perhaps management review between applying and the initial assessment.

The effective implementation of an ISO 17025 provides the grounding to achieve consistency. It is a balance between urgency and thoroughness.

Have a look at the free Diagram of ISO 17025 Implementation Process https://info.advisera.com/17025academy/free-download/diagram-of-iso-17025-implementation-process

We also have a Free webinar – What are the steps in the ISO 17025 accreditation process? at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar-on-demand/

Other recommendations? I noticed that the site mentions familiarity training. Are you all an approved certified body for ISO17025 audits?"

See the ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/, in the Compare Toolkit Options Section for more detail.

Marco de gestión para la calidad de servicios

Los requisitos para cumplir con la norma ISO 9001:2015 son los mismos. Es decir, debe comenzar haciendo un análisis GAP que va a ayudarle a detectar los requisitos de la norma con los que aún no cumple. Esta herramienta puede encontrarla de forma gratuita en nuestra web - Herramienta de análisis de brecha ISO 9001:  https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/

Posteriormente puede comenzar determinando las cuestiones internas y externas de su organización, es decir, el contexto de la organización. Esto va a ayudarle a definir el alcance de su sistema de gestión de calidad. Luego ya podría seguir escribiendo la política de calidad, los objetivos de calidad, abordar los riesgos y oportunidades, etc. En este artículo puede encontrar cada uno de los pasos necesarios para implementar la norma - Checklist of ISO 9001 implementation and certification steps: https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/

La gran diferencia de una empresa de tecnologías de la información con el resto de organizaciones es que una vez que el producto está diseñado, ya no requiere del proceso de producción como en la industria manufacturera, por lo que el diseño y desarrollo es la producción y el proceso debe cumplir con los requisitos de ambas cláusulas 8.3 (diseño y desarrollo de productos y servicios) y 8.5 (provisión de productos y servicios) al mismo tiempo.

Para más información sobre la gestión para la calidad de servicios de tecnologías de información, vea los siguientes materiales:

- Artículo - Case study: Design and development in the software industry: https://advisera.com/9001academy/blog/2017/02/08/case-study-design-and-development-in-the-software-industry/

- Curso gratuito en línea - Fundamentos de ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 14001 importance

ISO 14001 is the one that is certifiable. The other environmental standards are mostly about specific topics, not about a whole environmental management system. Many organizations, while implementing an ISO 14001 environmental management system use other standards as an aide.

Here - STANDARDS BY ISO/TC 207 Environmental management - https://www.iso.org/committee/54808/x/catalogue/p/1/u/0/w/0/d/0 - you can see the whole ISO 14000 family of standards.

Please, check also this article - List of Environmental Management Standards and Frameworks - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-environmental-management-standards-and-frameworks/

ISO 9001 scope

An organization with multiple functional sites (similar functions) can have the same scope for all sites. For example, a certified organization can have one certification and include in the same certificate with one scope a list of the different locations included.

The following material will provide you more information about the scope:

• How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
• Free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope -
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISO 14001 benefits for mining companies

Benefits that miners and mining enterprises have found from implementing a certified ISO 14001 EMS include:

• ISO 14001 registration for market recognition, and stakeholder and regulatory appreciation 
• Gain a capital of goodwill and trust from the neighborhood and local authorities 
• Reduced environmental risk and liability, an advantage over competitors 
• Cost savings through waste reduction, recycling, energy and water conservation 
• Effective management practices to achieve and improve environmental performance 
• Continual, progressive improvement to reap economic benefits 
• Increased recognition of environmental issues for timely prevention 
• Awareness of individual roles and environmental protection responsibilities 
• Improved personnel awareness of sharing environmental management responsibility
• Lower insurance costs; lesser fines or fines avoided altogether.

You can find more information about ISO 14001 benefits below:

• Why mining companies should obtain ISO 14001 certification - https://advisera.com/14001academy/blog/2018/04/17/why-mining-companies-should-obtain-iso-14001-certification/
• 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/ 
• Enroll for free online training - ISO 14001:2015 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/

Environmental Management system benefits

Benefits that miners and mining enterprises have found from implementing a certified ISO 14001 EMS include:

• ISO 14001 registration for market recognition, and stakeholder and regulatory appreciation
• Gain a capital of goodwill and trust from the neighborhood and local authorities
• Reduced environmental risk and liability, an advantage over competitors
• Cost savings through waste reduction, recycling, energy and water conservation 
• Effective management practices to achieve and improve environmental performance 
• Continual, progressive improvement to reap economic benefits 
• Increased recognition of environmental issues for timely prevention 
• Awareness of individual roles and environmental protection responsibilities 
• Improved personnel awareness of sharing environmental management responsibility 
• Lower insurance costs; lesser fines or fines avoided altogether.
   

You can find more information about ISO 14001 benefits below:

• Why mining companies should obtain ISO 14001 certification - https://advisera.com/14001academy/blog/2018/04/17/why-mining-companies-should-obtain-iso-14001-certification/
• 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
• Enroll for free online training - ISO 14001:2015 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
   

How to define authorities

Authority is about the power of decision, the power of command. Responsibility is about obligation. For example, an operator may have the responsibility to perform quality control and identify the nonconforming product (he or she has the obligation to do it, he or she is expected to do it), and may not have the authority to decide what to do with the identified nonconforming product.

An organization can be modeled as a set of interrelated processes. Each process can be described through a flowchart:

Responsibilities are those activities that someone has to perform without alternatives.

Authorities are those activities where someone has the power to stop the process, has the power to make decisions about the process. For example, in the flowchart above the Production operator has the authority, has the power to decide when is the process ready to start normal production. For example, in a commercial context someone has the responsibility to write a proposal, and someone has the authority to approve the proposal before sending to the customer. For example, in a warehouse context someone has the responsibility to identify the need to order a component, and someone has the authority to approve that need, and another person may have the authority to choose the supplier.

The following material will provide you with information about roles and responsibilities:

• ISO 9001 – How to document roles and responsibilities according to ISO 9001 -https://advisera.com/9001academy/blog/2018/02/26/how-to-document-roles-and-responsibilities-according-to-iso-9001/
• Enroll for free - [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Discover ISO 9001 :2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISO 14001:2015 Internal Auditor OR Lead Auditor Training?

Thank you very much 

Risk assessments

As for a practical example of risk assessment, I suggest you take a look at this free downloadable material: Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process

The diagram shows the ISO 27001 Risk Assessment and Treatment process, considering an asset – threat – vulnerability approach.

Please note that included with your toolkit there is access to a video tutorial that can help you understand and fill in the risk assessment and risk treatment tables, using real data as an example.

These articles will provide you a further explanation about risk assessment:

• ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
• Risk assessment tips for smaller companies https://advisera.com/27001academy/blog/2010/02/22/risk-assessment-tips-for-smaller-companies/
• ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
• How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment