Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Templates and applicable controls

    Your understanding is correct. Please note that included in your toolkit, there is a "List of Documents" file that identifies which controls are covered by each document in your toolkit.

  • EU GDPR Inventories

    1. We are a small company and we have just now stated working on our compliance program.Can you please suggest what would be the best way to start with that?

    The best way to start is to do an internal assessment and determine which are the areas you need to address first. I suggest to use this EU GDPR Readiness Assessment Tool  (https://advisera.com/eugdpracademy/eu-gdpr-readiness-assessment-tool/) to get an idea of where you are currently standing.

    2. What information do we need to include in our Inventory?

    The information to be included in the Inventory of processing activities is described in art. 30 of the GDPR. You can find a readily available template for such an inventory as a part of our GDPR Data Mapping & DPIA Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-data-mapping-dpia-toolkit/)

    3. How much time do you think it will take to implement the basics?

    You can use this EU GDPR Compliance Duration Calculator (https://advisera.com/eugdpracademy/free-tools/) to get an estimate on the time needed to become compliant.

    4. Is there a list of documents which are mandatory?

    You can find on our website at https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ a list of documents you can download. The mandatory documents are marked in the list.

    5. Do you think we need to have a DPO?

    This depends on your activities. You need to appoint a DPO if(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; or (b) the core activities of the legal entity consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the legal entity of processing on a large scale of special categories of data pursuant to Article 9 of the EU GDPR and personal data relating to criminal convictions and offences referred to in Article 10 of the EU GDPR.

  • Quality objective

    Different organizations use different methods to close up finished quality objectives. For example:

    * A report presented to top management showing that quality objectives were met, and a meeting minute acknowledging that;
    * A report presented to top management showing that quality objectives were met, and a management review meeting minute acknowledging that;
     Important is to clearly demonstrate that targets were met.

    The following material will provide you with information about quality objectives:
    - Article - How to implement the Check phase (performance evaluation) in the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/17/how-to-implement-the-check-phase-performance-evaluation-in-the-qms-according-to-iso-90012015/

    - Article - How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

    - Free webinar - Free webinar - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/

    - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Manejando las no conformidades

    Efectivamente las salidas no conformes se refieren efectivamente a aquellos productos o servicios que ya han sido entregados.

    Las organizaciones tienen que tratar las salidas no conformes de la siguiente manera:

    1. Mediante su corrección.
    2. Mediante la separación, posterior contención, y la devolución o suspensión de productos.
    3. Informando al cliente.
    4. Obteniendo la autorización para la aceptación bajo concesión

    Cuando las salidas no conformes han sido corregidas entonces debe de verificarse su conformidad con los requisitos.

    Estos materiales pueden serle de ayuda para entender mejor las salidas no conformes:

    - Artículo - Five steps in ISO nonconforming products: https://advisera.com/9001academy/blog/2014/01/13/five-steps-iso-9001-nonconforming-products/
    - Inscríbase gratis en este curso -  Curso de Fundamentos de la nroma ISO 9001:2015 - https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
    - Libro – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/  

  • ISO 9001 necessary procedures

    Let us consider as an example, a lab used to make the quality control of water supplied to a city. According to national legislation there must be a quality control plan, stating parameters to control, their quality level (specifications), control frequency and lab procedures to be followed.

    So, as an auditor, I would like to see:

    Records evidencing:
    quality control results;
    that someone with authority validated the quality control results;
    treatment of any non-conforming results;
    that the quality control frequency is being followed;
    that monitoring resources are calibrated and conforming;
    that people performing the quality control tests have the right competencies
    That updated and controlled procedures are being followed, for example for sample identification, sample preparation, and lab tests

    The following material will provide you with information about document control:
    - Article - ISO 9001 audit checklist for laboratory - https://advisera.com/9001academy/blog/2018/09/04/iso-9001-audit-checklist-for-laboratory/

    - Free webinar - Free webinar - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/

    - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Corrective actions

    First is important to note that if you have a nonconformity you need to resolve it, so you have to record and handle the nonconformity.

    Regarding exceptions/policy modifications, you have two options:

    • a) If there are legal or contractual requirements or unacceptable risks, you cannot adapt the policy; rather you need to resolve the problem in the implementation; 
    • b) If there are no such requirements, you should consider modifying the policy to make it less strict.

  • SoA and supplier-related risks

    In this situation, the best approach is to include controls 14.2.5, 14.2.6, 14.2.8, and 14.2.9 in the SoA, with the justification that there are unacceptable risks that require their implementation, and specify in the implementation method that they are implemented by suppliers according to signed contracts.

    It is important to note that, when an organization transfer risks, it retains accountability for the risks and the best way to keep track of them is by documenting them in the SoA.

    This article will provide you further explanation about risk treatment:
    - 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/

  • Transition to ISO 13485:2016

    First of all, you need to get a new edition of ISO 13485: 2016 and do a GAP analysis for the new requirements. You can find the difference between the new and the previous edition of the standard in Annex A of the standard ISO 13485:2016 - Comparison of content between ISO 13485: 2003 and ISO 13485: 2016.

    For more information and details, I suggest a meeting which you can schedule here: https://advisera.com/13485academy/free-consultation/

    Of course, fell free to see if our ISO 13485:2016 toolkit can help you on the following link: https://advisera.com/13485academy/iso-13485-documentation-toolkit/

     

  • Scenario based risk assessment

    good

  • Justifications in the SoA

     A control from ISO 27001 Annex A can be applicable based on these general justifications:

    • There are unacceptable risks which treatment requires the control implementation
    • There are legal requirements which demands the control implementation
    • There is a top management decision requiring the control implementation

    Considering that, it is acceptable by ISO 27001 to justify the applicability of a control as required by GDPR, but not to use the ISO 27001 as justification, because it does not require any control to be implemented (for the standard, the implementation is defined by the above-mentioned conditions).

    This article will provide you further explanation about controls selection:
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
Page 484-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +