Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Condominium administrator
I really don't think it is necessary for the owner and tenants to attend this course as the GDPR is not applicable to household processing of personal data.
I think that the only interested party should be the representatives of the company administering the property.
However, if you want to find out more about the EU GDPR check out this free EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).
-
Document signatures requirement
Please check ISO 9001:2015 clause 7.5.2 c).
There are no requirements about how many signatures are needed. So, it is up to your organization to decide.
As a minimum, one signature by document can evidence check and approval simultaneously. Or, your organization can decide to have two signatures by document, one for check and another for approval. Or, your organization can decide to have three signatures by document, one for writing, other for checking and another for approval.
The following material will provide you more information about document control:
- Article - New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Enroll for free in this course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
-
AS9100 Revision C vs Revision D
The biggest change in the AS9100 standard from Rev C to Rev D is the incorporation of ISO 9001:2015, which brings in some necessary processes like identifying the context of the organization, identifying the needs and expectations of interested parties, as well as risk-based thinking at the top level. Additionally, they have brought in aerospace requirements for controlling counterfeit parts and product safety.
For more detail please see the articles: AS9100 Rev D vs. Rev C: What has changed?, https://advisera.com/9100academy/knowledgebase/as9100-rev-d-vs-rev-c-what-has-changed/ and 12 Steps to transition from AS9100 Rev C to Rev D, https://advisera.com/9100academy/knowledgebase/12-steps-to-transition-from-as9100-rev-c-to-rev-d/
-
Exemption for design clause 8.3
I believe it is a common situation among manufacturers that work for brands. The customer (the brand) designs and specifies the product, the manufacturer because of any of several motifs can suggest changes. Changes have to be validated by the customers. So, the final word on the product and the final responsibility is always on the customer side. In these cases, exemption for design clause 8.3 is applicable.
The following material will provide you more information about scope and clause applicability:
- Article - What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- Free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Enroll for free in this course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Vendor risk management career
Considering ISO standards, you should focus on courses related to ISO 27036, which covers information security for supplier relationships: https://www.iso27001security.com/html/27036.html
This standard provides guidance on the evaluation and treatment of risks involved in the acquisition of goods and services from suppliers.
For additional information about supplier security, see:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/ -
Audit planning
For certification maintenance purposes, all elements included in the ISMS scope of each certification must be audited at least once during the 3-year period of the certificate validity, so all applied controls must be audited.
Considering your situation, an alternative approach would be for your organization to hire an external audit company to perform internal audits covering less critical controls, leaving you two free to focus on the audits covering the most critical controls.
However, you might have a problem with the level of details you are auditing - it is not necessary to audit each and every record, you can select only a representative sample. Learn more here: ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
This article will provide you further explanation about planning audits:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/ -
Questions regarding GDPR
1. Is the GDPR applicable to the clinic if we have EU customers?
If you are specifically targeting clients in the EU then in relation to the processing activities of the health data the EU GDPR would be applicable.
2. We ask for some information form possible patients details about their health conditions and allergies. Is there any specific conditions to comply with?
If the health data is required strictly in relation to the medical procedure than it should be ok to ask for this information, You need to specify in your Privacy Notice for what purpose you are asking for health data.
If you want to find out more about Privacy Notices check out this webinar "Privacy Notices under the EU GDPR" (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/).
3. Do we need a DPO?
If your main activities imply the processing health data of EU data subjects you should consider hiring a DPO or contracting a third party that can provide such services.
4. Do we need to ask for consent before asking the health data?
No, consent is not needed provided you ask for the health data in order to protect the vital interest of the patients.
5. We have a contract with a hotel where we keep the patients after the procedure. We send them the names of the patients to the hotel. Do we need to do something?
This highly depends on your activity and the types and categories of personal data you are processing,
6. How much would it take to be compliant with GDPR?
You can get an idea on the duration by accessing this EU GDPR Compliance Calculator (https://advisera.com/eugdpracademy/eu-gdpr-compliance-duration-calculator/)
-
ISO13485 and MDSAP
Yes, our ISO 13485 Toolkit supports requirements of ISO 13485 in the MDSAP. ISO 13485 Toolkit takes you through all the MDSAP requirements and tells you WHAT needs to be done. MDSAP guides you on HOW to make individual requirement. So ISO 13485 Toolkit and MDSAP complement each other.
-
ISO 9001:2015 Questions
Thank you, verymuch sir for enlighting
-
Intergación de procedimientos
Considero que es mejor tratar los procedimientos por separado, de hecho en nuestro paquete de documentos que integra las tres normas abordamos las cuestiones de forma separada, ya que se trata de una parte muy importante del sistema de gestión. Si se combinan los requisitos de las tres normas puede llevar a dejarse algo en el tintero. Por ejemplo, en el caso de la identificación de los aspectos ambientales y sus riesgos, es necesario llevar a cabo previamente un análisis sencillo del ciclo de vida del producto o servicio, para posteriormente identificar los aspectos ambientales significativo de los procesos que controla o influye la organización y los riesgos asocuados. En el caso del sistema de gestión de calidad simplemente se puede realizar un análisis DOFA (debilidades, oportunidades, fortalezas y amenazas) en el que se identifican los riesgos y las oportunidades y posteriormente son abordados aquellos que se consideran significativos.
La ventaja de hacerlo de forma conjunta es que la organización ahorra documentación, pero como menciono anteriormente puede llevar a la falta de identificación de algún riesgo, aspecto ambiental, o peligro para la salud y seguridad en el trabajo, con las consecuencias que conlleva.
Estos materiales pueden ayudarle con la identificación de los riesgos y oportunidades en ISO 9001
- Artículo - How to identify risk significance in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
- Artículo - How to identify risk controls in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
- ISO 14001 - ISO 14001 risks and opportunities vs environmental aspects: https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
- Artículo - Hazards vs risks: what is the difference according to ISO 45001: https://advisera.com/45001academy/blog/2016/03/23/hazards-vs-risks-what-is-the-difference-according-to-disiso-45001/
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Libro – The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/