Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Applicable for GDPR?
Answer:
Probably one of the most important changes, the GDPR will enjoy extended applicability affecting entities not established in the EU. Of course, some conditions must be met for the extraterritoriality to be applicable. The EU GDPR will apply to the processing of personal data of EU data subjects, regardless of whether the processing activities take place in the EU or not. The EU GDPR is also applicable to entities established outside the EU if they offer goods or services to individuals in the Union, or if they monitor the behavior of individuals in the Union (i.e., profiling activities, tracking individuals’ activities on the internet, etc.).
The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Conseque ntly, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.
When the data of EU citizens is processed outside of the EU by companies which are also outside the EU, then this is not considered to be “in the Union”. For example, the EU GDPR will not be applicable for a school which is based in the United States just because there is a possibility that one or several of its students would be EU citizens. In this case, the processing does not take place “in the Union,” nor is the individual “in the Union”.
If you want to find out more about the extraterritorial reach of the EU GDPR check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//). -
Implementing ISMS in other Business Dept.
Answer:
You must approach a scope extension as if it was a new implementation project (the steps are basically the same). The difference is that as a scope extension you have to assess how this inclusion will affect your current scope. For example, how you will handle access of the personnel of the new part of the scope to the current one? Access levels will be the same or will have to be updated? Since this new scope will include paper assets, how this will affect you information classification policy?
This article will provide you further explanation about ISO 27100 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These materials will also help you regarding ISO 27100 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Requirements and benefits of ISO 9001
Answer
For such a generic question I can only give a generic answer in this space.
The following material will provide you information about ISO 9001 requirements and benefits of a quality management implementation:
ISO 9001 Requirements and Structure - https://advisera.com/9001academy/knowledgebase/iso-9001-requirements-and-structure/
White paper - Clause-by-clause explanation of ISO 9001:2015 - https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO and IEC
Answer:
Although largely known as ISO 27001, to refer to the Standard only as ISO 27001 is inaccurate.
The full official name of this standard is ISO/IEC 27001:2013, because this standard was developed by a joint technical committee (ISO/IEC JTC 1) formed by these two organizations.
The participation of IEC in the development of this standard helps ensure that its content is aligned with standards developed by IEC without participation of ISO personnel, such as IEC 62351 Power System Control and Associated Communications – Data and Communication Security.
Additionally, not using the official name can lead people not used to ISO documents to the misinterpretation that there are more than one 27001 standard, which is not true. -
Examples of positive issues
yacht rental praslin -
Using a designated hold location for defective product
Answer
Please check ISO 9001:2015 clause 8.7 b). Segregation is one of the possible ways of dealing with a defective product. Sometimes physical segregation to a designated hold area is not possible, for example, the defective product is very big or there is not enough space for a hold location. So, segregation in a designated hold location is not mandatory. What is mandatory is to avoid the unintended use of defective products. For example, sometimes a red label is the way used to warn about product status.
The following material will provide you more information about dealing with defective product:
Five Steps for ISO 9001 Nonconforming Products - https://advisera.com/9001academy/blog/2014/01/13/five-steps-iso-9001-nonconforming-products/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://training.a dvisera.com/course/iso-90012015-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Primeros pasos en la implementación
Respuesta:
Lo primero que debe de hacer es contar con el apoyo de la dirección de la organización, que será clave durante la implementación de ISO 9001:2015, también para proporcionar los recursos necesarios.
Después lo que puede hacer es un análisis GAP o de brecha, que le va a ayudar a identificar aquellos requisitos que ya cumple y los que le debe aún cumplir. Aquí puede llevar a cabo el análisis de forma gratuita: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
Luego debe conocer cada una de las cláusulas con las que tiene que cumplir para poder llevar a cabo el proyecto de implementación de ISO 9001. En este white paper puede encontrar información resumida sobre cada una de ellas - Clause by clause explanation of ISO 9001: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
Posteriormente puede escribir un plan de proyecto en el que de signa responsabilidades, define la documentación que va a escribirse, los plazos etc. En este enlace puede descargarse una plantilla - Plan de Proyecto para la implementación de ISO 9001:https://info.advisera.com/9001academy/es/descarga-gratuita/plan-de-proyecto-para-la-implementacion-de-iso-9001-ms-word
Luego ya podría empezar con la implementación de la norma: la definición de la política de calidad, los objetivos de calidad y planes para llevarlos a cabo, el contexto de la organización y sus partes interesadas, el alcance del SGC, etc...hasta llegar a la auditoría interna y la revisión por la dirección, que sería el paso previo para certificarse. En este enlace puede descargarse un checklist para la implementación de la norma - Porject checklist for ISO 9001:2015: https://info.advisera.com/9001academy/free-download/project-checklist-for-iso-9001-2015-implementation
Estos materiales pueden ayudarle con la implementación de ISO 9001:2015:
- Libro – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Formación gratuita en línea – Fundamentos de ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Controlling policies in a handbook
I would keep that revision table at the end of the document but would add some kind of revision number, or date, or color to warn users that something in the page was changed. In a QMS we want to avoid the unintended use of obsolete documents. Perhaps these documents could bring more information to the topic "Common mistakes with ISO 13485:2016 documentation control and how to avoid them" https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/ -
Quality assurance vs quality control
Answer
Quality control is about checking if product or service specifications are being met. You can have a Quality Control Plan that states what to control, when and where, how, by whom, with what specifications and methods. Quality assurance is about the set of processes in place to provide confidence that quality requirements will be met.
The following material will provide you more information about a quality management system:
Quality Management System: What is it? - https://advisera.com/9001academy/knowledgebase/quality-management-system-what-is-it/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO standard for publishing industry
Answer:
This type of ISO standard is out of our field of expertise, but what we can tell you is that ISO standards related to content identification and description are under responsibility of ISO working group ISO TC 46 SC 9 and the current available standards can be found at this link: https://www.iso.org/committee/48836/x/catalogue/p/1/u/0/w/0/d/0
We hope that one or some of these standards can fulfill your needs.