Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
GDPR and inventory of processing activities
1. Does the GDPR standard apply to EU employees or global employees? I’m wondering if we can inventory our processing activities for employees only.
Answer:
The GDPR applies to data of individuals in the Union (EU). This means that it would apply to all processing activities where the personal data of the employees in the EU is involved with regard to which you are acting as a controller. The same applies to the data of the clients' employees for which you perform the reimbursement services as a processor.
2. Data is transferred from the EU to the US and back. This could include a contact name for a customer as well as a business email and phone number. Would inventory of processing activ ities be applicable in this case?
Answer:
Yes, you would need to be compliant with the provisions of art. 30 and to document the processing activities.
3. Is a business email address considered personal data?
Answer:
Usually, business emails are name.surname@companyname.com so it would be considered personal data except for generic email addresses such as office@companyname.com. -
Decommissioning Apps/Software
Answer:
Some resources I suggest you to check are:
- Office of Systems Integration of Government of California: https://www.bestpractices.ca.gov/system_development/system_decommission.shtml
- The State Archives and Records Authority of New South Wales from Australia’s Government: https://www.records.nsw.gov.au/recordkeeping/advice/decommissioning-systems
- Information Systems & PIT Systems Decommissioning Guide from DoD: https://www.dau.mil/search/Pages/results.aspx?k=Information%20Systems%20and%20PIT%20Systems%20Decommissioning%20Guide -
AS9100 Rev D: Material test reports
"When a customer or organization has identified raw material as a significant operational risk (e. g., critical items), the organization shall implement a process to validate the accuracy of test reports."
Does this mean that although we have material supplied to us through our supply chain, (that are certified to AS9100/9001, monitored, audited and measured) is supplied with full traceability and C of C of raw material. Do I need to send this material away for testing to verify that these results are valid?
Answer:
While sending material away for test is one way to validate the accuracy of test reports, the standard only requires that you have a process to validate accuracy. Your process could be through the choice of legitimate suppliers for this material to ensure that you get valid material and not counterfeit material that does not meet the necessary requirements. Review of the traceability and C of C may be included into the process for this validation.
That being said, if you have a customer requirement to perform this validation testing then the contract overrides the standard and you must meet the customer contractual requirement.
To help make sure you don’t miss any required documentation for AS9100 in your transition, see the whitepaper: AS9100 Rev D List of Mandatory Documents, https://info.advisera.com/9100academy/free-download/as9100-rev-d-list-of-mandatory-documents -
Action taken to address risks an opportunities
Answer:
FMEA is a great methodology to address the risk, what I can guess that is missing from your question is actions to address risks. After you calculate RPN, if it is too high you have to take actions to address those risks. The same goes for corporate risk assessment.
For more about FMEA, please read the article:
What is FMEA and how to apply it in IATF
https://advisera.com/16949academy/blog/2017/09/06/what-is-fmea-and-how-to-apply-it-in-iatf-16949/
Also, about Control plan (that can be used as actions to address risks), please read the article:
How to develop a Control plan according to IATF 16949
https://advisera.com/16949academy/blog/2017/09/27/how-to-develop-a-control-plan-according-to-iatf-16949/
What is also missing if you are usin g FMEA and corporate risk, is assessment and actions to address opportunities. You can use benefit-effort matrix or similar so you can assess opportunities your business has. -
Updating roles and responsibilities
I have generic statements that would apply all staff and some that would be specific to certain staff only. For instance, an Information Security Officer, this is not a dedicated role within our organization, however, these responsibilities may sit in other role descriptions such as senior networks engineer and CTO perhaps.
Any guidance would greatly be appreciated.
Answer
ISO 9001:2015 promotes the process approach. Each process can be described by a flowchart and swim lanes for roles, responsibilities and authorities.
Now, for every process flowchart you can list for each role or function their authorities and responsibilities and at the end you will have a clear picture. This way it is much easier t o plan relevant training to attain competence at each role.
The following material will provide you more information about roles and responsibilities:
How to document roles and responsibilities according to ISO 9001 - https://advisera.com/9001academy/blog/2018/02/26/how-to-document-roles-and-responsibilities-according-to-iso-9001/
- Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Developing a project quality plan
Answer
My advice is start at the end: what are the outcomes of the project? Specifications, cost, time. Then, with a diverse and experienced team, go back to the present and list all the project steps between start and first day of operation. Then, brainstorm what can go wrong, what are the risks of the project. Evaluate those risks, determine what actions will be done to minimize or stop them from happening. Determine what control points and responsibilities are needed to ensure that critical risks are under control.
The following material will provide you more information about quality plans:
Making the best out of ISO 9001 Quality Plan - https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
ISO 9001 document template: Quali ty Plan - https://advisera.com/9001academy/documentation/quality-plan/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Customer satisfaction/sales procedure
Response:
Regarding customer satisfaction - You first need to analyse what are the customer needs and expectations, what are different depending on the sector, market, country, etc. You can perform a market research to learn these customer requirements, or use other tools such as trends analysis, complaints analysis, and so on. Other ways to find out these requirements include meetings with the client, sales force information , etc. Then you need to give response to these expectations, both tangible and intangible requirements. Good practices include providing mechanisms for customers to complain. Finally monitoring and measuring customer satisfaction is crucial to increase customer satisfaction and achieve continual improvement of your QMS.
For more information about customer satisfaction in ISO 9001:2015, see this article - Main elements handling customer satisfaction in ISO 9001: https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/ ing-customer-satisfaction-iso-9001/
The purpose of the sales procedure, although is not mandatory, should be to describe all activities related to the sales process, from recording the customer’s requests to delivery of products and/or services. You must first define the sales process flow, which usually includes:
- Sending offers and communications with clients/customers
- Receiving customer requests
- Reviewing customer requests
- Establishing an agreement/contract with the client/customer
- Delivery of products/services
Then you will need to define each process within your organization. You can download a free preview of our sales procedure here - https://advisera.com/9001academy/documentation/sales-procedure/
You can also see these materials to help you with customer satisfaction and sales procedure:
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Policy/plan/objectives in ISO 9001:2015 Toolkit
Response:
Top management of the organization must be actively involved in the definition of both the quality policy and quality objectives to comply with the leadership requirements of ISO 9001:2015. This is written and defined in our templates for quality policy and quality objectives.
Quality policy is included in folder 2 and all the necessary comments to help your company to define your QMS policy and adapt the template to your specific situation.
For more information about the quality policy, you can see these articles:
- How to write a good quality policy: https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
- How does the ISO 9001:2015 revision affect the quality policy: https://advisera.com/9001academy/blog/2018/04/10/how-does-the-iso-90012015-revision-affect-the-quality-policy/
Objectives and planning to achieve them are included in t he Appendix 1 of Folder 2. This template also contains several comments to properly define these objectives by the top management and relevant people of the organization. Regarding the planning to achieve the objectives, top management and other people need to determine the activities carried out, responsible person/s for every specific objective listed, deadlines, different resources to reach the objectives, etc.
This article can help you to stablish good quality objectives and plans to achieve them:
- How to write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
You can also see these materials to help you with the quality policy and quality objectives:
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Identification and evaluation of legal requirements in an IMS
Response:
The identification of interested parties as well as the applicable statutory and regulatory requirements are defined in the Procedure for Determining the Context of the Organization and Interested Parties included in our toolkit. This procedure, although is not mandatory it can help the organization to define the identification and update of those legal and other mandatory requirements. In addition you can find the appendix 2 - Conformance Evaluation Record, where you can write the name of the legislation and if you are compliant or you aren´t.
Before including statutory and regulatory requirements in your IMS, you need to identify which are applicable to your processes, and your products or services. You need to know what laws and other mandatory requirements you need to comply with in order to legally provide your products and services. For this you need to have a way to identify the statutory and regulato ry requirements that you need to meet, and you then need to ensure that you keep up to date on any changes. This part of the procedure included in the toolkit can help you to sistematically make this identification and update .
For more information about legal and statuy requirements see the following articles:
- How to include statutory and regulatory requirements in your QMS: https://advisera.com/9001academy/blog/2017/02/14/how-to-include-statutory-and-regulatory-requirements-in-your-qms/
- Desmystification of legal requirements in ISO 14001: https://advisera.com/14001academy/blog/2014/10/01/demystification-legal-requirements-iso-14001/
- How to identify and comply with legal requirements in ISO 45001: https://advisera.com/45001academy/blog/2015/06/24/how-to-identify-and-comply-with-legal-requirements-in-iso-45001/ -
Transitioning to ISO 9001:2015
Response:
First of all you can conduct a GAP analysis to know which requirements your company is already complying with and which need to be reviewed. Here you can check our free on-line tool: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
Then you can learn the new clauses and requirements contained in the new version of the standard ISO 9001:2015. In this white paper, you can find a summary of each clause - Clause by clause explanation of ISO 9001:2015: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
Then you can start with the steps of the transition, which basically are the following:
1) Determining the context of the organization
2) Define your interested parties
3) Review the scope of your QMS
4) Check your organizational leadership and demonstrate it
5) Review your quality objectives and their aligment with your company strategy
6) Control your documen ted information (records and documents)
7) Review your operational control
8) Check new requirements for design and development in case it applies to your organization
9) Define criteria for the evaluation of external providers
10) Review your performance evaluation
11) Check measuring and reporting of your QMS
For more information about these steps you can see this article - How to make the transition from ISO 9001:2008 revision to the 2015 revision:
https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
You can also see these materials to help you with the quality policy and quality objectives:
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/