Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Data processing under EU GDPR compliance
Answer:
None of the above. The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant.
For more information about EU GDPR, please check here:
- EU GDPR: What is it and how does it work? https://advisera.com/eugdpracademy/what-is-eugdpr/ -
ISO 45001 Documentation Logistics
Answer:
This is a question that will be different for every organization due to size of the company, industry, hazards present, etc. There are no requirements on the format of managing the documentation. You can keep you documents and records in electronic or hard-copy format as you see fit, or any other format that works for you. Many companies have documents and records that are in a word processor format, stored electronically, and when created, updated or changed they follow rules that meet the requirements of ISO 45001:2018 Clause 7.5.
2. How many Files or folder I need to create or make for documentation?
Answer:
This, again, depends on the company. You need to define for your company, and the processes you use, what procedures you will need for your OHSMS. This will then determine what records you need to keep for each OH&S process. As for folder structure, this is up to you and is not defined in the standard. It is common to create a folder structure that matches the process es you have, but how this is done is up to you.
3. Files record must be according to clauses or according to documents given in series?
Answer:
There is no requirement to use the clauses of the ISO 45001 standard to identify your documents, records or folder structure. It is best to create a folder structure that matches your documentation structure so that you can store documents and records in an order that makes it easy for you as an organization o find them.
4: How many box files do I required for documentation?
Answer:
If you are storing hard copy files, the number of boxes you require will depend greatly on the number of procedures and records your processes require you to keep. Remember, there is not a requirement to have a different storage method for the ISO 45001 documents and records, so if you already have another management system in place (such as ISO 9001) you can use the same documentation process. You may also have many OH&S records in place to meet legal requirements, and this can help you to understand the space needed for records as they will become part of this storage.
To ensure that you have all of the documentation required by ISO 45001:2018, see the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001 -
ISO 45001 to OHSAS 18001 table
Answer:
With ISO 45001:2018 they did not put in a comparison table to OHSAS 18001:2007. This is likely because the OHSAS 18001 standard was not issued by the ISO organization (this is a BSI standard), so they were not able to publish a comparison as they would when they update one of their own standards. It may be possible to find one online, but we do not have one.
For some help transitioning from OHSAS 18001 to ISO 45001, which will point out some of the additions in the new standard, you can see the whitepaper: Twelve-step transition process from OHSAS 18001 to ISO 45001, https://info.advisera.com/45001academy/free-download/twelve-step-transition-process-from-ohsas-18001-to-iso-45001 -
Using e-signatures
Answer
Yes, there is nothing in ISO 9001 that does not allow the use of e-signatures. By the way, many people in ISO certified systems fill electronic records and record decisions with their login as identifier.
The following material will provide you more information about document control:
- ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
When to develop a corrective action
Answer
Whenever your organization detects a non-conformity a report should be issued. Please check ISO 9001:2015 clause 8.7.2.
Not all non-conformities should generate a corrective action. Please check ISO 9001:2015 clause 10.2.1 b). Evaluate the need for a corrective action, an action that eliminates the cause(s) of a non-conformity. Corrective actions sometimes are difficult, take time and resources, because true causes are hidden. Performing corrective actions whenever a non-conformity occurs can be a bad practice because of what is called tampering a system, constant changes introduce more variability.
When I work with organizations, I recommend two criteria to help in answering to the question in the diagram above:
Is the non-conformity very serious? (Danger for the people (clients or employees), for the brand , for the costs, …)
Is the non-conformity part of a trend? Individually the non-conformity is not very serious, but it is happening frequently.
If the answer is yes to one of the questions, develop a corrective action. All corrective actions should be recorded.
The following material will provide you more information about corrective action:
How to proceed once a QMS corrective action is defined? - https://advisera.com/9001academy/blog/2016/09/20/how-to-proceed-once-qms-corrective-action-is-defined/
Free webinar - Free webinar – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
EU GDPR Questions
Answer:
Legitimate Interest is one of the six lawful/legal basis for processing personal. The other five are a legal obligation, pursuance/execution of a contract, to protect the vital interests of the data subject or some other person, to perform a public task and consent of the data subject. If you want to get more information on the legal basis on which you can process personal data check out this article Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
2. With your other clients, during the Human Resource application and hiring processes, are consents needed when an employee applies for a job AND when hired?
Answer:
The lawful basis in recruitment I usually pursuance of a contract as both parties are interested in concluding a work contract (labor agreement). Only for unsuccessful candidates, if yo u want to still keep their CVs you would need to rely on either legitimate interest or consent.
3. If an employee applies over the internet, how is Consent generally obtained?
Answer:
As I mentioned while answering your question consent is not usually used in recruitment. However, if you want to consent over the internet usual there is a checkbox that the data subject needs to check.
4. Could the applicants' consent be considered given freely s the job applicant is giving their personal data on the application?
Answer:
The lawful ground for processing CVs is pursuance of a contract and not consent.
5. Also, what are the definitions of Legit Interest Purpose?
Answer:
Legitimate interests mean that the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The GDPR highlights certain purposes that either ‘constitutes’ legitimate interest or ‘should be regarded as’ a legitimate interest. These are fraud prevention, network, and information security; and avoiding possible criminal acts or threats to public security. There are just some examples.
6. Lastly, do you have guidance on how other clients have documented their use of Salesforce? I believe Salesforce is used to collect names and business email address for marketing purposes.
Answer:
Usually, Salesforce should be considered a processor on behalf of its clients and a Data Processing Agreement should be in place between Salesforce and its Clients. If you use Salesforce to collect data ensure that you have a lawful basis correctly identified in this case it would be either consent or legitimate interest. If you want to find out more about marketing and GDPR check put this free webinar How GDPR affects marketing practices: https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/ -
Template content
Answer:
First it is important to note that ISO 27001 does not require each control in Annex A to be documented. In some cases all you need is to include in the Statement of Applicability (SOA) a brief explanation of how it is implemented.
In case you decide to document recommendations of controls A 18.2.2 and A 18.2.3, they can be included in the internal audit procedure, since these controls and the procedure aim to ensure that information security is implemented and operated in accordance with defined requirements.
You can schedule a meeting with one of our experts so he can help you about the changes that should be made on your documentation. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/ -
Ideas to formulate objectives
Answer
The best starting point to develop meaningful quality objectives is the quality policy. A good quality policy takes good care of clause 5.2.1 a).
What is the strategic direction of your organization, what is behind its competitive advantage? Is your competitive advantage being effective, generating satisfied customers, revenue, margin?
For example, consider: Customer satisfaction; Complaints; Capacity use; Unit price.
The following material will provide you more information about developing quality objectives:
How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- [free course] ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-14001-internal-auditor-course/ s-course/
- [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Design ad development applicability
Answer
The answer depends on the scope of your IMS. If among your IMS scope, there are projects that clients request you to develop then Design and Development is mandatory. If all projects are developed, or delivered, by clients then Design and Development is not applicable within your IMS.
The following material will provide you more information about clause applicability:
What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- [Free webinar on demand] - How to integrate ISO 9001:2015 and ISO 14001:2015 - https://advisera.com/9001academy/es/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar/ 5-free-webinar-on-demand/
- [free course] ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/ [there is also a free course about ISO 14001:2015]
- [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Maintaining certification
I would like to know if: a) a consultant is necessary to achieve/maintain ISO standards Answer It is not mandatory to have a consultant to achieve or maintain ISO certifications. The only requirement is being compliant with ISO standards and internal requirements. Of course, in your particular situation perhaps a consultant can be useful for maintaining the certifications, because she or he already has an overall idea of how your Integrated Management System works and how things are interrelated. Another possibility can be to use the consultant to train you and other people about the Integrated Management System. b) it is mandatory to audit the company's supply chain and if so how? Answer Nothing in the standards make that mandatory, unless your own internal rules define that as mandatory. Remember, internal rules can be changed by organizations if they are not effective or if context changes. The following material will provide you more information about maintaining certification and supplier evaluation: How to maintain your ISO 9001-based QMS after certification - https://advisera.com/9001academy/31/how-to-maintain-your-iso-9001-based-qms-after-certification/ How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/ - [Free webinar on demand] - How to integrate ISO 9001:2015 and ISO 14001:2015 - https://advisera.com/9001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/ - [free course] ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/ [there is also a free course about ISO 14001:2015] - [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/ - book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/