Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Nonconformity or improvement opportunity?
ISO 14001-2015 : 6 Planning : 6.1 Actions to address risks and opportunities : 6.1.2 Environmental aspects
It was noticed there were no specific criteria being developed to determine significant aspects (Procedure EMS 6.1.2.1) when it impact with legal requirement. Single matrix evaluation considered for both legal and non-legal impacts. It is recommended to look for options to differentiate the two aspects and deals separately.
Answer:
As a consultant I would recommend considering the difference between environmental aspects linked to legal requirements when evaluating significance.
As an auditor I would also recommend the change as an improvement opportunity. As an auditor I would consider the situation as a non-conformity if I found any evidence of not considering any relevant legal requirement attached to an environmenta l aspect. Even if the organization has not included the difference in the evaluation procedure, perhaps in practice is doing it.
The following material will provide you information about an environmental management system:
- ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
GDPR requirements for website sale
I have a couple of questions you may be able to help me with :
1. My business is selling exclusive perfumes via my website account. What are the minimum requirements for my website?
2. I use couriers to deliver the products. Are the couriers my processors?
3. Do I need to register to the data protection authority?
4. Can I insert advertising flyers or coupons in the packages?
Answers:
1. If you are selling products using your website this means that you will be collecting personal data form your customers in order to process and ship the order to them. You may also be collecting their email address either to confirm their order or even to send them advertising (provided they have consented). If you use cookies on your website there are also certain requirements as well. You can find readily available templates for Website Privacy Notice, Cookie Policy as well as Terms & Conditions in this EU GDPR Mini Toolkit for Websites (https://advisera.com/eugdpracademy/eu-gdpr-mini-toolkit-for-websites/).
2. Couriers usually ac t as independent data controllers and not processors.
3. This depends on the jurisdiction where your company is established. Certain Supervisory Authorities require controllers to register. So, my advice is to check your local Supervisory Authority website for more information.
4. You may insert advertisement flyers but only to the customers that had previously given their consent. If you want to find out more about consent and marketing check out this free webinar How GDPR affects marketing practices (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/). -
GDPR and the territorial scope
Answer:
Switzerland is not a country where the GDPR would be applicable by default however the GDPR has an extraterritorial component meaning that the EU GDPR is also applicable to entities established outside the EU if they offer goods or services to individuals in the Union, or if they monitor the behavior of individuals in the Union (i.e., profiling activities, tracking individuals’ activities on the internet, etc.).
This basically means that companies in Switzerland may be caught by the GDPR.
The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Consequently, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.
When the data of EU citizens is processed outside of the EU by companies which are also outside the EU, then this is not considered to be “in the Union”. For example, the EU GDPR will not be applicable for a school which is based in the United States just because there is a possibility that one or several of its students would be EU citizens. In this case, the processing does not take place “in the Union,” nor is the individual “in the Union”.
If you want to find out more about the extraterritorial reach of the EU GDPR check out our EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//) -
GDPR and marketing emails
Answer:
Based on your description you will be sending marketing emails to a potential client database. In this case, it is very important that whoever provides you the database can also be able to prove that the persons in the database have provided their consent to be approached for marketing reasons.
If you want to find out more about consent and marketing check out this webinar “How GDPR affects marketing practices” (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/) -
Subcontracting design and development
Just one more thing, with the 2015 version is it still necessary to have a quality manual?'
Answer
ISO 9001:2015 does not require a quality manual and does not forbid its use. I understand that your question is about an organization subcontracting design and development activities. An organization should evidence planning and control of subcontracted activities. You don’t have to detail your external service provider's design and development, you have to detail supplying or controlling design and development inputs, and at least control activities (at least verification and validation activities).
The following material will provide you information about quality manuals and design and development:
- Article – The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/ -manual-in-iso-90012015/
- How to control outsourced processes using ISO 9001 - https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/
- ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Quality management system documentation structure
Can you give me an example for hierarchical level document of quality system?'
Answer
ISO 9001:2015 gives a lot of freedom in designing the quality management system documentation structure.
The following material will provide you information about a possible structure:
- Article – How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
- How to structure work instructions in the ISO 9001 QMS - https://advisera.com/9001academy/blog/2015/06/16/how-to-structure-work-instructions-in-the-iso-9001-qms/
- ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Performance data
Answer:
There is not such requirement of a minimum amount of peformance data in ISO 9001:2015. There are just some mandatory documents that are required by ISO 9001 in order to be compliant with the standard. In this article you can find those mandatory documents - List of mandatory documents required by ISO 9001:2015:
https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
To learn more about requirements of ISO 9001:2015, see these materials:
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Transfer of employee personal data to a third party
Answer:
Usually, for these kinds of processing activities companies rely on legitimate interest rather than consent. Basically what you need to do is to specify in your Employee Privacy Notice the fact that their personal data may be transferred to third party processors that perform payroll and accounting services.
If you want to find out more about privacy notices check out this webinar Privacy Notices under the EU GDPR (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/). -
ISO 14001 - non-mandatory clauses?
Answer:
No, there are no non-mandatory clauses in new version of ISO 14001.
The following material will provide you information about an environmental management system:
- ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Developing checklists
Answer
Certification body auditors don’t have to ask awkward questions. Certification body auditors shouldn’t be fishing non-conformities at all cost.
The following material will provide you information about developing checklists and auditing:
- Article – ISO 9001 Audit Checklist - https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/
- ISO 9001 document template: Internal Audit Checklist - https://advisera.com/9001academy/documentation/internal-audit-checklist/
- [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/