Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
GDPR Data Controller or Data Processor
Answer:
The controllers are the ones that need to perform DPIAs and in the case you have described you are acting as a data processor on behalf of the companies that are using your product.
If you want to find out more about DPIAs check out this free webinar Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR (https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/) -
GDPR and Transparency
Answer:
Of course the GDPR does not cover such particular situations and the reason for not disclosing the mail address is that it is not grounded on the GDPR. My suggestion is for the Association to issue a Privacy Notice informing all the members about what personal data is processed for what purposes and what are the lawful grounds for doing that. In your case the most suitable will mostly be “legitimate interest”.
If you want to find out more about privacy notices see this free webinar Privacy Notices under the EU GDPR (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/) -
GDPR Consent Forms
Answer:
You may chose to rely on consent or legitimate interest. This should be clarified in the Privacy Notice you need to provide to the candidates.
You can find out more about consent and legitimate interest from this article: Is consent needed? Six legal bases to process data according to GDPR (https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/). -
EMS training needs in a QMS
Answer
I miss the context of the situation to give a straight answer. There is no requirement in ISO 9001:2015 that makes mandatory the implementation of an EMS. What can happen is that your organization may have customers that require that their suppliers have an EMS. In that case the auditors’ comment is understandable. Another possibility is that your organization developed internal environmental practices that are not being followed and that is why auditors said that you need to train employees about your environmental practices.
The following material will provide you information about integrating management systems:
- Article – How to implement integrated management systems - https://advisera.com/articles/how-to-implement-integrated-management-systems/
- Free webinar – How to integrate ISO 9001:2015 and ISO 14001:2015 – https: //advisera.com/9001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Dos o más organizaciones bajo el mismo certificado
para al documentación de estos procesos de apoyo dentro del alcance se puede dejar establecido que se brinda apoyo para la empresa No.2 ?
o se debe hacer ese mismo procedimiento dos veces uno para la empresa 1 y otro para la empresa 2 teniendo en cuenta que los recursos provienen directamente de la empresa No. 1
Answer:
La opción de tener dos sistemas de administración separados es solo una de las opciones disponibles. Es posible tener dos o más organizaciones bajo el mismo certificado, incluso si son entidades legalmente independientes.
El siguiente material le proporcionará información sobre la subcontratación:
- Artículo – Understanding outsourcing according to ISO 9001: A case study - https:// advisera.com/9001academy/blog/2019/03/19/understanding-outsourcing-according-to-iso-9001-a-case-study/
- Curso gratuito – Curso Fundamentos ISO 9001:2015 - https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Risk Assessment Table template
What is supposed to be in the "impact column"?
Answer: The value reflecting the effects of an incident that has occurred must be inserted in column G "Consequences" (from the perspective of ISO 27001 "impact" is the same thing as "consequences"), and to know what to include in this column, I suggest you this article:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
By the way, included in your toolkit you have access to a video tutorial that can help you fill in the Risk Assessment Table, using real examples. -
AS9100 Product safety requirements
Answer:
Product safety is defined in clause 3.4 as the product being able to perform its function without causing unacceptable risk or harm to persons or damage to property. So, by this definition product safety is about not causing injury to people or damage to property. Keeping this in mind when you read clause 8.1.3 for the requirements of product safety, we see that AS9100 asks that we put in place controls to assure product safety throughout the lifecycle of the product, or in other words ensure that the product behaves in a way to reduce or eliminate the risk of injury or property damage until it is disposed of at the end of life.
There is a list of examples that may be included in your proce ss, such as assessing hazards, reporting on events, communication and training of safety hazards, etc. If you have a product that does not have any safety risks, then just doing this assessment is enough since there is nothing to control. However, if you have safety risks you may need to identify this through the process. For example, if you had a product that held an electrical charge that could injure workers or damage property either at your facility or after delivery, you may need to have safety warning labels on the product or in the installation instructions as a control.
For your example of connectors, it is the safety aspects of the connectors through the lifecycle. How are not responsible for the safety aspects of products where your connector is used. If someone using your connector on a product where your connector becomes a contact point for power, this is up to them to determine and control. Your connector has no safety considerations by itself.
For a better understanding of the aerospace definitions in AS9100 Rev D, see the article: Five special aerospace terms in AS9100 Rev D, https://advisera.com/9100academy/blog/2017/05/01/five-special-aerospace-terms-in-as9100-rev-d/ -
Requirement to be a QMS consultant
Do I need to be certified, in some way, to help them design and implement a Quality management policy that will eventually be audited by an ISO auditor?
Answer
There is no legal requirement for an ISO 9001 consultant to be certified in any way.
The following material will provide you information about quality policy:
- Article – How to Write a Good Quality Policy - https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
- ISO 9001 document template: Quality Policy - https://advisera.com/9001academy/documentation/quality-policy/
- Free course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Forms codification
Answer
Your QMS shall define authorities and responsibilities for several roles and functions.
Someone shall have the authority to approve the need for forms and their codification. There are several possible alternatives for codification. For example, some organizations just use a serial number, others use a serial number and a process or department reference.
The following material will provide you information about document control:
- Article – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
- Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ rse/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Information assets
Answer:
For information about information assets I suggest you these articles:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
These materials will also help you regarding Information assets:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ 03/06/2019 15:25, Vanda Ercegović wrote:
Rhand, please suggest an answer.