Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Evidencia requisitos auditor interno


    Respuesta:

    Los auditores externos suelen comprobar la independencia y los conocimientos del equipo auditor interno, normalmente pidiendo a la organización el currículum de los miembros del equipo auditor.

    Es importante resaltar que si la organización decide que la auditoría sea realizada por una persona de la empresa debe demostrar que no tiene ningún tipo de interacción con los procesos que intervienen en el sistema de gestión de calidad. En caso de ser una empresa pequeña para asegurar que ésto no ocurre se recomienda que para que el auditor sea completamente objetivo e imparcial se contrate de manera externa.

    Para más información sobre los requisitos del auditor interno puede ver estos materiales:
    - Artículo - Cinco grandes pasos en la auditoría interna de ISO 9001: https://advisera.com/9001academy/es/knowledgebase/cinco-grandes-pasos-en-la-auditoria-interna-de-iso-9001/
    - Curso de auditor interno ISO 9001:2015: https://advisera.com/es/formacion/curso-auditor-interno-iso-9001/
    - Libro - Auditoría interna ISO: una guía en un lenguaje sencillo: https://advisera.com/books/auditoria-interna-iso-una-guia-en-un-lenguaje-sencillo/

  • Marketing emails and EU GDPR


    Answer

    In theory, yes but you will also need to provide the data subjects with appropriate privacy notice and if you didn't collect the data yourself you also need to indicate the source of the data.
    If you want to find out more about email marketing, check out our webinar: How GDPR affects market practices (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/)

  • ISO 45001 Scope of the OHSMS


    Answer:
    It is hard to give an example because the scope statement is very specific to the organization it is written for. It is important to remember that the purpose of the scope for the OHSMS is to identify where your OH&S rules, policies and procedures need to be applied within your organization. So, it needs to include the information of activities, products & services, locations, etc. which can affect your OH&S performance, and therefore will indicate exactly what your OH&S rules apply to. For instance, if you have a main plant with many satellite locations (such as a contractor firm) all of this should be included in your scope since the PH&S rules and processes will apply in all locations.
    For more information on OH&S sc ope, see this article, How to determine scope of the OH&SMS, https://advisera.com/45001academy/blog/2015/12/09/how-to-determine-scope-of-the-ohsms/

  • ISO 45001 internal audit questions

    The management system audit is intended to compare what is actually happening in the process against the requirements of what is supposed to be happening in the process. If requirements are met this is a conformity, and if not this is a nonconformity. This is the main purpose of the process audit.

    However, the audit (especially internal) should also point out opportunities for improvement as well as potential unidentified risks. So, you should definitely identify a hazard that is not identified, but this may not be considered a nonconformity. These additional identifications are one of the biggest benefits of the internal audit.

  • Risk assessment and risk register


    Answer:

    Risk assessment is the process to identify, analyze and evaluate risks, while the risk register is the record where the results of risk assessment process are filled in. Our Risk Assessment template is a risk register. The steps to perform the risk assessment are described in the Risk Assessment and Risk Treatment Methodology template.

    The Risk Assessment template is enough to be compliant with ISO 27001 requirements, so you do not need to combine it with other documents.

    This article will provide you further explanation about risk assessment:
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    This material will also help you rega rding risk assessment:
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • Marketing activities and GDPR


    Answer:

    This depends how and where did you get the email addresses from. Usually, when collecting personal data a Privacy Notice needs to be presented to the data subjects. The Privacy Notice informs data subjects, among other things, for what purposes the data will be processed and which is the lawful ground for processing. Usually, for marketing purposes the lawful ground is either consent of legitimate interest. If you want to find out more about consent and legitimate interest, check out our webinar “How GDPR Affects Marketing Practices” (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/).

  • GDPR and company size


    Answer:

    This is not entirely true as the company is still the controller in regards to the personal data of its employees regardless of their number. The fact that you are using a third party supplier as a data processor requires you to have a Data Processing Agreement in place with the external company pursuant to Article 28 of the EU GDPR. If you want to find out more about the EU GDPR, check out this free EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).

  • Transfer of data


    Answer: In order to be able to transfer personal data outside the EEA to countries without an adequacy decision such as India, as a data processor, first you need the authorization from the controller to do so and you have to have in place one of the safeguards required by Chapter V of the EU GDPR.

    2. Also, the data is originating from India and is being returned to India. Individuals are applying (sending personal) info to the controller. We are then processing the data and replying directly to the individual in India. Is this even classified as a transfer to a third country if the da ta is coming from India and returned to India?

    Answer: If the data exporter is an entity established in India, the transfer outside India to the EU or anywhere else does not constitute a cross border data transfer in the sense of the EU GDPR. If you want to find out more about cross border data transfers, check out our webinar “How to make personal data transfers to other countries compliant with GDPR” (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/).

  • GDPR and hosting events


    Answer: Information about the venues where the events are held is not considered personal data as it is not linked to an individual.

    2. Can I post those events on my website?

    Answer: You can post such events on your website. Privacy Laws including the EU GDPR do not cover non-personal data. However, you may have some other restrictions related to, for example, copyright.

    3. Can I use the pictures used to promote the events?

    Answer: Pictures are a tad complicated if they can be used to identify people but you could use them though you would need to have a privacy notice explaining where you got the pictures from, for what are you using them, how long you are going to keep them etc. If you want to find out more ab out the EU GDPR, check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).

  • Can the preparer be the reviewer and approver for clause 4.2.3?

    казино онлайн ru
Page 608-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +