Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Security tools


    Answer:

    It's our policy not to make recommendations about specific tools, since the selection of a tool will depend on specific requirements and needs of each organization.

    Regarding steps to protect users accounts, the most important is to establish an access control policy covering among other things:
    - Periodic change of passwords
    - Periodic review of user's access and activities
    - Use of different passwords for each account

    These articles will provide you further explanation about access control:
    - How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
    - How two-factor authentication enables compliance with ISO

  • Competences management and improvement


    Answer:

    Specific methods to update competences will vary according each certificate issuer, but the most common are:
    - Attending courses
    - Developing related materials (e.g., questions for exams, texts, videos, etc.)
    - Training other people (e.g., by providing courses, presentations, etc.)

    Regarding courses related to ISO 27001, I suggest you to take a look at this e-training content: https://advisera.com/training/

  • How deep should an organization go

    Answer:
    Two topics: documentation and level.
    Documentation – ISO 9001:2015 has no mandatory requirements about documenting who are the relevant interested parties and what are their relevant needs and expectations.
    Level – There is no explicit guidance on ISO 9001:2015 about this. What is the scope of your organization’s quality management system? Perhaps the corporate level has a scope much wider than the scope of your business unit. Also, normally, the corporate level don’t handle customers every day, it is not at the corporate level that products and services are manufactured or provided. The corporate level is best to handle, and generate value, through managing a set of business units.

    The following material will provide you information about interested parties:
    - ISO 9001 – How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Assessing the severity of personal data breach


    Answer:

    A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. It is potentially very broad. It is not limited to loss of data and extends to unauthorised access or alteration. However, it only captures actual breaches and not suspected breaches.

    We have developed a whitepaper to help you to efficiently assess the severity of a personal data breach, and determine a course of action. This informative white paper offers a simple methodology, so you can:

    - Reliably determine the severity of a personal data breach
    - Determine the necessary mitigation measures
    - Understand whom to notify, in line with GDPR requir ements

    You can find the whitepaper here : https://info.advisera.com/eugdpracademy/free-download/assessing-the-severity-of-personal-data-breaches-according-to-gdpr

    2. Does the DPA and/or the data subject(s) need to be informed of the breach in all cases where it can cause a high degree of risk to the data subject regardless of the quantity of data subjects affected?

    Answer:

    If there is a risk to the rights and freedoms of natural persons the SA needs to be notified in maximum of 72 hours. However if the risk is ranked as high the data subjects need to be informed without undue delay. So you can see it is up to the controller to rank the risk to determine who needs to be notified. In practice, if the risk is high, both the SA and the data subjects need to be informed.
    The risk is not only related to the quantity of data but also to the quality, data breaches involving sensitive personal data or data relating to criminal convictions would trigger the need to notify the SA and data subjects event if the number of records is low.

  • ISO 9000 - the beginning


    Answer:

    ISO 9000 series of standards were published for the first time in 1987 by ISO - International Organization for Standardization. ISO standards are created by groups called Technical Committees and approved by consensus through a voting process. Standards development life cycle includes steps like: Committee Draft; Draft International Standard, Final Draft International Standard and then, after approval, ISO standard. The sequence improvement of ISO 9000 is based on the PDCA cycle (Plan -Do -Check – Act) also known as Deming cycle because of its creator William Edwards Deming.

    The following material will provide you information about ISO 9001 standards evolution:
    - ISO 9001 – Plan-Do-Check-Act in the ISO 9001 Standard - https://advisera.com/9001academy/knowledgebase/plan-do-check-act-in-the-iso-9001-standard/
    - free online training ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/ lementer-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Research on environmental aspects and risks


    Answer:

    ISO 14001 doesn´t provide the organizations with a tool to conduct a risk analysis neither to use defined criteria for the evaluation of environmental aspects and impacts.

    Basically, ISO 14001:2015 states that an organization must understand and identify those environmental aspects that have or can have a significant impact on the environment, known as significant environmental aspects. When establishing criteria for determining the significance of the environmental aspects, the organization needs to consider several factors:
    - condition of the environment
    - compliance regulations and needs and
    - needs and expectations of interested parties.

    Identification of significant environmental aspects will be necessary to determine where the controls or improvements are needed.

    In regards to the risks, the standard suggests that the risks and opportunities should be considered in terms of the following elements:
    - The relevant compliance obligations
    - The environmental aspects
    - The stakeholders and interested parties

    ISO 31000 is an ISO standard designed specifically to deal with risk management. Although, the simplest way to perform a risk analysis is conducting a SWOT (strengths, weaknesses, opportunities, threats) analysis in order to help you to find those risks.

    For example, Advisera has developed a procedure to determine the environmental aspects and risks using criteria based on the ISO 14001 requirements. You can see a free preview here - Procedure for identificaion and evaluation of environmental aspects: https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/

    These materials can help you to better understand environmental aspects and risks in ISO 14001:2015:
    - ISO 14001:2015 - How to set criteria for environmental aspects evaluation: https://advisera.com/14001academy/blog/2016/10/31/iso-140012015-how-to-set-criteria-for-environmental-aspects-evaluation/
    - Risk management in ISO 14001:2015: what, why and how: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/risk-management-in-iso-140012015-what-why-and-how/
    - Risks and opportunities in ISO 14001:2015: what they are and why they are important: https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
    - Free online ISO 14001:2015 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/
    - Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/

  • Corrección vs. Acción Correctiva

    Gracias por la consideración y respuesta.

    Respuesta:

    Si la corrección ha sido eficiente y eficaz, y sólo se trata de un problema menor o aislado no es necesario aplicar una acción correctiva. Es decir, aunque es importante aplicar correcciones para cada una de las no conformidades encontradas, no es necesario aplicar acciones correctivas a todas las no conformidades. Sólo se deben aplicar acciones correctivas en el caso de que la no conformidad se trate de un problema sistémico y no cuando sea algo de poca importancia o un problema aislado.

    Puede encontrar más información sobre no conformidades y acciones correctivas en los siguientes materiales:
    - Artículo - ISO 9001 - Difference between correction and corrective action: https://advisera.com/9001academy/blog/2016/02/09/iso-9001-difference-between-correction-and-corrective-action/
    - Artículo - Seven steps for corrective and preventive actions to support continual improvement: https://advisera.com/9001academy/blog/2013/10/27/seven-steps-corrective-preventive-actions-support-continual-improvement/
    - Artículo - How to proceed https://advisera.com/9001academy/blog/2016/09/20/how-to-proceed-once-qms-corrective-action-is-defined/
    - Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Curso gratuito en línea Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • ISO 9001 evolution


    Answer:
    And you are right. For example, it can be acceptable to state that there are no complaints, but it is not acceptable to state that there is nothing to say about internal audits, or process performance or decisions from the last management review.

    The following material will provide you information about management review:

    - ISO 9001 – How to make Management Review more useful in the QMS - https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
    - Free webinar – How to perform management review according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-perform-management-review-according-to-iso-9001-2015-free-webinar-on-demand/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Responsibility of the CEO for management review minutes


    Answer:

    Section 4.4 of the Information Security Policy speaks about the responsibility of the CEO (or other member of the top management) to prepare minutes of the management review meeting.

    You can find the template of Management review minutes in the folder 11 of your ISO 27001 Toolkit; by the way, these minutes are a mandatory document.

  • Management representative in ISO 9001:2015


    Answer:

    You are correct, the management representative is not mandatory anymore in the new version of the standard ISO 9001:2015. However, if your organization considers this position valuable and worthwhile you can still keep it.

    These are usually the responsibilities of a management representative:
    - Process maintenance of the QMS
    - Reporting on the performance of the QMS
    - Customer requirements promotion
    - Liaison with external parties

    The management representative should be the person within your company that best suits all the above job responsibilities ensuring that the implementation and maintenance of the quality management system becomes a success.

    This materials can help you to better understand the role of the management representative:

    - Article - What will be the destiny of the management representative in the new ISO 9001:2015: https://adv isera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/
    - Article - Choosing the best person for the job quality management representative: https://advisera.com/9001academy/blog/2014/06/03/choosing-best-person-job-quality-management-representative/
    - Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
Page 656-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +