Search results

Home / Search

Category:
Select
Select

11278 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Implementing ISO 9001


    Answer:
    Look into the company at two different levels. First, map the flow of work from customer requirements and needs until customer served “What do you do?” (development of services, commercial activities, purchasing, providing the service, maintenance, training, management). Second, determine: the internal and external context, interested parties, quality policy and objectives, and risks and opportunities.

    Characterize the processes and define and implement plans to meet objectives and address risks and opportunities.

    The following material will provide you information about implementing an ISO 9001 management system:

    - ISO 9001 – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
    - free online training ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
    - book - Di scover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Personal data


    Answer:

    The EU GDPR defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological , genetic, mental, economic, cultural or social identity of that natural person;” (Article 4 – Definitions (https://advisera.com/gdpr/definitions/).

    So, a phone number is identifiable information which is assimilated to personal data.

    To find out more about personal data check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//).

  • Security objectives for IT Helpdesk function


    Answer:

    Broadly speaking, examples of security objectives for IT Helpdesk function are:
    - Protection of IT Helpdesk user/customer data
    - Maintenance of IT Helpdesk function availability
    - Percent of business processes supported by the IT Helpdesk function

    These articles will provide you further explanation about security objectives:
    - Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
    - ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

  • RBT and ISO 14001


    Answer:
    When you look into the external and internal issues you can identify risks and opportunities related with the intended outcomes of EMS. For example:
    * technological trends may help you reduce environmental impacts;
    * legislation trends may make more difficult to comply with legal obligations

    “2. Since the standard doesn't require one to document the analysis above, how does one show evidence that the analysis is done, and it is sufficient and appropriate?”

    Answer:
    Without records, the auditor will have to interview the management team and see if the company had done the risk-based thinking (RBT) and simply write in the report that they demonstrated the RBT during interview with the management.

    The following material will provide you information about applying RBT to an environmental management system:

    - ISO 14001 – Risks and opportunities in ISO 14001:2015 – What the y are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
    - ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • Implementation without prior knowledge


    Answer:

    I do think is possible to implement and complete ISO 9001:2015 certification with no prior knowledge. Documents included in the toolkits are designed to comply with all the ISO 9001:2015 so it includes not only the mandatory documents but the commonly used. The templates of the toolkit are also easy to complete, since they deal with technicities and provide many comments about how to fill out the specific information of your company and materials to understand all clauses and requirements. Our toolkits also include expert support, so you can talk to one of our experts in order to clarify some questions along the project and they can review some of your documents. This expert support can be up to 15 hours and 15 documents , so you will assure your organization successfully achieve the certification.

    The dur ation of the implementation will depend on the size of the company and the complexity of the product and service but also on the resources provided for the project. You can use this tool to calculate the duration - ISO 9001 Implementation Duration Calculator: https://advisera.com/9001academy/iso-9001-duration-calculator/

    To learn more about our toolkits you can see this Product Toor: https://advisera.com/9001academy/product-tour/

    To learn more about implementing the standard by yourself, you can download this free whitepaper - Implementing ISO 9001 with a consultant vs DIY approach: https://info.advisera.com/9001academy/free-download/implementing-iso-9001-with-a-consultant-vs-diy-approach

    This materials can help you with ISO 9001:2015 implementation by yourself:
    - Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/

  • Services and design and development


    Answer:

    If an organization that provides a service designs and develops that service, the clause is applicable. For example, an organization that sells services for babysitting children may want to develop a new service about caring of older people. What is that new service about? What features are included? What requirements for caregivers? That is the scope of design and development.

    The following material will provide you information about design and development:

    - ISO 9001 – The ISO 9001 Design Process Explained - https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • ISO 9001 benefits


    Answer:
    Without knowing what your business is about I follow a general rule to answer you. If your business serves other business, B2B, normally, ISO 9001:2015 certification can be a plus. What could go against this general rule? Sometimes, very small businesses take advantage of being very flexible because procedures are very fluid, everybody does a little bit of everything, in that case ISO 9001:2015 can be too soon for them.

    The following material will provide you information about ISO 9001 benefits:

    - ISO 9001 – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
    - free online training ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Convincing top management


    Answer:
    Without top management involvement and participation any management system will be a burden on the organization and its people.

    In a case like yours, I would list all the benefits of being certified for the organization and would list all the risks and costs for the business because of losing certification. Then, I would translate those benefits and drawbacks into money. How much money can the organization lose by losing certification? How much money the organization earns because it is certified? Normally, top management gives more attention to money figures.

    The following material will provide you information about convincing top management about keeping a management system:

    - ISO 9001 – Six Key Benefits of ISO 9001 Implementa tion - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
    -
    - free online training ISO 9001:2015 Lead Implementer Course (check Module 5) - https://advisera.com/training/iso-9001-lead-implementer-course/
    book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Can data processor delete personal data?


    Answer:

    I assume from your question that you are acting as a data processor in regards to the personal data of the data subject asking for the data to be deleted. In this case, as required by EU GDPR art. 28(3)(e) – Processors (https://advisera.com/eugdpracademy/gdpr/processor/) such requests should be forwarded to the respective data controller. You can inform the data subject that you as a processor have forwarded the request to the controller.

    To learn more about processors check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//).

  • Documentation content

    I am working through the Statement of Applicability and have found that the Control Objectives listed in the Statement of Applicability do NOT align with those found in the PDF ISO 27001 Controls and Objectives. In the Statement of Applicability it shows the control for A.6.1.2 as Segregation of duties, but then when I go to the PDF for the 270001 Control and Objectives it shows A.6.1.2 Information security coordination.

    Control A.6.1.2 Information security coordination is listed in the old 2005 revision of ISO 27001, which was superseded by a new 2013 revision, which is the current one. In 2013 version of ISO 27001, control A.6.1.2 refers to Segregation of duties. Considering that, you have to follow the Statement of Applicability document.

    Based on the response , can you please provide the 2013 Annex A List of Controls and Objectives, as the one I have is 2005 and does not align with the Statement of Applicability in the toolkit.

    I'm sorry, but ISO 27001 standard is an intellectual property of ISO, and we do not have the license to sell it, as a whole or only some parts. You can buy this standard at this link: www.iso.org/standard/54534.html
Page 678-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +