Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11272 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Video & phone requests

Answer:

All client requests need to be assessed on a case by case basis. The time frame for responding to data subject access requests (DSARs) should not exceed 30 days from the date that the request has been received.

Note that the data subject can only request access to personal data concerning him/her and therefore you are not allowed for example to provide video footage that shows other persons than the one asking for the data. If technically possible, in this particular case the faces of the other individuals in the footage need to be blurred as not to allow other persons to be identified.

If another person than the data subject asks for such data you can only provide it in situation when there is a legal justification behind it such as a subpoena.

To learn more about DSAR s check out our webinar " Data Subject Rights under the EU GDPR" (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).
Authority to approve documents

Answer:

ISO 9001:2015 does not mandates that top management signs all SOPs. That depends on the rules of your own system created by your own organization.

Whoever approves and signs a document has to have his/her authority transmitted by top management. For example, in my work as consultant I advise the creation of a List of Internal Documents that lists all internal documents and identifies who has authority to approve each one. Top management signs that list and in that way, signals who has authority to approve a particular document.

The following material will provide you information about document control

- ISO 9001 – Some Tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
- Procedure for Document and Record Control - https://advisera.com/9001academy/documentation/procedure-document-record-control/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
8.1 Información documentada necesaria para tener confianza de que los procesos..
Muchísimas gracias Antonio!!
Toolkits and CSA CCM

Answer: Our ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit templates can help you cover the requirements from CSA Star certification related to ISO 27001, ISO 27017, and ISO 27018 standards identified in the Cloud Controls Matrix (CCM).

To see the content of this toolkit, please access this link: https://advisera.com/27001academy/iso-27001-iso-27017-iso-27018-cloud-documentation-toolkit/

These articles will provide you further explanation about ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
Risks and opportunities - an approach

Answer:

ISO 9001:2015 gives a lot of freedom in treating risks and opportunities. So, you will see different possible approaches.
First, what is a risk or an opportunity? A negative/positive deviation from an expected due to uncertainty is a risk/opportunity. The expected are desired results, are the outcomes of a QMS.

Second, ISO 9001 mentions risks/opportunities at three levels (clause 5.1.2b – risks about products and services. Clause 4.4.1f – risks about process outcomes. Clause 6.1.1 – risks about QMS over all results)

Third, with FMEA, with a conversation/discussion about internal and external issues, or with performance analysis one organization can determine relevant risks and opportunities and then evaluate them and decide what to do with them.

The following material will provide you information about risks and opportunities

- ISO 9001 – Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
- Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Implementar ISO 27001 en la nube

Respuesta: Basicamente ISO 27001 trata sobre riesgos relacionados con la información, y en tu caso, algunos riesgos están en el lado del proveedor (como por ejemplo ataques DoS, fallos hardware, fallos de suministro eléctrico, etc), por lo que tendrías que transferir estos riesgos. Pero también existen otros riesgos en tu lado, que también tienes que tratar, por ejemplo riesgos relacionados con la conexión remota a la nube, con los PCs usados para la operación de los servicios en la nube, las aplicaciones que estás usando, la concienciación de los empleados en materia de seguridad de la información, etc.

Este artículo te puede resultar interesante “Lista de apoyo para implementación de ISO 27001” : https://advisera.com/27001academy/es/knowledgebase/lista-de-apoyo-para-implementacion-de-iso-27001/

También este otro sobre riesgos “Evaluación y Tratamiento del riesgo en ISO 27001 - 6 pasos básicos” : https://adv isera.com/27001academy/es/knowledgebase/evaluacion-y-tratamiento-del-riesgo-en-iso-27001-6-pasos-basicos/

Y este otro "Defining the ISMS scope if the servers are in the cloud" https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/

Por cierto, ISO 27017 es otro estándar relacionado con los servicios en la nube, y la ISO 27001, que también te puede resultar interesante. Aquí puedes encontrar más información al respecto “ISO 27001 vs. ISO 27017 - Information security controls for cloud services” : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
Required documentation

Answer:

ISO 9001:2015 considers two types of documented information: documentation to maintain – they give instructions about how to act in the future; and documentation to retain – they are records about what happened.

Organizations should consider mandatory documented information required by ISO 9001:2015 and non-mandatory documented information that can be decided as necessary or useful for the effectiveness of the quality management system. The first link below gives a complete answer.

The following material will provide you information about documented information:

- ISO 9001 – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
- free online training ISO 9001:2015 Foundations Course – ht tps://advisera.com/training/iso-90012015-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Becoming an ISO auditor/consultant

Answer:

Regarding to the part of the auditors -There are two types of auditors:

Internal auditors, who carry out internal audits, and lead auditors, who work for certification bodies and perform the certification audits.

Regarding internal auditors - There are not mandatory qualifications to become an internal auditor, but certain skills, competencies, and qualifications can help a person become an internal auditor. A combination of knowledge of the ISO 9001:2015 internal process knowledge and attention to detail remain the primary attributes.

You can attend this course to help you to adquire the necessary knowledge - ISO 14001:2015 Internal Auditor Course: https://advisera.com/es/formacion/curso-de-auditor-interno-iso-14001/

Regarding the Lead auditor - To become a Lead Audito r first you need to have experience in applying ISO principles, procedures and techniques in the auditing. The next thing a candidate needs to become a lead auditor is to pass the Certified ISO 9001 Lead Auditor exam. This Lead Auditor course ISO 9001 is offered by many accredited bodies like certification bodies or approved training organizations. The scheme more widely offered by the main auditor registration organzations is a qualification scheme that requires you to pass a 5 day lead auditor class, demonstrate with a resume that you have work experience of about 4 years, that you have more specific work experience of about 2 years (e.g. in environmental sectors that you want to audit in) and then participate in audits to demonstrate audit experience.

To learn more about the benefits and problems of becoming a Lead Auditor, see this article - Benefits and potencial problems of becoming ISO 9001 lead Auditor: https://advisera.com/9001academy/blog/2020/04/10/how-to-become-an-iso-9001-lead-auditor/

Also, this book can help you to understand ISO internal audits - ISO Internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

If you are interested in working as a consultant implementing ISO 9001:2015 you can attend a Lead Implementer Course, since that course can help you to understand and implement the standards and then get the Lead Implementer certificate in order to prove your competence. Also, a Project Manager Certificate can be helpful because you will learn how to run projects.

We have aavailable this free on-line course – ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ After attending the course you can obtain a certificate that proves that you passed the exam.

To learn more about how to become a consultant, see these articles:
– How to become an ISO 9001 consultant: https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/
- How to sell your ISO 9001 consulting services: https://advisera.com/9001academy/blog/2017/06/20/how-to-sell-your-iso-9001-consulting-services/
información documentada de origen externo
Muchas gracias por las aclaraciones!
7.5.1 b) Información documentada determinada por la organización como necesaria
Muchas gracias por las aclaraciones!

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11272 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Video & phone requests

Authority to approve documents

8.1 Información documentada necesaria para tener confianza de que los procesos..

Toolkits and CSA CCM

Risks and opportunities - an approach

Implementar ISO 27001 en la nube

Required documentation

Becoming an ISO auditor/consultant

información documentada de origen externo

7.5.1 b) Información documentada determinada por la organización como necesaria

Didn’t find an answer?