Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Data Processing Agreement


    Answer:

    From the example you have provided company A is acting as a data controller and company B would act as a data processor. In this instance a Data Processing Addendum/Agreement would need to be signed between company A and company B to ensure that company B processed the data on behalf of company B pursuant to the provisions of EU GDPR article 23 – Processor (https://advisera.com/eugdpracademy/gdpr/processor/).

    To find out more about controllers and processors check out our free “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//).

  • Requisitos de la cláusula 4.4


    Respuesta:

    La cláusula 4.4 incluye requisitos generales para el SGC que están relacionados con cada una de las partes del SGC. Esto significa que en realidad está cumpliendo de forma indirecta con esta cláusula con los procedimientos, políticas y registros documentados necesarios para cada parte del SGC.

    No disponemos de plantillas relacionadas con la cláusula 4.4 porque la norma no requiere ninguna documentación obligatoria para esta cláusula.

    Para obtener más información sobre los documentos y registros obligatorios en ISO 9001: 2015, puede ver este artículo – Lista de documentos obligatorios requeridos por ISO 9001: 2015:
    https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

    Estos materiales también pueden ayudarle con la cláusula 4.4 en ISO 9001: 2015:

    - Libro “Descubra ISO 9001: 2015 a través de ejemplos pr ácticos”: /books/disco ver-iso-9001-2015-through-practical-examples/

    - Curso de Fundamentos ISO 9001: 2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Writing an environmental policy


    Answer:

    The environmental policy should include the following ideas and elements:
    - Appropiate to the purpose and context of the organization
    - Continual improvement
    - Prevention of pollution
    - Compliance with legal obligations and other requirements
    - Framework for objectives and targets
    - Support the strategic direction of the organization.

    To learn more about environmental policy, you can see these articles:

    - How to write and ISO 14001 environmental policy: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-write-an-iso-14001-environmental-policy/
    - How detailed should the EMS policy be: https://advisera.com/14001academy/blog/2017/10/31/how-detailed-should-the-ems-policy-be/

    The following materials can also help you with the environmental policy:
    - Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
    - ISO 14001:2018 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/

  • QMS meeting requirements


    Answer:

    SWOT and PESTLE Analysis are frequently used tools to understand the organization and its context, but they are not mandatory. So, you can avoid its use, unless they are prescribed in your procedures.

    If when you mention QMS meetings, you are mentioning management review or performance reviews, minutes are mandatory – please check last phrases of clauses 9.1.1 and 9.3.3.

    The following material will provide you information about QMS meeting requirements:

    - ISO 9001 – How to implement the Check phase (performance evaluation) in the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/17/how-to-implement-the-check-phase-performance-evaluation-in-the-qms-according-to-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://training .advisera.com/course/iso-90012015-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Risk Management Criteria


    If there is no recorded occurrence of an event occurring but there is also no way of knowing if the event occurred previously then do we score it low or Medium/High?

    For example - If I know the people can download company data onto their home devices through a browser based application. There are no recorded occurrences but there is also no way of knowing if this has happened.

    My concerns with such a case are that whilst I don’t want to commit scant resources to dealing with a risk that is perhaps not significant but also I do not want to leave a security hole for data to leak through in relation to the business’s defences.

    Answer: Besides internal historical data, the likelihood can be also identified by means such as historical data available from organization's industry (e.g., industry reports), statistical models, or by expert opinion.

    This article may provide you more information about identification of likelihood:
    - How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

  • DPO

    What are the DPO's attributions in this situation, besides managing the Processor Personal Data questionnaires?

    Answer:

    1. This is more organizational related question as such things are not mentioned in the GDPR or elsewhere for that matter. Usually the DPO should train the relevant departments on how to recognize when a contract would involve processing of personal data and draft the relevant agreements alone or together with the legal department depending on the qualifications of the DPO.

    2. There are lots of tasks to be performed by the DPO such as:
    - providing and maintaining the necessary documentation to demonstrate compliance with the GDPR including, but not limited to policies, procedures, templates, forms and ensuring that they are kept up to date;
    - informing and providing expert advice to all members of staff regarding their obligation to comply with the provisions of the GDPR and relevant local laws and regulations when processing personal data;
    - monitoring compliance with the GDPR and relevant local laws and regulations, and informing the stakeholders within the Company of any changes in a timely manner.

    To learn more about the role of the DPO check out our webinar “Role of the DPO according to EU GDPR” (https://advisera.com/eugdpracademy/webinar/role-of-the-dpo-according-to-eu-gdpr-free-webinar-on-demand/)

  • ISO 20000 Risk register


    Answer:
    If you have created risk register used for ISO 27001 implementation (and it was appropriate for our company) - try to re-use it. At least as a methodology. But please consider that ISO 20000 has IT services in focus. Same is for risks. Consider risks related to the IT services.
    Gaps and risks - well, that's hard to answer with yes or no. There are some gaps that are risks but some are not.
    Excel sheet - no, we don't provide such documents because this is different case-by-case i.e. it needs to be adapted to the organization.
    Read the article Similarities and differences between ISO 27001 and ISO 20000https://advisera.c om/20000academy/blog/2018/05/09/similarities-and-differences-between-iso-27001-and-iso-20000/ to learn more about similarities and differences between ISO 20000 and ISO 27001.

  • Becoming an ISO auditor with different standards


    Answer:

    I would recommend you attend a course about each ISO standard or perhaps integration of ISO standards. An auditor must be knowledgeable about the audit criteria. Also, I would recommend you attend a course on internal audits. Then, you should start performing internal audits and gain experience.

    The following material will provide you information about internal audits:

    free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    ISO 9001:2015 Lead Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/
    book – Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Scope and exclusions


    Answer:

    As far as I understand your organization can provide a list of coatings for metals from your own design and development or can provide the metal coating service according customer requirements.

    Choosing a certification scope is a management decision. Your organization has three options:

    A – Consider only the coatings according own requirements;

    B – Consider only the coatings according customer requirements;

    C – Consider all coatings

    In case A clause 8.3 is applicable at your QMS.

    In case B clause 8.3 is not applicable at your QMS

    In case C clause 8.3 is applicable at your QMS.

    The following material will provide you information about scope and exclusions:

    - ISO 9001 – What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
    - How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Backup policy


    Answer: The backup policy must be elaborated considering the results of risk assessment and legal and contractual clauses your organization must fulfil. These information will help you define issues such as which technology to use, what information to backup, where to store the backup, for how long, the backup frequency, who is responsible for the backup, etc.

    To have an idea about how a backup policy looks like, I suggest you to take a look at the free demo of our Backup Policy template at this link: https://advisera.com/27001academy/documentation/backup-policy/

    This article will provide you further explanation about backup:
    - Backup policy – How to determine backup frequency https://advisera.com/27001academy/blog/2013/05/07/backup-policy-how-to-determine-backup-frequency/

    These materials will also help you regarding backup :
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 701-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +