Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Register of Data Subject Access Requests


    Answer:
    There is not mention in the EU GDPR on how long the data subject requests should be kept. However, you are free to decide upon a retention period that would at least give you the possibility to defend your legal rights if necessary. So, a good start would be to keep them for a period which is close to the statute of limitation under national law, in Romania that period is three years.

    To learn more about the EU GDPR check out our free webinar “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//)

  • ISO 20000 scope


    Answer:
    Yes, providing IT services ti internal customers is valid scope for the ISO 20000 certification.
    More details about scope - in the article " How to define the scope of the SMS in ISO 20000" https://advisera.com/20000academy/blog/2015/06/02/how-to-define-the-scope-of-the-sms-in-iso-20000/

  • Controlling changes


    Answer:

    As far as I understand the question, I believe you are talking about clause 6.3 Planning of changes. During a defined period, certain procedures will not be followed and an alternative controlled way of working will be in place.

    The following material will provide you information about planning and controlling changes:

    - ISO 9001 – QMS Change Management in 7 steps - https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Competences for Business Continuity Manager


    Answer: ISO 22301 does not define minimum requirements for education, only that personnel involved with business continuity management has the proper competencies to fulfill their duties, which can be evidenced in terms not only of education, but also in terms of skills and experience.

    Considering that, among common competences for Business Continuity Manager we can mention:
    - Business Impact Analysis
    - Risk Management
    - Project management
    - Business continuity frameworks (e.g., ISO 22301 standard, BCI Good Practice Guidelines, etc.)
    - BCMS audit
    - Communication

    Some competencies can be found in the following courses:
    - ISO 22301 lead implementer course
    - ISO 22301 lead auditor course

    This article will provide you further explanation about Competences for Business Continuity Manager:
    - The challenging role of the ISO 22301 BCM Manager htt ps://advisera.com/27001academy/blog/2016/03/21/the-challenging-role-of-the-iso-22301-bcm-manager/

    This material will also help you regarding Competences for Business Continuity Manager:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • Configuration Management in AS9100 Rev D

    I do not know of any special configuration management standards applicable to South Africa, however, ISO 10007 is an internationally recognized configuration management standard which is referenced in AS9100 RevD.
    For more information on Configuration Management in AS9100 Rev D see this article: https://advisera.com/9100academy/blog/2017/05/08/understanding-configuration-management-in-as9100-rev-d/

  • Applying life cycle perspective:


    Answer:

    The life cycle perspective should be applied during the identification of environmental aspects. For every environmental aspects one should consider what happens before and after our organization. For example, in the case of your industry and for the case of ready-mix concrete that you mention, does your suppliers use legal raw-materials? In my country it was common to illegally grab sand without any environmental considerations, does the cement used is produced by a company that respects environmental laws and regulations?

    More exampl es:

    during construction land is removed - what is its destination?
    during renovation, construction-demolition residues are generated – what is its destination?


    The following material will provide you information about applying life cycle perspective:

    - ISO 14001 – Lifecycle perspective in ISO 14001:2015 – What does it mean? - https://advisera.com/14001academy/blog/2017/02/20/lifecycle-perspective-in-iso-140012015-what-does-it-mean/
    - How does product life cycle influence environmental aspects according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
    - Using ISO 14001:2015 to identify environmental aspects in the construction industry - https://advisera.com/14001academy/blog/2015/11/10/using-iso-140012015-to-identify-environmental-aspects-in-the-construction-industry/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • Key performance indicators and ISO 9001


    Answer:

    Key performance indicator is not a terminology used by ISO 9001:2015, although very common. Clause 4.4.1 c) mentions performance indicators, indicators to monitor and measure process performance. According to the strategic orientation of an organization, some processes will be more critical than others for organizational success or competitiveness. Performance indicators of those processes will be key performance indicators. For example, for an organization that bets on its ability to innovate, indicators about the performance of the innovation process will be key performance indicators.

    The following material will provide you information about key performance indicators:

    - ISO 9001 – How to define Key Performance Indicators for a QMS based on ISO 9001 - https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
    ISO 90 01 document template: Matrix of Key Performance Indicators - https://advisera.com/9001academy/documentation/matrix-key-performance-indicators/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Consent


    Answer:
    Consent is one of the most widely used for marketing. Under certain circumstances legitimate interest may work as well.

    However, If you intend to process personal data for the purposes of direct marketing by electronic means (by email, text, automated calls etc) legitimate interests may not always be an appropriate basis for processing. This is because the e-privacy laws on electronic marketing – currently the Privacy and Electronic Communications Regulations (PECR) – require that individuals give their consent to some forms of electronic marketing.

    If you want to find out more about consent and marketing check out our webinar “How GDPR Affects Marketing Practices” (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/)

  • Laws and regulations

    • [relevant national law or regulation for GDPR implementation ]
    • [other local laws and regulations]

    Answer:
    We don`t know each end every national law regarding privacy in the EU. This is why we left the field blank. This is something la corporate counsel or local lawyer can help you with.

  • Risk assessment process


    Answer: You have to evaluate likelihood at the planning level, because at this point it will help you decide which risk treatment option is more appropriated and it will be less costly to make changes if you identify need for changes. After the implementation level the likelihood evaluation is used to confirm the expected likelihood you identified during the planning phase and to make proper adjustments.

    2. At what level do evaluate the residual risk?

    Answer: The first evaluation is made during the planning phase, after the definition of the risk treatment option. This is a kind of an expected residual risk.

    After the implementation phase, during the controls performance review, you use real data to evaluate the residual risk to confirm your assumption during the planning phase and to make proper adjustments

    For both answers, this article will provide you further explanation about risk assessment:
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    These materials will also help you regarding risk assessment:
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Page 705-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +