Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Competences for Business Continuity Manager


    Answer: ISO 22301 does not define minimum requirements for education, only that personnel involved with business continuity management has the proper competencies to fulfill their duties, which can be evidenced in terms not only of education, but also in terms of skills and experience.

    Considering that, among common competences for Business Continuity Manager we can mention:
    - Business Impact Analysis
    - Risk Management
    - Project management
    - Business continuity frameworks (e.g., ISO 22301 standard, BCI Good Practice Guidelines, etc.)
    - BCMS audit
    - Communication

    Some competencies can be found in the following courses:
    - ISO 22301 lead implementer course
    - ISO 22301 lead auditor course

    This article will provide you further explanation about Competences for Business Continuity Manager:
    - The challenging role of the ISO 22301 BCM Manager htt ps://advisera.com/27001academy/blog/2016/03/21/the-challenging-role-of-the-iso-22301-bcm-manager/

    This material will also help you regarding Competences for Business Continuity Manager:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • Configuration Management in AS9100 Rev D

    I do not know of any special configuration management standards applicable to South Africa, however, ISO 10007 is an internationally recognized configuration management standard which is referenced in AS9100 RevD.
    For more information on Configuration Management in AS9100 Rev D see this article: https://advisera.com/9100academy/blog/2017/05/08/understanding-configuration-management-in-as9100-rev-d/

  • Applying life cycle perspective:


    Answer:

    The life cycle perspective should be applied during the identification of environmental aspects. For every environmental aspects one should consider what happens before and after our organization. For example, in the case of your industry and for the case of ready-mix concrete that you mention, does your suppliers use legal raw-materials? In my country it was common to illegally grab sand without any environmental considerations, does the cement used is produced by a company that respects environmental laws and regulations?

    More exampl es:

    during construction land is removed - what is its destination?
    during renovation, construction-demolition residues are generated – what is its destination?


    The following material will provide you information about applying life cycle perspective:

    - ISO 14001 – Lifecycle perspective in ISO 14001:2015 – What does it mean? - https://advisera.com/14001academy/blog/2017/02/20/lifecycle-perspective-in-iso-140012015-what-does-it-mean/
    - How does product life cycle influence environmental aspects according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
    - Using ISO 14001:2015 to identify environmental aspects in the construction industry - https://advisera.com/14001academy/blog/2015/11/10/using-iso-140012015-to-identify-environmental-aspects-in-the-construction-industry/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • Key performance indicators and ISO 9001


    Answer:

    Key performance indicator is not a terminology used by ISO 9001:2015, although very common. Clause 4.4.1 c) mentions performance indicators, indicators to monitor and measure process performance. According to the strategic orientation of an organization, some processes will be more critical than others for organizational success or competitiveness. Performance indicators of those processes will be key performance indicators. For example, for an organization that bets on its ability to innovate, indicators about the performance of the innovation process will be key performance indicators.

    The following material will provide you information about key performance indicators:

    - ISO 9001 – How to define Key Performance Indicators for a QMS based on ISO 9001 - https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
    ISO 90 01 document template: Matrix of Key Performance Indicators - https://advisera.com/9001academy/documentation/matrix-key-performance-indicators/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Consent


    Answer:
    Consent is one of the most widely used for marketing. Under certain circumstances legitimate interest may work as well.

    However, If you intend to process personal data for the purposes of direct marketing by electronic means (by email, text, automated calls etc) legitimate interests may not always be an appropriate basis for processing. This is because the e-privacy laws on electronic marketing – currently the Privacy and Electronic Communications Regulations (PECR) – require that individuals give their consent to some forms of electronic marketing.

    If you want to find out more about consent and marketing check out our webinar “How GDPR Affects Marketing Practices” (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/)

  • Laws and regulations

    • [relevant national law or regulation for GDPR implementation ]
    • [other local laws and regulations]

    Answer:
    We don`t know each end every national law regarding privacy in the EU. This is why we left the field blank. This is something la corporate counsel or local lawyer can help you with.

  • Risk assessment process


    Answer: You have to evaluate likelihood at the planning level, because at this point it will help you decide which risk treatment option is more appropriated and it will be less costly to make changes if you identify need for changes. After the implementation level the likelihood evaluation is used to confirm the expected likelihood you identified during the planning phase and to make proper adjustments.

    2. At what level do evaluate the residual risk?

    Answer: The first evaluation is made during the planning phase, after the definition of the risk treatment option. This is a kind of an expected residual risk.

    After the implementation phase, during the controls performance review, you use real data to evaluate the residual risk to confirm your assumption during the planning phase and to make proper adjustments

    For both answers, this article will provide you further explanation about risk assessment:
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    These materials will also help you regarding risk assessment:
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Evaluating opportunities


    Answer:
    For example, a matrix that relates “Effort” and “Consequences”.

    With “Effort” we measure the degree of effort needed to exploit an opportunity. With “Consequences” we measure the degree of return that can give an improvement in productivity, sales or quality performance.

    We look for opportunities that with a low effort give a high return, for example.

    The following material will provide you information about opportunities classification:

    - ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Evidences on organizational knowledge


    Answer:

    First, what does your organization considers organizational knowledge?

    I like to think about organizational knowledge as:

    1) what the organization knows it knows

    2) what the organization does not know that it knows

    This can be handled by human resources and is about training, coaching by experienced workers, and experience.

    If an auditor, ask for evidences of this type I would show training and coaching records for new employees or employees that changed roles.

    3) what the organization knows it does not know

    This can be handled with the help of external training, suppliers, books and technical magazines, for example and can be performed by several internal functions.

    If an auditor, ask for evidences of this type I would show evidences of learning occurred due to study, external training, reports from suppliers, reports from investigation, reports from improvement projects.

    4) what the organization does not know that it does not know

    This can be handled by different internal functions that maintain a kind of radar surveying relevant potential new knowledge with the help of books, magazines, blogs, conferences, networking, suppliers, …

    I would show evidence of any case that could demonstrate this last case. For example, some years ago, I was working in a process engineering team in the chemical industry. One afternoon, one of my colleagues, reading a technical magazine, started to comment about a new kind of material for storage silos. Rapidly, we in the room started a kind of brainstorm about benefits and drawbacks. After that, my colleague contacted the manufacturer, requested technical information and presented it to our board of directors. After some calculations, it was easy to conclude that the new material had a lot of advantages. We used it in the next plant expansion.

    The following material will provide you information about internal audits:

    - ISO 9001 – How to manage knowledge of the organization according to ISO 9001 - https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Most important documentation


    Answer:
    The question is much to broad to be able to provide you with an exact answer. However, given the sector in which you are activating I think that one of your first priorities would be:

    - Setting up your privacy notices;
    - Establishing the “Inventory of processing activities” (art. 30 of the EU GDPR – “Records of processing activities” - https://advisera.com/eugdpracademy/gdpr/records-of-processing-activities/)
    - Data Protection Impact Assessments;
Page 705-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +