Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Business Continuity coordinator
Answer: The business continuity coordinator typically is responsible for the development and maintenance of business continuity plans, working closely with critical business units to understand their processes, identify risks, and provide solutions to help manage and minimize those risks.
Considering that, your BC coordinator can be either the person writing the documents and planning the projects or the facilities manager. For choosing between them you should consider their understanding of the business and how easily they can interact with other business areas. Another alternative can be the organization's security officer, if the organization has such a role.
These materials will also help you regarding BC coordinator:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-in formation-security-officer-ciso-in-iso-27001/
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Interested parties management
Answer:
Each organization decides who should be doing the mapping and analysis of the stakeholders internal and external, but the final decision about which stakeholders are relevant, and which of their needs and expectations are relevant must be from top management. ISO 9001:2015 does not require to keep documented information about this. Nevertheless, I recommend preparing a kind of memorandum of understanding with the main decisions about interested parties. In organizations that do not keep documented information about this topic, auditors look for the existence of a common perception among managers, about who are the relevant stakeholders and what are their relevant needs and expectations.
The following material will provide you information about the interested parties:
- ISO 9001 – How t o determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
- Understanding needs & expectations of interested parties in ISO 9001:2015 - https://advisera.com/9001academy/blog/2017/10/24/understanding-needs-expectations-of-interested-parties-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Internal audit for different locations
Site1: all the org units present (sales, hr, sw dev, qa, IT and so on)
Site2: 2 org units present (only sw dev and qa present)
Site3: 2 org units present (only IT and sales present)
As in scope we have all the sites, entities and units defined shall we conduct audit for all the org units per site in above scenario even they are not present at site? HR and IT I understand that we need to audit from site perspective but how about SW dev, QA as there is no relation to site 3 at all?"
Answer:
You don´t need to perform internal audit for those units that are not present in a site. For instance, in site 3 you will carry out an internal audit which includes IT and sales, but you don´t need to include sv dev as it is not present at that site. What is really important is that in the internal audit you cover all the requirements that apply to the entire scope of your organization and you clearly define the products and services offered by the different entities.
To learn more abot the scope of the organization, see this article - Certifying different legal entities under one certification scope in ISO 9001: https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
These materials can help you to learn more about ISO 9001:2015 implementation:
- Book "Discover ISO 9001:2015 through practical examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Conformio - Compliance tool: https://advisera.com/conformio/ -
Procedimiento para abordar riesgos
Respuesta:
En primer lugar, debe saber que la nueva norma no requiere de un procedimiento para abordar los riesgo y oportunidades. Sin embargo, su organización puede decidir redactar un procedimiento que debería contener las actividades siguientes:
- Identificación de los riesgos y las oportunidades - Esto debe realizarse en un modo sencillo, por ejemplo organizando la sesión de reunión de tormenta de ideas y realizando un análisis de FODA (fortalezas, oportunidades, debilidades, amenazas) con los empleados relevantes de su empresa.
- Determinación del nivel de impacto de los riesgos, que puede ir desde bajo impacto a alto impacto.
- Planificación de las acciones para abordar los riesgos y oportunidades. Estas acciones pueden ir desde la evitar de los riesgos hasta asumirlos.
- Evaluación de la efectividad de las acciones tomadas
Para obten er más información acerca de cómo escribir un procedimiento para abordar los riesgos y las oportunidades ¡, vea este artículo - ¿Requiere ISO 9001 un procedimiento para tratar riesgos y oportunidades?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/#
Puede descargar la vista previa gratuita de nuestro procedimiento para abordar los riesgos y las oportunidades aquí: https://advisera.com/9001academy/documentation/procedure-for-addressing-risks-and-opportunities/
Estos materiales pueden ayudarle a aprender más acerca de la ISO 9001: 2015 implementation:
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio - Herramienta de cumplimiento en línea: https://advisera.com/conformio/ -
EU GDPR requirements for US based company
Answer: Not really, as long as you are processing data of individuals in the European Union the EU GDPR is applicable.
To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//) -
Finding vs nonconformity
Answer:
An audit finding is the result of comparing the collected audit evidence with the audit criteria. Audit findings can indicate either conformity or nonconformity.
The following material will provide you information about audit findings:
- ISO 9001 – How to deal with nonconformities in an ISO 9001 certification audit - https://advisera.com/9001academy/blog/2015/06/09/how-to-deal-with-nonconformities-in-an-iso-9001-certification-audit/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Legitimate interest
Can you advise on that? If not, can you point us to an expert on marketing and legitimate interest?
Answer: Legitimate interest can be used for marketing but only under specific circumstances . If you intend to process personal data for the purposes of direct marketing by electronic means (by email, text, automated calls etc) legitimate interests may not always be an appropriate basis for processing. This is because the e-privacy laws on electronic marketing – currently the Privacy and Electronic Communications Regulations (PECR) – require that individuals give their consent to some forms of electronic marketing.
To learn more about marketing practices and the EU GDPR check out our webinar “How GDPR Affects Marketing Practices”. (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/). -
DPA in EU
1. In order to exchange personal data between a EU based company and a Japanese one acting as a separate controller you need to comply with the requirements for cross border data transfer. Most used of such safeguards is the use of Controller to Controller Standard Contractual Clauses.
To learn more about cross border data transfers check out our webinar “How to make personal data transfers to other countries compliant with GDPR” (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/).
2. Notifying the Japanese Supervisory authority is subject to Japan`s local legal requirements in terms of data protection. The relation between you and the other controller needs to be established in the contract that you have with the European entity. -
Needed procedures
Answer:
ISO 9001:2015 has no mandatory procedures. Please check clause 4.4.2 a), if your organization believes that a Preventive Maintenance Procedure is needed then you should develop and maintain it, but it is up to you to decide.
The following material will provide you information about the procedure requirements:
- ISO 9001 – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Keeping personal data of clients
Answer: This is true. The data cannot be kept for longer than is necessary for the purpose it was collected for. However, you can relay on consent and ask your customers if they agree that you keep their data for longer.
To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//)