Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11269 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Interested parties management

Answer:

Each organization decides who should be doing the mapping and analysis of the stakeholders internal and external, but the final decision about which stakeholders are relevant, and which of their needs and expectations are relevant must be from top management. ISO 9001:2015 does not require to keep documented information about this. Nevertheless, I recommend preparing a kind of memorandum of understanding with the main decisions about interested parties. In organizations that do not keep documented information about this topic, auditors look for the existence of a common perception among managers, about who are the relevant stakeholders and what are their relevant needs and expectations.

The following material will provide you information about the interested parties:

- ISO 9001 – How t o determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
- Understanding needs & expectations of interested parties in ISO 9001:2015 - https://advisera.com/9001academy/blog/2017/10/24/understanding-needs-expectations-of-interested-parties-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Internal audit for different locations
Site1: all the org units present (sales, hr, sw dev, qa, IT and so on)
Site2: 2 org units present (only sw dev and qa present)
Site3: 2 org units present (only IT and sales present)
As in scope we have all the sites, entities and units defined shall we conduct audit for all the org units per site in above scenario even they are not present at site? HR and IT I understand that we need to audit from site perspective but how about SW dev, QA as there is no relation to site 3 at all?"

Answer:

You don´t need to perform internal audit for those units that are not present in a site. For instance, in site 3 you will carry out an internal audit which includes IT and sales, but you don´t need to include sv dev as it is not present at that site. What is really important is that in the internal audit you cover all the requirements that apply to the entire scope of your organization and you clearly define the products and services offered by the different entities.

To learn more abot the scope of the organization, see this article - Certifying different legal entities under one certification scope in ISO 9001: https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/

These materials can help you to learn more about ISO 9001:2015 implementation:

- Book "Discover ISO 9001:2015 through practical examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Conformio - Compliance tool: https://advisera.com/conformio/
Procedimiento para abordar riesgos

Respuesta:

En primer lugar, debe saber que la nueva norma no requiere de un procedimiento para abordar los riesgo y oportunidades. Sin embargo, su organización puede decidir redactar un procedimiento que debería contener las actividades siguientes:

- Identificación de los riesgos y las oportunidades - Esto debe realizarse en un modo sencillo, por ejemplo organizando la sesión de reunión de tormenta de ideas y realizando un análisis de FODA (fortalezas, oportunidades, debilidades, amenazas) con los empleados relevantes de su empresa.
- Determinación del nivel de impacto de los riesgos, que puede ir desde bajo impacto a alto impacto.
- Planificación de las acciones para abordar los riesgos y oportunidades. Estas acciones pueden ir desde la evitar de los riesgos hasta asumirlos.
- Evaluación de la efectividad de las acciones tomadas

Para obten er más información acerca de cómo escribir un procedimiento para abordar los riesgos y las oportunidades ¡, vea este artículo - ¿Requiere ISO 9001 un procedimiento para tratar riesgos y oportunidades?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/#

Puede descargar la vista previa gratuita de nuestro procedimiento para abordar los riesgos y las oportunidades aquí: https://advisera.com/9001academy/documentation/procedure-for-addressing-risks-and-opportunities/

Estos materiales pueden ayudarle a aprender más acerca de la ISO 9001: 2015 implementation:
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio - Herramienta de cumplimiento en línea: https://advisera.com/conformio/
EU GDPR requirements for US based company

Answer: Not really, as long as you are processing data of individuals in the European Union the EU GDPR is applicable.

To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//)
Finding vs nonconformity

Answer:

An audit finding is the result of comparing the collected audit evidence with the audit criteria. Audit findings can indicate either conformity or nonconformity.

The following material will provide you information about audit findings:

- ISO 9001 – How to deal with nonconformities in an ISO 9001 certification audit - https://advisera.com/9001academy/blog/2015/06/09/how-to-deal-with-nonconformities-in-an-iso-9001-certification-audit/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Legitimate interest

Can you advise on that? If not, can you point us to an expert on marketing and legitimate interest?

Answer: Legitimate interest can be used for marketing but only under specific circumstances . If you intend to process personal data for the purposes of direct marketing by electronic means (by email, text, automated calls etc) legitimate interests may not always be an appropriate basis for processing. This is because the e-privacy laws on electronic marketing – currently the Privacy and Electronic Communications Regulations (PECR) – require that individuals give their consent to some forms of electronic marketing.

To learn more about marketing practices and the EU GDPR check out our webinar “How GDPR Affects Marketing Practices”. (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/).
DPA in EU
1. In order to exchange personal data between a EU based company and a Japanese one acting as a separate controller you need to comply with the requirements for cross border data transfer. Most used of such safeguards is the use of Controller to Controller Standard Contractual Clauses.
To learn more about cross border data transfers check out our webinar “How to make personal data transfers to other countries compliant with GDPR” (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/).

2. Notifying the Japanese Supervisory authority is subject to Japan`s local legal requirements in terms of data protection. The relation between you and the other controller needs to be established in the contract that you have with the European entity.
Needed procedures

Answer:

ISO 9001:2015 has no mandatory procedures. Please check clause 4.4.2 a), if your organization believes that a Preventive Maintenance Procedure is needed then you should develop and maintain it, but it is up to you to decide.

The following material will provide you information about the procedure requirements:

- ISO 9001 – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Keeping personal data of clients

Answer: This is true. The data cannot be kept for longer than is necessary for the purpose it was collected for. However, you can relay on consent and ask your customers if they agree that you keep their data for longer.

To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//)
Cómo abordar los riesgos en ISO 9001

Respuesta:

Para abordar de manera efectiva los riesgos de su organización, primero debe identificar correctamente los riesgos. Puede hacerlo utilizando un enfoque simple, es decir, organizando una sesión de lluvia de ideas con las personas relevantes de su organización y realizando un análisis pormenorizado. Una vez que se hayan identificado los riesgos, deberá planificar las acciones para abordar esos riesgos. Estas acciones deben ser proporcionales al impacto potencial de los riesgos en la conformidad del producto o servicio, y van desde evitar un riesgo a aceptar un riesgo. No existe un proceso formal para llevar a cabo este seguimiento y control de riesgos, el estándar solo requiere que las organizaciones identifiquen los riesgos y oportunidades y tomen acciones, y tampoco es necesario que usted lo documente.

Para obtener más información sobre los riesgos en ISO 9001: 2015, consulte estos artículos (en inglés):

- How to address risks and opportunities in ISO 9001: https://advisera.com /9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Does ISO 9001 require a procedure for addressing risks and opportunities? -https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/

Además estos materiales pueden ayudarle con la implementación de ISO 9001:2015:

- Libro"Descubre ISO 9001:2015 mediante ejemplos prácticos" (en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015 : https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
- Conformio - herramienta de cumplimiento en línea: https://advisera.com/conformio/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11269 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Interested parties management

Internal audit for different locations

Procedimiento para abordar riesgos

EU GDPR requirements for US based company

Finding vs nonconformity

Legitimate interest

DPA in EU

Needed procedures

Keeping personal data of clients

Cómo abordar los riesgos en ISO 9001

Didn’t find an answer?