Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11278 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Internal audit for different locations
Site1: all the org units present (sales, hr, sw dev, qa, IT and so on)
Site2: 2 org units present (only sw dev and qa present)
Site3: 2 org units present (only IT and sales present)
As in scope we have all the sites, entities and units defined shall we conduct audit for all the org units per site in above scenario even they are not present at site? HR and IT I understand that we need to audit from site perspective but how about SW dev, QA as there is no relation to site 3 at all?"
Answer:
You don´t need to perform internal audit for those units that are not present in a site. For instance, in site 3 you will carry out an internal audit which includes IT and sales, but you don´t need to include sv dev as it is not present at that site. What is really important is that in the internal audit you cover all the requirements that apply to the entire scope of your organization and you clearly define the products and services offered by the different entities.
To learn more abot the scope of the organization, see this article - Certifying different legal entities under one certification scope in ISO 9001: https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
These materials can help you to learn more about ISO 9001:2015 implementation:
- Book "Discover ISO 9001:2015 through practical examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Conformio - Compliance tool: https://advisera.com/conformio/ -
Procedimiento para abordar riesgos
Respuesta:
En primer lugar, debe saber que la nueva norma no requiere de un procedimiento para abordar los riesgo y oportunidades. Sin embargo, su organización puede decidir redactar un procedimiento que debería contener las actividades siguientes:
- Identificación de los riesgos y las oportunidades - Esto debe realizarse en un modo sencillo, por ejemplo organizando la sesión de reunión de tormenta de ideas y realizando un análisis de FODA (fortalezas, oportunidades, debilidades, amenazas) con los empleados relevantes de su empresa.
- Determinación del nivel de impacto de los riesgos, que puede ir desde bajo impacto a alto impacto.
- Planificación de las acciones para abordar los riesgos y oportunidades. Estas acciones pueden ir desde la evitar de los riesgos hasta asumirlos.
- Evaluación de la efectividad de las acciones tomadas
Para obten er más información acerca de cómo escribir un procedimiento para abordar los riesgos y las oportunidades ¡, vea este artículo - ¿Requiere ISO 9001 un procedimiento para tratar riesgos y oportunidades?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/#
Puede descargar la vista previa gratuita de nuestro procedimiento para abordar los riesgos y las oportunidades aquí: https://advisera.com/9001academy/documentation/procedure-for-addressing-risks-and-opportunities/
Estos materiales pueden ayudarle a aprender más acerca de la ISO 9001: 2015 implementation:
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio - Herramienta de cumplimiento en línea: https://advisera.com/conformio/ -
EU GDPR requirements for US based company
Answer: Not really, as long as you are processing data of individuals in the European Union the EU GDPR is applicable.
To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//) -
Finding vs nonconformity
Answer:
An audit finding is the result of comparing the collected audit evidence with the audit criteria. Audit findings can indicate either conformity or nonconformity.
The following material will provide you information about audit findings:
- ISO 9001 – How to deal with nonconformities in an ISO 9001 certification audit - https://advisera.com/9001academy/blog/2015/06/09/how-to-deal-with-nonconformities-in-an-iso-9001-certification-audit/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Legitimate interest
Can you advise on that? If not, can you point us to an expert on marketing and legitimate interest?
Answer: Legitimate interest can be used for marketing but only under specific circumstances . If you intend to process personal data for the purposes of direct marketing by electronic means (by email, text, automated calls etc) legitimate interests may not always be an appropriate basis for processing. This is because the e-privacy laws on electronic marketing – currently the Privacy and Electronic Communications Regulations (PECR) – require that individuals give their consent to some forms of electronic marketing.
To learn more about marketing practices and the EU GDPR check out our webinar “How GDPR Affects Marketing Practices”. (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/). -
DPA in EU
1. In order to exchange personal data between a EU based company and a Japanese one acting as a separate controller you need to comply with the requirements for cross border data transfer. Most used of such safeguards is the use of Controller to Controller Standard Contractual Clauses.
To learn more about cross border data transfers check out our webinar “How to make personal data transfers to other countries compliant with GDPR” (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/).
2. Notifying the Japanese Supervisory authority is subject to Japan`s local legal requirements in terms of data protection. The relation between you and the other controller needs to be established in the contract that you have with the European entity. -
Needed procedures
Answer:
ISO 9001:2015 has no mandatory procedures. Please check clause 4.4.2 a), if your organization believes that a Preventive Maintenance Procedure is needed then you should develop and maintain it, but it is up to you to decide.
The following material will provide you information about the procedure requirements:
- ISO 9001 – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Keeping personal data of clients
Answer: This is true. The data cannot be kept for longer than is necessary for the purpose it was collected for. However, you can relay on consent and ask your customers if they agree that you keep their data for longer.
To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//) -
Cómo abordar los riesgos en ISO 9001
Respuesta:
Para abordar de manera efectiva los riesgos de su organización, primero debe identificar correctamente los riesgos. Puede hacerlo utilizando un enfoque simple, es decir, organizando una sesión de lluvia de ideas con las personas relevantes de su organización y realizando un análisis pormenorizado. Una vez que se hayan identificado los riesgos, deberá planificar las acciones para abordar esos riesgos. Estas acciones deben ser proporcionales al impacto potencial de los riesgos en la conformidad del producto o servicio, y van desde evitar un riesgo a aceptar un riesgo. No existe un proceso formal para llevar a cabo este seguimiento y control de riesgos, el estándar solo requiere que las organizaciones identifiquen los riesgos y oportunidades y tomen acciones, y tampoco es necesario que usted lo documente.
Para obtener más información sobre los riesgos en ISO 9001: 2015, consulte estos artículos (en inglés):
- How to address risks and opportunities in ISO 9001: https://advisera.com /9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Does ISO 9001 require a procedure for addressing risks and opportunities? -https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
Además estos materiales pueden ayudarle con la implementación de ISO 9001:2015:
- Libro"Descubre ISO 9001:2015 mediante ejemplos prácticos" (en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015 : https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
- Conformio - herramienta de cumplimiento en línea: https://advisera.com/conformio/ -
Auditor interno da ISO 9001
Resposta:
Você não precisa ter um certificado de auditoria interna para se tornar um auditor interno, apenas experiência em ISO 9001 e auditoria. Não há requisitos obrigatórios na ISO 9001 para se tornar um auditor interno, mas certas habilidades, competências e qualificações podem ajudar uma pessoa a trabalhar como auditor interno. Uma combinação de conhecimento do processo interno da ISO 9001: 2015 e atenção aos detalhes permanecem os principais atributos.
Estes materiais podem ajudá-lo a aprender mais sobre auditorias internas:
- Curso de auditor interno da ISO 9001: 20 15: https://advisera.com/training/iso-9001-internal-auditor-course/
- Livro - auditoria interna ISO - um guia simples: https://advisera.com/books/iso-internal-audit-plain-english-guide/