Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
10 days period
Answer:
The 10 days period is just a suggestion which we considered to be reasonable considering that you roughly have 30 days to provide an answer to the data subject.
To learn more about data subject rights check out our webinar “ Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/). -
Controller and Processor sheet
Name of the registration related to IT / System / Software / paper document (means the software used in the PC of each our Employee)? Is there a precompiled guide regarding this attachment?
Answers:
1. Both sheets need to be filled in as most likely it you are a company established in the EU you will be having processing activities for which you are acting as controller such as HR related activities (recruitments, onboarding, HR administration) as well as activities where you are acting as a processors for instance if you are a company providing IT maintenance for a another company (controller) and while doing that you are having access to the controller's personal data.
2. That particular column should filled in with either the System that is processing the personal data for a specific processing activity or the processing activity itself (see the examples regarding HR) this is because there may be several processing activities that do not rely on an I system (e.g. resisting the visitors, or training attendance lists).
To learn more about the EU GDPR check out our “EU GDPR Foundation Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Register of Privacy Notices
Answer:
There are several notices that can be included in there such as: website privacy notice, employee privacy notice, recruitment privacy notice, visitors privacy notice, etc.
To find out more about privacy notices check out our webinar “Privacy Notices under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/) -
Certification scope and international activities
Answer:
As far as I understand your question I do not see certification scopes mentioning a list of all markets where organizat ions work. In case of doubt you can contact your certification body and ask them their opinion.
The following material will provide you information about certification scope:
- ISO 9001 – Certifying different legal entities under one certification scope in ISO 9001 - https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
- How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Template comment
This comment says that you can choose whether or not to display the confidentiality level in the header of your documents. If you choose to do so, in the Statement of Applicability you have to mark control A.8.2.1 (Classification of information) as applicable. If you choose not to, you have to mark this control as not applicable in the Statement of Applicability.
As a justification for the application of the control in the Statement of Applicability document, you state unacceptable risks, laws or contractual clauses.
These articles will provide you further explanation about ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- The basic logic of ISO 27001: How does information se curity work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding ISO 27001: - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Involvement of corporation
Answer:
I worked with a company that was certified last January, the company is Portuguese and located in Portugal, but is owned by a Danish company. The quality policy was approved by Danish top management and one of their members attended the management review. I believe that this involvement should be dictated by the characteristics of each case. I recommend you to contact your certification body and ask them this question. -
Certification as a requirement to sell
Answer:
This already happens in Europe for many mature products, if you want to manufacture and sell in Europe toys, reinforced concrete beams or fridges you have to have a CE marking.
I believe that your question has a design problem: if you are speaking about an idea for a product, are you speaking about an idea for a new, an innovative product, a new category? In that case, I do not believe that any customer or government would require ISO 9001 as a pre-condition to be in the market. I already worked with companies that launched innovative construction materials in Europe without CE marking because there were no standards approved. Customers can demand anything, but I know no case where governments require ISO 9001 certification to be able to operate in the market.
The following material will provide you information about ISO 9001:
- “What is ISO 9001?” Are you looking for a simple answer to this question? - https://advisera.com/9001academy/what-is-iso-9001/ -
Addendum
If you are a data processor most likely you will receive Processor Addendums from the controllers which you will have to negotiate and sign. On the other hand if you are using sub-processors you will need to have a processor to sub-processor Processor Addendum between you and your sub processors. -
Planning employees' succession
Answer:
In a certain way both clauses 7.1.6 and 7.2 require that an organization acts when a new employee starts working and/or an experienced employee is going to change of function and we do not want to lose relevant knowledge.
The following material will provide you information about organizational knowlege:
- ISO 9001 – How to manage knowledge of the organization according to ISO 9001 - https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Context example
Answer:
Unfortunately, I have no personal experience with that kind of manufacturing. Nevertheless, let me try to help.
About internal issues:
* what are the main concerns that recurrently appear on production, or quality or commercial meeting, for example. Downtime? Delivery delays? Absenteeism? Defects?
* What are the main opportunities that recurrently appear on the same meetings: Cycle time reduction? Six sigma projects? New raw materials that increase yield?
About external issues: I like to use the PESTEL framework
* New legislation that will demand increased performance for valves that work with VOCs
* Positive economic sentiment is increasing the demand of commodities and new plants are on the way
* More and more concern from society with the protection of workers
* New materials and new technologies can be used in the manufacturing of new generation of valves
You do not need to make things difficult or complex, be simple, be prac tical.
The following material will provide you information about context determination:
- ISO 9001 – How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/