Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Certification scope and international activities
Answer:
As far as I understand your question I do not see certification scopes mentioning a list of all markets where organizat ions work. In case of doubt you can contact your certification body and ask them their opinion.
The following material will provide you information about certification scope:
- ISO 9001 – Certifying different legal entities under one certification scope in ISO 9001 - https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
- How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Template comment
This comment says that you can choose whether or not to display the confidentiality level in the header of your documents. If you choose to do so, in the Statement of Applicability you have to mark control A.8.2.1 (Classification of information) as applicable. If you choose not to, you have to mark this control as not applicable in the Statement of Applicability.
As a justification for the application of the control in the Statement of Applicability document, you state unacceptable risks, laws or contractual clauses.
These articles will provide you further explanation about ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- The basic logic of ISO 27001: How does information se curity work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding ISO 27001: - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Involvement of corporation
Answer:
I worked with a company that was certified last January, the company is Portuguese and located in Portugal, but is owned by a Danish company. The quality policy was approved by Danish top management and one of their members attended the management review. I believe that this involvement should be dictated by the characteristics of each case. I recommend you to contact your certification body and ask them this question. -
Certification as a requirement to sell
Answer:
This already happens in Europe for many mature products, if you want to manufacture and sell in Europe toys, reinforced concrete beams or fridges you have to have a CE marking.
I believe that your question has a design problem: if you are speaking about an idea for a product, are you speaking about an idea for a new, an innovative product, a new category? In that case, I do not believe that any customer or government would require ISO 9001 as a pre-condition to be in the market. I already worked with companies that launched innovative construction materials in Europe without CE marking because there were no standards approved. Customers can demand anything, but I know no case where governments require ISO 9001 certification to be able to operate in the market.
The following material will provide you information about ISO 9001:
- “What is ISO 9001?” Are you looking for a simple answer to this question? - https://advisera.com/9001academy/what-is-iso-9001/ -
Addendum
If you are a data processor most likely you will receive Processor Addendums from the controllers which you will have to negotiate and sign. On the other hand if you are using sub-processors you will need to have a processor to sub-processor Processor Addendum between you and your sub processors. -
Planning employees' succession
Answer:
In a certain way both clauses 7.1.6 and 7.2 require that an organization acts when a new employee starts working and/or an experienced employee is going to change of function and we do not want to lose relevant knowledge.
The following material will provide you information about organizational knowlege:
- ISO 9001 – How to manage knowledge of the organization according to ISO 9001 - https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Context example
Answer:
Unfortunately, I have no personal experience with that kind of manufacturing. Nevertheless, let me try to help.
About internal issues:
* what are the main concerns that recurrently appear on production, or quality or commercial meeting, for example. Downtime? Delivery delays? Absenteeism? Defects?
* What are the main opportunities that recurrently appear on the same meetings: Cycle time reduction? Six sigma projects? New raw materials that increase yield?
About external issues: I like to use the PESTEL framework
* New legislation that will demand increased performance for valves that work with VOCs
* Positive economic sentiment is increasing the demand of commodities and new plants are on the way
* More and more concern from society with the protection of workers
* New materials and new technologies can be used in the manufacturing of new generation of valves
You do not need to make things difficult or complex, be simple, be prac tical.
The following material will provide you information about context determination:
- ISO 9001 – How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Warning notice in email containing personal data
Answer:
There is no requirement for such “warning notices” in emails. The EU GDPR only speaks about privacy notices that need to be provided to the data subjects by data controllers.
To find out more about privacy notices check out our webinar “Privacy Notices under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/) . -
ISO 27001 certification
Answer: ISO 27001 can't certify a website. The ISO 27001 certification is applicable to processes, locations or information related to the website. For example:
- The development and maintenance processes related to the website
- The physical location from where website is accessed
- The information published on the website
Considering that, broadly speaking, an organization has to:
- Define and document a scope based on the needs and expectations of interested parties relevant to information security
- Define, document and communicate an information security policy
- Define roles and responsibilities relevant to operation and management of information security
- Define a risk assessment and treatment methodology
- Define and allocate competencies and resources for the operation and management of information security
- Implement risk assessment and risk treatment
- Operate the security controls and generate the necessary records
- Measure, monitor and evaluate th e information security performance
- Implement corrections and improvements
To increase chances of success, it is important that persons involved have experience in project management and knowledge of the standard.
These articles will provide you further explanation about ISO 27001:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
2 - What kind of standard procedures we have to follow. Please let me know.
Answer: ISO 27001 has a set of documents and records that you need to produce if you want to be compliant with the standard such as:
- Scope of the ISMS (clause 4.3)
- Information security policy and objectives (clauses 5.2 and 6.2)
- Risk assessment and risk treatment methodology (clause 6.1.2)
For a complete list, please access this article: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
These materials will also help you regarding ISO 27001 certification:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Video tutorial content
Answer: First of all, thanks for your feedback. We'll verify this situation and answer you as soon as possible.
If you find any other differences between any video tutorial and the templates, please consider the templates, because they are up to date to the current version of the standard.
The "Policy for handling classified information" is now called "Information Classification Policy", and can be found on folder 08 Annex A A.8 Asset management
If you still feel you need more information about this topic, you can schedule a meeting with one of our consultants. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/