Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11289 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Acquiring auditor experience
Answer: The best option would be for you to find a mentor in your organization's audit team, not necessarily in ISO 27001, but in audit methods and techniques (of course, if he/she masters ISO 27001 even better). By becoming part of his/her audit team you can start getting experience. If such person is not available in your organization then you should search for them in professional social networks or websites (people recognized by their peers as good coaches/mentors). With this second option you should take care when sharing information (focus on the general s ituation without details). Another alternative is to try to contact certification bodies and ask if you can participate as a trainee in their audits (this alternative is not always available).
This article will provide you further explanation about becoming an auditor:
- How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/ -
Exclusions vs non-applicability
Answer:
ISO 9001:2015 does not allow exclusions. If design clause is not applicable you only need to state that it is not applicable.
The following material will provide you information about the scope:
- ISO 9001 – What clauses can be excluded in ISO 9001:2015? – https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- How to define the scope of the QMS according to ISO 9001:2015 – https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Flujogramas en ISO 9001
Respuesta:
Este whitepaper puede ayudarle a crear un flujograma para ISO 9001:
- Cómo crear un flujograma en ISO 9001 (disponible en inglés): https://info.advisera.com/9001academy/free-download/how-to-create-an-iso-9001-process-flowchart
Además estos materiales le ayudarán con la implementación de ISO 9001:
- Libro - Descubre ISO 9001:2015 mediante ejemplos prácticos (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Notification to data subject
Answer:
According to the EU GDPR art. 13 – “Information to be provided where personal data are collected from the data subject” (https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/) the privacy notice which should include information about cross border transfers or using a third party processor and it should be provided to the data subject “at the time when personal data are obtained” so it should be, at least for new processing activities, before the actual transfer.
To find out more about privacy notices check out our webinar “Privacy Notices Under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/ -
Data Subject Rights under the EU GDPR
Answer:
The documents can be used to deal with all DSARs not only the right of access to personal data. There is no need for different processes or procedures to be set in place.
To find out more about DSARs please check out our webinar “Data Subject Rights under the EU GDPR” https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/ -
Template for geolocation data
Answer:
The EU GDPR Documentation Toolkit contains a draft “Privacy Notice” that you need to provide to the data subjects whose data are being processed regardless if you process CCTV footage or geolocation data. The same rules set up by article 13 – “Information to be provided where personal data are collected from the data subject” https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/ apply.
To find out more about privacy notices check out webinar “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/ -
BCMS scope
You can always sent your doubts to our Free Consultation Page at this link: https://advisera.com/27001academy/consultation/
From there, not only me but other ISO 22301 experts can help you with your project.
To make your effort easier and have access to even more specialized support, I suggest you to take a look at our ISO 22301 implementation toolkit at this link: https://advisera.com/27001academy/iso22301-documentation-toolkit/ -
Where to start from
Answer:
Usually you would start the implementation effort as any other project and you will find our article “9 steps for implementing GDPR “ https://advisera.com/articles/9-steps-for-implementing-gdpr/ quite helpful pointing you into the right direction. -
Elaboración de mapa de procesos
Respuesta:
Puede incluir subprocesos en su mapa de procesos, por ejemplo, un proceso muy complejo puede dividirse en dos o más procesos menos complejos, por lo que se recomienda identificar primero los macroprocesos, luego los procesos y finalmente los subprocesos . Solo asegúrese de que su mapa de procesos represente simple y efectivamente la secuencia y las interacciones de los procesos de su organización. También tenga en cuenta que un mapa de proceso no debería ser tan complejo como para que sus empleados no lo entiendan.
Para obtener más información sobre el enfoque de procesos, vea - ISO 9001: La importanca del enfoque de procesos (disponible en inglés): https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
Estos materiales pueden ayudarle también con la implementación de ISO 9001:2015:
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos" (disponible en inglés): htt ps://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio - Herrramienta en línea de cumplimiento: https://advisera.com/conformio/ -
Rejection periods
Answer:
If by “rejection periods” you refer to retention periods the EU GDPR is not very concise on this topic and it only states that personal data is not to be processed “longer than is necessary for the purposes for which the personal data are processed”. So, basically is the duty of every controller to establish these periods also considering some of the mandatory retention periods established by Member States in certain areas
Such mandatory retention periods can be found for example in labor law or tax law and they may vary from country to country so this needs to be checked on a case by case basis.
To learn more about privacy retention periods check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//