Search results

Home / Search

Category:
Select
Select

11278 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • EMS Awareness


    Answer:

    You know when your employees are aware of the EMS if they:

    - Conform to the environmental policy as well as different procedures, work instructions, etc.
    - Understand which are the significant environmental aspects and the potential impacts
    - Know their roles and responsibilities to achieve conformity
    - Understand the consequences of not following the different procedures, work instructions, etc.

    You can conduct surveys amongst your employees in order to measure EMS awareness. This will give you an idea of their awareness level and if you detect any gaps between the reality and the company´s expectations the organization can perform new awareness sessions.

    To learn more about EMS awareness, see this article - ISO 14001 Competence, training & awareness: Why are they important for your EMS?

    https://advisera.com/14001academy/blog/2014/11/26/iso-14001-competence-training-awareness-important-ems/

    These materials can also help you with the implementation of ISO 14001:2015:

    - Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
    - ISO 14001:2015 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/
    - Conformio - Compliance tool: https://advisera.com/conformio/

  • ISO 9001 and Lean


    Answer:

    ISO 9001 does not require an immaculate workplace per se. Normally, companies with an immaculate workplace have customer requirements or process requirements about workplace environment very demanding. For example, I worked for a printed circuit board company that had to keep some areas very clean to avoid dust that would contaminate copper circuits generating shorts circuits.
    Companies with those requirements, usually follow programs based on Japanese techniques like Lean.

    The following material will provide you information about ISO 9001 and ISO vs Lean:

    - ISO 9001 – ISO 9001 vs. Lean: How they compare and how they are different - https://advisera.c om/9001academy/blog/2014/07/22/iso-9001-vs-lean-compare-different-2/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Clause 8.6 in ISO 9001:2015


    Answer:

    The standard states that organizations have to ensure they meet the requirements specified in clause 8.6 for the release of products ans services. When planning the arrangements to verify these requirements you don´t need to set all at the end intead you can split up the requirements at different stages. In many organizations verification activities are planned and executed at each process step in order to assure that every operation is effectively performed. This means that you can establish the required requirements at every production stage to make sure the organization´s release of products and services complies with ISO 9001:2015.

    To learn more about clause 8.6, see - ISO 9001 requirements for the release of the product or service:
    https://advisera.com/9001academy/blog/2017/03/28/iso-9001-requirements-for-the-release-of-the-product-or-service/

    These materials can also help you with the implementation o f ISO 9001:2015:

    - Book "Discover ISO 9001:2015 through practical examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
    - Conformio - Compliance tool: https://advisera.com/conformio/

  • Internal audit


    Answer:

    The purpose of an internal audit is to assess the level of compliance of your EMS with ISO 14001 requirements. Therefore, when you conduct an internal audit you need to ensureto include all the standard requirements that apply to your company. Regarding the audit frequency, a company can decide for themselves how long is the cycle (usually 1 year or 3 years). The organization can also decide if performing the audit of the entire EMS at one time o to breaking it down into different elements for more frequent audits.

    These materials can also help you with the implementation of ISO 9001:2015:

    - Article - Creating an ISO 14001 Internal audit plan: https://advisera.com/14001academy/blog/2017/01/16/creating-an-iso-14001-internal-audit-plan/
    - Article - Inter nal Audits in the EMS: five main steps: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/?icn=free-knowledgebase-14001&ici=top-internal-audits-in-the-ems-five-main-steps-txt /> - Book ISO internal audit: a plain English guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 14001:2015 Internal Auditor Course: https://advisera.com/training/iso-14001-internal-auditor-course/
    - Conformio - Compliance tool: https://advisera.com/conformio/

  • GDPR legal basis for online card payments


    Answer:

    For card payment the legal basis for processing the “contract obligation” since there is a contract (although not a written one) between the individual initiating the payment and the company that facilitates the card payment. Also, the company facilitating the card payment may continue to process data based on “legal requirements” as well if such legal requirements exist.

    To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Cookies

    Cookies are regulated by the ePrivacy directive which requires you to inform the website visitors about the cookies which their website uses. There is a duty to inform not to get the consent, however the website owner needs to mention how can the browser be set not to accept cookies, so it works similar to a “opt out consent”.

    If you choose to use consent to process the personal data collected via cookies you need to follow the requirements of consent meaning that it needs to be freely given, specific, informed and unambiguous indication of the individual’s wishes, so, opt out (pre-ticked boxes are not allowed).

    To learn more about consent check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Data processing agreement

    If your accountant is not your employee the answer would be yes.

  • Information Transfer Procedure


    I would like to know if you have any advice on best template to use in developing an Information Transfer Procedure.

    Answer: The "Operating Procedures for Information and Communication Technology" template included in your toolkit already cover the guidance and recommendations from control A.13.2.1 (Information transfer policies and procedures), so you can use this template to implement information transfer procedures, or adapt the document to your needs.

    This template can be found on folder 08 Annex A A.12 Operations security

  • ISO 27018


    Answer: ISO 27018 provides guidance and recommendations to protect personally identifiable information, so if your services involve your customers personal data, or personal data from their customers, then probably this standard is applicable to you. To determine that you should verify your customers requirements and the laws and regulations applicable to your business.

    This article will provide you further explanation about ISO 27018:
    - ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

  • Risk assessment and SoA


    If I have a risk assessment documented already must I document the risks in the SOA as well?

    Answer: The Statement of Applicability is required by ISO 27001 clause 6.1.3 d), so it is needed for certification purposes. In fact, it is one of the main documents used by the auditor during an audit.

    Although important to the SoA to justify the applicability of controls, there is no need to document risks in the SoA. In such cases you can simply refer to the risks identifiers used on the risk assessment document (e.g., "control applicable to treat risks identified by numbers 12 and 34 in the risk assessment).

    These article will provide you further explanation about mandatory documents and SoA:
    - List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/ dgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
    - The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

    These materials will also help you regarding mandatory documents and SoA:
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 732-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +