Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
HR Operation and risk approach
Answer:
I look to risk as the effect of uncertainty on an expected result. That effect can be positive or negative, if positive it is an opportunity, if negative it is a risk. So, I would start by listing the expected results for the HR Operation, then determine what can happen that help or hinder in meeting those objectives. For example:
· Discriminatory practices in the company go unnoticed;
· Hiring wrong candidates;
· Difficulties in hiring or attracting talented people;
· Providing unsuitable training;
· Incorrect logging of working-time;
· …
The following material will provide you information about the risk-based approach:
- ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
- ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Análisis GAP/manual y plan de calidad/alcance
Cual es la estructura que se debe seguir para elaborar correctamente un informe de Diagnostico GAP, o solo esta se basa en responder los "DEBES" de la norma?
El análisis GAP no sólo está basad en responder los"debes", es decir, los requisitos obligatorios, sino en todos los requisitos de la organización, incluidos aquellos que "debería" y "podría" abordar.
Para saber más sobre como utilizar el análisis GAP en ISO 9001:2015, vea este artículo - ¿Debería usar un análisis GAP en su implementación ISO 9001? (disponible en inglés): https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
Aquí p uede encontrar una herramienta gratuita de análisis GAP: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/Se debe elaborar un manual de calidad en ISO 9001:2015?
El manual de calidad no se trata ya de un requerimiento obligatorio en ISO 9001:2015. Sin embargo, puede ser utilizado como un documento donde la organización se presente a sí mismo, sus sistema de gestión de calidad, e incluso su manera de pensar y enfoque con respecto a la gestión de calidad.
Puede encontrar más información sobre el manual de calidad en este artículo - El futuro del manual de calidad en la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/el-futuro-del-manual-de-calidad-en-la-iso-90012015/Cual es la estructura para elaborar un plan de calidad?
Un manual de calidad debería que contener los siguientes elementos:
- Objetivos que deben alcanzarse
- Pasos en los procesos que constituyen la práctica operativa o los procedimientos de la organización
- Asignación de responsabilidades, autoridad y recursos durante las diferentes fases del proceso o proyecto
- Estándares, prácticas, procedimientos e instrucciones específicos documentados para ser aplicados
- Programas adecuados de prueba, inspección, examen y auditoría en la etapa apropiada
- Un procedimiento documentado para cambios y modificaciones en el plan de calidad a medida que se mejora el proceso
- Un método para medir el logro de los objetivos de calidad
- Otras acciones necesarias para cumplir los objetivos
Para saber más sobre el plan de calidad de ISO 9001, vea - Aprovechar al máximo el Plan de calidad ISO 9001: https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/Se certifican procesos o actividades en la ISO 9001:2015? Se puede en una universidad certificar solo las actividades que comprender el proceso de servicio educativo? o como seria un ejemplo de alcance si quisiera certificar solo el servicio educativo de una universidad nacional?
Puede determinar la extensión del alcance de QMS para su organización, incluyendo la totalidad de la organización, o funciones específicas identificadas de la organización, o secciones específicas identificadas de la organización o una o más funciones dentro de un grupo de organizaciones. En consecuencia, una universidad podría certificar sólo aquellas actividades que comprenden el proceso de servicio educativo.
Para saber más sobre el alcance de ISO 9001:2015, vea - Cómo definir el alcance del SGC de acuerdo a la ISO 9001:2015 https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-definir-el-alcance-del-sgc-de-acuerdo-a-la-iso-90012015/
Estos materiales pueden ayudarle con la implementación de ISO 9001:2015:
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos" (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015: https://advisera.com/training/iso-9001-foundations-course/
- Conformio - Herramienta de cumplimiento en línea: https://advisera.com/conformio/ -
Local government and GDPR
Answer:
Most likely noting, since they are not:
- offering goods or services to individuals in the Union;
- monitoring the behavior of individuals in the Union;
The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
GDPR implications
Answer:
If the you are established in Germany and the personal data is processed in Germany this means that the EU GDPR is applicable because the processing activity is performed “in the Union”.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Code of conduct
Answer:
No there is not and the reason for this is that based on EU GDPR art. 40 (2) - Code of conducts (https://advisera.com/eugdpracademy/gdpr/codes-of-conduct/ ) requirement is “associations and other bodies representing categories of controllers or processors may prepare codes of conduct” and we are none of these.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Project Plan
Answer:
There is so such document in the EU GDPR Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ and usually controllers will approach you with various checklists on their own. However you can use as a reference the “List of documents” in the Toolkit.
To learn more about the EU GDPR che -
GDPR Legitimate Interest Assessment
Answer:
The Legitimate Interest Assessment is not in the toolkit since the EU GDPR does not describe how to perform this assessment so is up to toe company to document and justify when their legitimate interest is not overridden by the rights and freedom of the data subject.
As regards to the Privacy Statement is the same as the Privacy Notice no difference whatsoever.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Collecting CVs
2. We have vendors on EU. And we provide them with personal data -contact details of citizens of EU. Which doc should we sign with them?
Answers:
1. It depends on what the legal basis for processing the CV is, if you choose to rely on consent then you need the consent of the data subject for you to keep the CVs as well as sending them to third parties which may act as controllers as regards to the data in their CVs. However if you rely on “contractual obligation” then you need to provide a Privacy Notice to the individuals which sends you their CVs and in this notice you should provide all the information required by EU GDPR art. 13 - Information to be provided where personal data are collected from the data subject (https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/ )
2. For the vendors which are acting as your processors you need to have in place a Data Processing Agreement/Addendum to regulate the processing activity they are performing on your behalf as well as for compliance with EU GDPR art. 28 – “Processors” (https://advisera.com/eugdpracademy/gdpr/processor/). The relevant document can be found in folder 7 of the EU GDPR Documentation Toolkit and is named “Supplier Data Processing Agreement” -
GDPR in education sector
1- with which SA or LSA their HO has to register? Can be the ICO in UK?
2- If the total number of employees in each of the schools in EU countries is less than 250 (excluding the students), are they obliged to register with their respective Supervisory Authorities?
Answers:
1. Yes, you can register to the ICO since it seems your Head Office is located in UK. (https://ico.org.uk/for-organisations/register/)
2. The registration conditions is subject to local regulations and not the EU GDPR, so you would need to assess the requirements of the Supervisory Authority in Germany and Romania.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Hosting the data
Answer:
There are much more areas to the GDPR then where you host the data. You need to asses your processing activities and to see what is the impact on those as well as the measures you need to take. Some of the actions may be : drafting the necessary privacy notices, setting up your retention period, setting up your data access request processes, etc.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//