Search results

Home / Search

Category:
Select
Select

11278 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Customer telephone acquisition


    Answer:

    Nothing has changed as regards to company related information. However, things may change as of 2019 when a new ePrivacy Regulation may be coming into force.

    To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • ISO 27001 and PCI DSS


    I just need to confirm, can I use ISO 27001 policy tool kit to develop PCI DSS policies?

    Answer: We're not experts in PCI DSS, but generally we recommend ISO 27001 documentation toolkit as a way to contribute to achieve PCI compliance, because PCI-DSS has some requirements that can be fulfilled by ISO 27001 controls from Annex A, such as access control policy, back up policy, etc.

    These articles will provide you further explanation about PCI DSS and ISO 27001:
    - PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences https://advisera.com/27001academy/knowledgebase/pci-dss/
    - PCI-DSS vs. ISO 27001 Part 2 – Implementation and Certification https://advisera.com/27001academy/knowledgebase/pci-dss/

    These materials will also help you regarding ISO 27001 implementation:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.c om/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Toolkit content


    Answer: If you want to fulfil only ISO 27001 requirements regarding information security continuity, then you should consider using the Disaster Recovery Plan template, located on folder 08 Annex A A.17 Business Continuity 04 Business Continuity Plan, instead of the Business Continuity Plan template.

    This template alone will be enough to cover all the requirements of ISO 27001.

    This article will provide you further explanation about information security continuity:
    - How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

    These materials will also help you regarding information security contin uity:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • withdrawing consent related to delivery (email&phone nr) in Germany

    I am not an expert in German language, but I could not find any reference in the DSGVO for asking consent for sending the data to processors. You should only inform the data subject about the fact you may transfer data to a third party as per EU GDPR art. 13 requirements - Information to be provided where personal data are collected from the data subject https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/

    You can get more insight on privacy notices from our webinar “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinars/

  • Data subject consent form


    Answer:

    Because I assume your pupils are minors the Parental Consent Form https://advisera.com/eugdpracademy/documentation/parental-consent-form/ would be more suitable. Because the consent needs to be informed you need to use a Privacy Notice https://advisera.com/eugdpracademy/documentation/privacy-notice/ to inform the data subjects about what you do with their data.

    To find out more about privacy notices check out our webinar “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinars/

  • GDPR for citizens and residents

    Example: I am Swedish so automatically I am a citizen, I'm not living in any EU country so from that perspective I am not an EU resident. So what is the correct term as the targeted audience is very different.

    Answer:

    The EU GDPR will apply to the processing of personal data of EU data subjects, regardless of whether the processing activities take place in the EU or not. The EU GDPR is also applicable to entities established outside the EU if they offer goods or services to individuals in the Union, or if they monitor the behavior of individuals in the Union (i.e., profiling activities, tracking individuals’ activities on the internet, etc.).

    The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, whil e the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Consequently, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.

    To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Lead auditor - how to become one


    Answer:
    You want to be a lead auditor, for that purpose you should have some work experience, particularly useful will be some experience in the quality area. You should have a course as lead auditor, start performing internal audits and keeping a log of those audits. Then, I advise you to contact certification bodies and ask them what are their requirements to be a certification body lead auditor.

    The following material will provide you information about being a lead auditor:

    - ISO 9001 – What does ISO 9001 lead auditor training look like? - https://advisera.com/9001academy/blog/2020/04/10/how-to-become-an-iso-9001-lead-auditor/
    - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • HR Operation and risk approach


    Answer:

    I look to risk as the effect of uncertainty on an expected result. That effect can be positive or negative, if positive it is an opportunity, if negative it is a risk. So, I would start by listing the expected results for the HR Operation, then determine what can happen that help or hinder in meeting those objectives. For example:

    · Discriminatory practices in the company go unnoticed;

    · Hiring wrong candidates;

    · Difficulties in hiring or attracting talented people;

    · Providing unsuitable training;

    · Incorrect logging of working-time;

    · …

    The following material will provide you information about the risk-based approach:

    - ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
    - ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Análisis GAP/manual y plan de calidad/alcance

    Cual es la estructura que se debe seguir para elaborar correctamente un informe de Diagnostico GAP, o solo esta se basa en responder los "DEBES" de la norma?

    El análisis GAP no sólo está basad en responder los"debes", es decir, los requisitos obligatorios, sino en todos los requisitos de la organización, incluidos aquellos que "debería" y "podría" abordar.
    Para saber más sobre como utilizar el análisis GAP en ISO 9001:2015, vea este artículo - ¿Debería usar un análisis GAP en su implementación ISO 9001? (disponible en inglés): https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
    Aquí p uede encontrar una herramienta gratuita de análisis GAP: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

    Se debe elaborar un manual de calidad en ISO 9001:2015?

    El manual de calidad no se trata ya de un requerimiento obligatorio en ISO 9001:2015. Sin embargo, puede ser utilizado como un documento donde la organización se presente a sí mismo, sus sistema de gestión de calidad, e incluso su manera de pensar y enfoque con respecto a la gestión de calidad.
    Puede encontrar más información sobre el manual de calidad en este artículo - El futuro del manual de calidad en la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/el-futuro-del-manual-de-calidad-en-la-iso-90012015/

    Cual es la estructura para elaborar un plan de calidad?

    Un manual de calidad debería que contener los siguientes elementos:
    - Objetivos que deben alcanzarse
    - Pasos en los procesos que constituyen la práctica operativa o los procedimientos de la organización
    - Asignación de responsabilidades, autoridad y recursos durante las diferentes fases del proceso o proyecto
    - Estándares, prácticas, procedimientos e instrucciones específicos documentados para ser aplicados
    - Programas adecuados de prueba, inspección, examen y auditoría en la etapa apropiada
    - Un procedimiento documentado para cambios y modificaciones en el plan de calidad a medida que se mejora el proceso
    - Un método para medir el logro de los objetivos de calidad
    - Otras acciones necesarias para cumplir los objetivos
    Para saber más sobre el plan de calidad de ISO 9001, vea - Aprovechar al máximo el Plan de calidad ISO 9001: https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/

    Se certifican procesos o actividades en la ISO 9001:2015? Se puede en una universidad certificar solo las actividades que comprender el proceso de servicio educativo? o como seria un ejemplo de alcance si quisiera certificar solo el servicio educativo de una universidad nacional?

    Puede determinar la extensión del alcance de QMS para su organización, incluyendo la totalidad de la organización, o funciones específicas identificadas de la organización, o secciones específicas identificadas de la organización o una o más funciones dentro de un grupo de organizaciones. En consecuencia, una universidad podría certificar sólo aquellas actividades que comprenden el proceso de servicio educativo.
    Para saber más sobre el alcance de ISO 9001:2015, vea - Cómo definir el alcance del SGC de acuerdo a la ISO 9001:2015 https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-definir-el-alcance-del-sgc-de-acuerdo-a-la-iso-90012015/
    Estos materiales pueden ayudarle con la implementación de ISO 9001:2015:
    - Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos" (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Curso de Fundamentos ISO 9001:2015: https://advisera.com/training/iso-9001-foundations-course/
    - Conformio - Herramienta de cumplimiento en línea: https://advisera.com/conformio/
Page 735-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +