Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
AS9100 Control of suppliers
Can the same approach be taken in AS 9100? If we get good parts from Jimbo's CAD-Plating Service does it matter if I went to his shop and filled out a form that says he successfully executed our instructions that were flowed down through our purchase order?
Answer:
As with ISO 9001:2015 the requirements in AS9100 Rev D for control of providers for products, processes and services require that you identify the controls required for the providers. This will be dependent on what is supplied, history, experience, etc. On-site auditing of a supplier is only one method of control that can be put in place for a supplier, as are such things as incoming inspection, testing of incoming parts to verify the data, etc.
So, as you have identified you can use the same thinking for suppliers that you have identified that no on-site auditing is required as a method of control for these suppliers. It is all about how you have identified the controls to be in place (i.e. if your process says you will do on-site audits then you need to do them). The one additional thought from AS9100 Rev D is the need to assess any additional controls that need to be in place to prevent counterfeit parts as applicable to your products and services. An audit may be something that you identify for a supplier to ensure that their systems are adequate to make sure you get what you want, but this is up to you.
For a bit more information see this explanation of AS9100 Rev D: https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d -
The training and awareness program
Art 29: "anyone acting under his authority or under that of the data controller, who has access to personal data cannot process such data if it is not instructed to do so by the data controller"
Art 39: "personal training involved in the treatment and related control activities" In other words, is there a document that we can distribute to the staff in order to satisfy the previous points?
Does the Toolkit include templates that we can use for information treatment to be included on institutional and e-commerce sites?
Answer:
1. The training and awareness program is something each company should be creating by itself taking into account the business of the company as well as the processing activities and the relevant personnel which should be trained. So, this is why we did not include any training materials in the toolkit because we can`t know how det ailed the materials should be to satisfy your needs.
2. The information that you need to put o your e-commerce site is consistent with the information form the “General Data Protection Notice” in the Toolkit. Be aware that e-commerce is regulated by a different act Directive No. 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce), so you should check your local transposition act in your local law.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
QMS and improving performance
Answer:
Implementing a QMS is a first step to establish standardized procedures for running several processes in an organization. For each process establish relevant performance indicators and monitor and evaluate performance regularly. I recommend using quality tools like control charts, Pareto diagrams and histograms to get the most information out of the data. When your organization decides to invest in improving performance it can use quality improvement tools and methods during the PDCA cycle.
The following material will provide you information about QMS improvement:
- ISO 9001 – How to maintain your ISO 9001-based QMS after certification - https://advisera.com/9001academy/31/how-to-maintain-your-iso-9001-based-qms-after-certification/
- How to define Key Performance Indicators for a QMS based on ISO 9001 - https://advisera.com/9001academy/ 24/define-key-performance-indicators-qms-based-iso-9001/
- How to implement the Check phase (performance evaluation) in the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/17/how-to-implement-the-check-phase-performance-evaluation-in-the-qms-according-to-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Gestión del Riesgo y Continuidad de Negocio
Respuesta:
No es necesario que presente un documento de Continuidad de Negocio para demostrar la gestión de riesgos en su organización. Aunque un Plan de Continuidad de Negocio puede ayudarle a reconocer, mitigar y abordar los riesgos de su negocio, ISO 9001:2015 no menciona el Plan de Continuidad de Negocio en la norma.
Lo que ISO 9001:2015 realmente requiere de la organización es demostrar que efectivamente identifica sus riesgos y oportunidades, y que los considera en la planificación del SGC. Pero la norma no dice que sea necesario adoptar un enfoque formal sobre la gestión de riesgos, dejando que la organización decida sobre cómo identificar y gestionar los riesgos y oportunidades que tengan un impacto en el SGC y en los resultados que pretenden alcanzarse.
Para conocer más sobre cómo abordar riesgos y oportunidade s, vea Cómo abordar riesgos y oportunidades en ISO 9001 (disponible en inglés):
https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
Estos materiales pueden ayudarle en la implementación de ISO 9001:2015:
- Libro – Descubre ISO 9001:2015 mediante ejemplos prácticos (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015 : https://advisera.com/training/iso-9001-foundations-course/
- Conformio – Herramienta de cumplimiento en línea : https://advisera.com/conformio/ -
Control y codificación de documentos
Respuesta:
Además de la documentación requerida por ISO 9001:2015, depende de la organización determinar la documentación necesaria para la eficacia del SGC. Cualquier información documentada dentro del SGC necesita ser controlada, incluyendo no sólo la documentación que es obligatoria sino la que no es obligatoria. Si decide incluir esta análisis DODA como parte de una serie de minutas tendrá que controlar dichas minutas, ya que se considerará información documentada. En cuanto a la codificación de los documentos no se trata de algo obligatorio en la norma, por lo que es la organización la que debe decidir qué tipo de documentos van a ser codificados y cuáles no.
Para más información sobre control de documentos y registros, vea el artículo Nuevo enfoque sobre control de documentos y registros en ISO 9001:2015 (disponible en inglés): https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/#
Estos materiales pueden ayudarle en la implementación de ISO 9001:2015:
- Libro - Descubre ISO 9001:2015 mediante ejemplos prácticos (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015 : https://advisera.com/training/iso-9001-foundations-course/
- Conformio - Herramienta de cumplimiento en línea : https://advisera.com/conformio/ -
Supervisory authority
Answer:
If you are established in a EU the Supervisory Authority is the one in the country of establishment. If you are not established in the EU then your Supervisory Authority is the one in which the relevant individuals whose data you are processing are based.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Processor Sub Processor Agreement
I can't say that I understood the example but here it how it should work : the Controller contracts a Processor to perform a certain processing activity and the Processor subcontract it or part of it to a Sub processor.
Basically for a Sub processor to become a Processor would mean that for the Sub processor to have a contract with the Controller. -
GDPR compliance queries
1) What is the basis on which we can declare that we are GDPR compliant?
2) What is the method of self-declaration? Can we declare it on our website?
3) Are we supposed to communicate with DPA about the compliance?
Answers:
My advice would be to refrain yourself compliant with the GDPR. Is the same thing as declaring that you comply with the Tax Code or Criminal Code or any other piece of legislation. Another reason for not stating this is the fact that you might be challenging people to prove that you may have still some work to do.
And, last but not least don’t go proactively to a Supervisory Authority and state that you are compliant you may involuntarily trigger an audit.
Don't mistake GDPR with some kind of certification because it is not. -
GDPR documents
• Right to be Forgotten
• Right to Amend
• Right to Stop Processing
• Right to Transfer
Answer:
We did not add all of the rights you mentioned because you should use the same procedure and process to deal with them, it doesn't make any difference if is a request for access or erasure in terms of processes but only the answer would be different.
To find out more about DSARs check out our webinar “Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/). -
Data Subject Rights under the EU GDPR
Answer:
Exactly, if you receive a DSAR you can should immediately inform the controller and forward all the necessary details. If the controller needs your assistance most likely will come back to you.
To find out more about DSARs check out our webinar “Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).