Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Gestión de riesgos y oportunidades en ISO 14001
Mi respuesta:
Corresponde a la organización seleccionar el método que se adapte mejor a sus características, situación, dimensiones , contexto en el que opera u ofrece sus conocimientos, pudiendo ser un simple proceso cualitativo o una evaluación completa cuantitativa.
Estos son algunos ejemplos de herramientas metodológicas:
- Norma UNE ISO 31000, "Gestión de riesgos, Principios y directrices" . Proporciona las mejores prácticas que han sido recogidas en la gestión de riesgos llevada a cabo en diferentes áreas.
- Norma UNE EN 31010 "Gestión de riesgos. técnicas de evaluación de riesgos". Utilizada como ayuda de la norma anterior, proporciona las directrices necesarias para seleccionar y aplicar las técnicas más eficaces para la evaluación de los riesgos.
- Norma UNE 15008 "Análisis y evaluación de riesgos ambientales". Describe la metodología para analizar y evaluar los riesgos ambientales y establecer una gestión eficiente de los mismos.
Estos materiales pueden ayudarle a conocer más sobre los riesgos y oportunidades en ISO 14001:2015:
- Artículo "Gestión de riesgos en ISO 14001:2015: qué por qué, y cómo" https://advisera.com/14001academy/es/knowledgebase/gestion-de-riesgos-en-iso-140012015-que-por-que-y-como/
- Libro "The ISO 14001:2015 conpanion"(disponible sólo en inglés): https://advisera.com/books/the-iso-14001-2015-companion/
- Curso de Fundamentos ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
- Conformio - herramienta de cumplimiento en línea: https://advisera.com/conformio/ -
Objectives and planning for QMS
My answer:
We do have a procedure for the quality plan which is a documented list of arrangements needed for the creation of the product or service, including the necessary tools, process steps, measurement points and any other necessary information - https://advisera.com/9001academy/documentation/quality-plan/ Also you can find here a separate template for the quality objectives: https://advisera.com/9001academy/documentation/quality-objectives/ Both templates contain several comments in order to help you to best complete it.
For more information about a quality plan you can see the article "Making the best out of ISO 9001 Quality Plan": https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
In this article you can learn more about how to write quality objectives: https://ad visera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
These materials can also help you with the implementation of ISO 9001:2015:
- Book "Discover ISO 9001:2015 through practical examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Conformio - Compliance tool: https://advisera.com/conformio/ -
Swot/Interested Parties
My answer:
You can find an example of a swot analysis for a manufacturing company in this article: https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/
Relevant parties are those persons or organizations that will have an impact on your ability to provide products and services which consistently meet the needs of your customers and legal requirements. To determine who is a relevant party in your organization, you can consider the following groups:
- Customers
- Government and non-government organizations
- Employees
- Shareholders
- Suppliers
For more information about interested parties in ISO 9001:2015, see these articles:
- "How to determine interested parties and their requirements according to ISO 9001:2015 ": https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
- "Understanding needs and expectations of interested parties in ISO 9001:2015": https://advisera.com/9001academy/blog/2017/10/24/understanding-needs-expectations-of-interested-parties-in-iso-90012015/
These materials can also help you to learn more about the implementation in ISO 9001:2015:
- Book "Discover ISO 9001:2015 through practical examples" - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Conformio: compliance software tool - https://advisera.com/conformio/ -
Procedure for clause 8.4
My answer:
We do have a procedure for purchasing and evaluation of suppliers (Clause 8.4) that includes also the following Appendices:
- Checklist for evaluation of suppliers
- List of approved suppliers
- Registry of complaints about suppliers
- Request and order for purchasing
For more information about this procedure you can see: https://advisera.com/9001academy/documentation/procedure-purchasing-evaluation-suppliers/
You can also learn more about how to evaluate supplier performace according to ISO 9001:2015 in this article: https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/ -
Subject access requests
Answer:
Our EU GDPR Documentation toolkit has an entire folder dedicated to DSARs https://advisera.com/eugdpracademy/eu-gdpr-consent-data-subject-rights-toolkit/ and it contains a procedure that can be used to address DSARs as well as a flowchart https://info.advisera.com/eugdpracademy/free-download/eu-gdpr-data-subject-access-request-flowchart describing the process of answering DSARs and templates bots for data subjects request as well as answers.
To learn more about data subject rights check out our free webinar “Data Subjects Rights under the EU GDPR” https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/ -
GDPR - Intercom chat and Facebook Messenger
If you don’t have a signed agreement you need to check intercom's Privacy Notice/Privacy statement and see what their retention period is. However, if you have a signed commercial agreement you need to have a Data Processing Agreement in place with the processor also regulating the deletion of data from their archives.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
The right toolkit
Answer:
Based on the description you would most likely be a data processor and the universities would be the data controllers. There is no specific toolkit version for the data processors because most of the documents are relevant for both controllers and processors. There are some documents that may be less relevant to processors such as the documents related to managing data subjects rights in folder 4 of the EU GDPR Consultation Toolkit.
However, consider that f you are established in the EU you will be a controller as opposed to the data of your employee s.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Processing of the data
1. Is it necessary to request the express consent of the interested party for the transfer of data?
2. Is it sufficient to inform that the data are advanced and at the end of the clause request the express consent for the corresponding purpose?
Answers:
Consent is not required for transferring data outside the EEA if you are using one of the safeguards indicated by the EU GDPR in article 45 – “ Transfers subject to appropriate safeguards” (https://advisera.com/gdpr/transfers-subject-to-appropriate-safeguards/)
One of the most common and easy to use safeguards are the “Standard contractual clauses” or “Model clauses” which need to be singed by the data exporter and data importer. These standard documents can be found in folder 6 of our EU GDPR Documentation Toolkit.
So, in a nutshell if you use the “Standard contractual clauses” as a safeguard the consent is not needed but the information ab out the intended data transfer needs to be included in the “Privacy Notice”.
To learn more about data transfers don`t miss out on our webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/ -
GDPR privacy policy
Only EU law -
Controls development and implementation
We received this question:
>Thanks a lot for the support. I read it, but it dosent have answer to points 1to3. Request you to help me with the first 3 points mentioned my questions.
>
>I would like to know what I should keep in content of these? Or like share samples if possible.
Answer: The content of policies and procedures related to information transfer, log on and log off, and publication of public information shall depend of the relevant risks identified in your risk assessment, and legal requirements applicable to your organization, so there isn't a definitive answer for your question.
ISO 27002, a supporting standard for implementation of ISO 27001 Annex A controls can provide you a comprehensive set of guidance's and recommendations that you can use to tailor your documents. You should consider at least these controls:
- 9.1.1 Access control policy
- 9.4.2 Secure log-on procedures
- 13.2.1 Information transfer policies and procedures
- 13.2.2 Agreements on information transfer
- 13.2.4 Confidentiality or non-disclosure agreements
As for templates, I suggest you to take a look at the free demo of these templates:
- Access Control Policy https://advisera.com/27001academy/documentation/password-policy/
- Information Transfer Policy https://advisera.com/27001academy/documentation/information-transfer-policy/
- Confidentiality Statement https://advisera.com/27001academy/documentation/confidentiality-statement/
This material will also help you with ISO 27001 Annex A controls:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/