Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Service Catalog responsibilities
Answer:
Following belongs to the Service Managers' responsibilities:
- accountable for the delivery of a specific IT service (ensuring that the ongoing service delivery and support meet agreed customer requirements)
- responsible to the customer for the initiation, transition and ongoing maintenance and support of a particular service and accountable to the IT director or service management director for the delivery of the service.
- the service owner’s accountability for a specific service within an organization is independent o f where the underpinning technology components, processes or professional capabilities reside.
- responsible for continual improvement and the management of change affecting the service under their care
So, if your sales team is capable to fulfill above requirements - then yes, they can be the service owners (of the business part of the service catalogue). -
GDPR concern
Answer:
Is not that the EU GDPR forbids you to send or store data outside the EEA but rather it requires that you mention to the individuals that their data may be sent outside the EEA and the safeguards you took to make sure that the data is processed in a lawful manner.
So, you should first communicate this to your customers though you Privacy Notices.
To find out more about transfers of personal data check out our webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/ -
Gestión de riesgos y oportunidades en ISO 14001
Mi respuesta:
Corresponde a la organización seleccionar el método que se adapte mejor a sus características, situación, dimensiones , contexto en el que opera u ofrece sus conocimientos, pudiendo ser un simple proceso cualitativo o una evaluación completa cuantitativa.
Estos son algunos ejemplos de herramientas metodológicas:
- Norma UNE ISO 31000, "Gestión de riesgos, Principios y directrices" . Proporciona las mejores prácticas que han sido recogidas en la gestión de riesgos llevada a cabo en diferentes áreas.
- Norma UNE EN 31010 "Gestión de riesgos. técnicas de evaluación de riesgos". Utilizada como ayuda de la norma anterior, proporciona las directrices necesarias para seleccionar y aplicar las técnicas más eficaces para la evaluación de los riesgos.
- Norma UNE 15008 "Análisis y evaluación de riesgos ambientales". Describe la metodología para analizar y evaluar los riesgos ambientales y establecer una gestión eficiente de los mismos.
Estos materiales pueden ayudarle a conocer más sobre los riesgos y oportunidades en ISO 14001:2015:
- Artículo "Gestión de riesgos en ISO 14001:2015: qué por qué, y cómo" https://advisera.com/14001academy/es/knowledgebase/gestion-de-riesgos-en-iso-140012015-que-por-que-y-como/
- Libro "The ISO 14001:2015 conpanion"(disponible sólo en inglés): https://advisera.com/books/the-iso-14001-2015-companion/
- Curso de Fundamentos ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
- Conformio - herramienta de cumplimiento en línea: https://advisera.com/conformio/ -
Objectives and planning for QMS
My answer:
We do have a procedure for the quality plan which is a documented list of arrangements needed for the creation of the product or service, including the necessary tools, process steps, measurement points and any other necessary information - https://advisera.com/9001academy/documentation/quality-plan/ Also you can find here a separate template for the quality objectives: https://advisera.com/9001academy/documentation/quality-objectives/ Both templates contain several comments in order to help you to best complete it.
For more information about a quality plan you can see the article "Making the best out of ISO 9001 Quality Plan": https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
In this article you can learn more about how to write quality objectives: https://ad visera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
These materials can also help you with the implementation of ISO 9001:2015:
- Book "Discover ISO 9001:2015 through practical examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Conformio - Compliance tool: https://advisera.com/conformio/ -
Swot/Interested Parties
My answer:
You can find an example of a swot analysis for a manufacturing company in this article: https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/
Relevant parties are those persons or organizations that will have an impact on your ability to provide products and services which consistently meet the needs of your customers and legal requirements. To determine who is a relevant party in your organization, you can consider the following groups:
- Customers
- Government and non-government organizations
- Employees
- Shareholders
- Suppliers
For more information about interested parties in ISO 9001:2015, see these articles:
- "How to determine interested parties and their requirements according to ISO 9001:2015 ": https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
- "Understanding needs and expectations of interested parties in ISO 9001:2015": https://advisera.com/9001academy/blog/2017/10/24/understanding-needs-expectations-of-interested-parties-in-iso-90012015/
These materials can also help you to learn more about the implementation in ISO 9001:2015:
- Book "Discover ISO 9001:2015 through practical examples" - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Conformio: compliance software tool - https://advisera.com/conformio/ -
Procedure for clause 8.4
My answer:
We do have a procedure for purchasing and evaluation of suppliers (Clause 8.4) that includes also the following Appendices:
- Checklist for evaluation of suppliers
- List of approved suppliers
- Registry of complaints about suppliers
- Request and order for purchasing
For more information about this procedure you can see: https://advisera.com/9001academy/documentation/procedure-purchasing-evaluation-suppliers/
You can also learn more about how to evaluate supplier performace according to ISO 9001:2015 in this article: https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/ -
Subject access requests
Answer:
Our EU GDPR Documentation toolkit has an entire folder dedicated to DSARs https://advisera.com/eugdpracademy/eu-gdpr-consent-data-subject-rights-toolkit/ and it contains a procedure that can be used to address DSARs as well as a flowchart https://info.advisera.com/eugdpracademy/free-download/eu-gdpr-data-subject-access-request-flowchart describing the process of answering DSARs and templates bots for data subjects request as well as answers.
To learn more about data subject rights check out our free webinar “Data Subjects Rights under the EU GDPR” https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/ -
GDPR - Intercom chat and Facebook Messenger
If you don’t have a signed agreement you need to check intercom's Privacy Notice/Privacy statement and see what their retention period is. However, if you have a signed commercial agreement you need to have a Data Processing Agreement in place with the processor also regulating the deletion of data from their archives.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
The right toolkit
Answer:
Based on the description you would most likely be a data processor and the universities would be the data controllers. There is no specific toolkit version for the data processors because most of the documents are relevant for both controllers and processors. There are some documents that may be less relevant to processors such as the documents related to managing data subjects rights in folder 4 of the EU GDPR Consultation Toolkit.
However, consider that f you are established in the EU you will be a controller as opposed to the data of your employee s.
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
Processing of the data
1. Is it necessary to request the express consent of the interested party for the transfer of data?
2. Is it sufficient to inform that the data are advanced and at the end of the clause request the express consent for the corresponding purpose?
Answers:
Consent is not required for transferring data outside the EEA if you are using one of the safeguards indicated by the EU GDPR in article 45 – “ Transfers subject to appropriate safeguards” (https://advisera.com/gdpr/transfers-subject-to-appropriate-safeguards/)
One of the most common and easy to use safeguards are the “Standard contractual clauses” or “Model clauses” which need to be singed by the data exporter and data importer. These standard documents can be found in folder 6 of our EU GDPR Documentation Toolkit.
So, in a nutshell if you use the “Standard contractual clauses” as a safeguard the consent is not needed but the information ab out the intended data transfer needs to be included in the “Privacy Notice”.
To learn more about data transfers don`t miss out on our webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/