Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11272 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Supplier Data processing Agreement
2. Transborder data controller - before we send any data outside the EU, we should have a contract between the customer and us. Does the toolkit have some sample contacts for that issue?

Answers:

1. The document you are referring to can be found in section “7. Third party compliance” of our EU GDPR Documentation Toolkit under the name of “Supplier Data processing Agreement”.
2. The documents you are looking for can be found in section “5. Personal Data Transfers” of our EU GDPR Documentation Toolkit.
Data Portability

Answer:

You need to provide the data subject a copy of the information you have about him basically copies of the documents where their personal data is mentioned.

Regarding ex-employees this needs to be assessed because the emails might me subject to copyright or contain copyright protected information as well as personal data of other individuals and in this case these date need to be removed.

If you want to get more guidance about data subjects rights check put our webinar “Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).
The treatment register

Answer:

If you are collecting/processing data on your website you would need a Privacy Notice to inform the users as required by EU GDPR art. 13 – “Information to be provided where personal data are collected from the data subject” (https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/). The information about cookies need to be provided as per the requirements of the ePrivacy Decision. As for the ”treatment register” I am not you sure what you mean by that.

To find out more about privacy notices check out our webinar “P rivacy Notices Under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/).
ISO 27001, NIST CSF and NERC CIP
I am thinking whether I can approach the Cybersecurity in a risk management framework , from risk management strategy to identify and access the risk , build Cybersecurity program and security assurance architecture , mitigate the risk from Cybersecurity plan with security control in ISO 27001 Annex A against the control category in NIST CSF which comply with NERC CIP 02-09.

Answer: We're not experts in NERC CIP, but it seems that it is possible to combine these three frameworks. The following material will give you an overview on how to integrate ISO 27001 and NIST CSF:
- Which one to go with – Cybersecurity Framework or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/
- How to implement the NIST Cyber Security Framework using ISO 27001 https://info.advisera.com/27001academy/free-download/how-to-implement-nist-cyber-security-framework-using-iso-27001

and since the correlation between NIST CSF and NERC CIP is already mapped, the integration between these three would follow the same logic.
Risks on software development

Answer: The specific risks perceived by an organization regarding its processes (e.g., software development) and provided services (e.g., CRAM software on a SaaS environment) are unique considering its organizational context and objectives, and should be supported by a risk assessment process, but broadly speaking you should consider these references:
- Top Threats to Cloud Computing Plus: Industry Insights https://cloudsecurityalliance.org/download/top-threats-cloud-computing-plus-industry-insights/
- OWASP Top Ten 2017 Project https://www.owasp.org/index.php/Top_10-2017_Top_10

This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- ISO 27001 risk assessmen t: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/

These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Importancia de los indicadores en la ISO 27001

Respuesta: Los indicadores son muy importantes porque puedes usarlos para medir y monitorizar los procesos y los controles de seguridad de la información, que es un requerimiento en la ISO 27001, de acuerdo al punto 9.1 Seguimiento, medición, análisis y evaluación.

Por cierto, este artículo sobre indicadores puede ser interesante para ti “Key performance indicators for an ISO 27001 ISMS” : https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/

Y también este otro sobre los objetivos de control "Control objectives - Why are they important? " https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Auditing outsourced processes (1)

Answer:

Consider auditing a process – what ISO 9001:2015 clauses do you consider?

Auditing process performance (9.1.1 and 9.1.3);
Auditing process control (8.5.1);
Auditing quality control (8.6);
Auditing nonconformities control (8.7);
Auditing order control (8.4)
Auditing documentation control (7.5)
Auditing monitoring resources (7.1.5)
Auditing identification and traceability (8.5.2)

As you can see, you can use several ISO 9001 clauses to audit a process, outsourced or not.

The following material will provide you information about scope definition:

- ISO 9001 – How to control outsourced processes using ISO 9001 - https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/
- ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Issues are not necessarily negative (1)
I believe that “issue” is related with clause 4.1 of ISO 9001:2015. Several organizations use SWOT analysis as a way of determining relevant internal and external issues. Using the SWOT analysis implies determining issues with a positive connotation (opportunities and strengths) and determining issues with a negative connotation (threats and weaknesses)
The following material will provide you information about internal and externa l issues:
- ISO 9001 – How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
- ISO 9001:2015 Case study: Context of the organization as a success factor in manufacturing company - https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Data Subject Access Request Procedure

Answer:

All the data subject requests including the “right to be forgotten request” would be dealt with according to the “Data Subject Access Request Procedure”.

To find out more about data subjects right you can check put our webinar “Data Subject Rights under the EU GDPR” https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/
EU GDPR

Answer:

You should first check the iCloud Privacy Policy because it might be that the data for EU users are stored in Europe.

To find out about data transfers don`t miss our webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11272 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Supplier Data processing Agreement

Data Portability

The treatment register

ISO 27001, NIST CSF and NERC CIP

Risks on software development

Importancia de los indicadores en la ISO 27001

Auditing outsourced processes (1)

Issues are not necessarily negative (1)

Data Subject Access Request Procedure

EU GDPR

Didn’t find an answer?