Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Data Sharing vs Data Processing agreements
Answer:
Until I see a “Data Sharing Agreement” I am not sure but most likely they refer to the same thing that is regulating how a processor should process the data on behalf of a controller. -
Initial steps in ISO 9001
My response:
After getting the management approval the next step would be establishing a project plan – nominate the project manager, the project sponsor, the project team (if needed), define the milestones, deadlines, outputs and budget.
When starting the implementation keep in mind the following:
- Avoid writing too many documents – you should aim at the minimum that is
really needed; do not try to write too detailed documents (e.g., risk assessment), such documents will be improved throughout time during the regular review process.
- Learn which documents and records are mandatory. Here you can find a list of mandatory documents: https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
These materials will provide you information about ISO 9001:2015 implementation:
- Free online training ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Book “Discover ISO 9001:2015 Through Practical Examples”: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Secure & Simple book content
Answer: You are right and we are sorry for this mistake. We'll work ASAP to make the correction. Thanks for the feedback. -
Training content
Could you advise the effectiveness of the course module coverage and the sample q's in the training sessions for certification fulfillment.
Soliciting your expert opinion and any additional details pertaining to the subject matter.
Answer: Our ISO 27001:2013 Foundations course provides basic knowledge about ISO 27001 structure, requirements and controls, and the ISO 27001 Foundations exam provided at the end of the coure is accredited by Exemplar Global (formerly RABQSA), being world-ide recognized.
Our ISO 27001:2013 Internal Auditor Course is also accredited by Exemplar Global (formerly RABQSA), and its content is developed to support attendants to take the Internal Auditor exam available at the end of the course. This Internal Auditor certification recognizes people who had attained Information Security Management Systems and Management Systems Auditing competencies.
At this moment we do not p rovide courses related to ISO 27001 Lead Auditor and ISO 27001 Lead Implementer certifications (but soon we'll publish our LI/ LA courses). For now, we have this webinar that can help you with preparation to the ISO 27001 Lead Auditor course:
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/ -
Relevant ISO standards for information security
Answer: You can consider the following standards of the ISO 27001 family as the basis for the generic approach to information security:
ISO/IEC 27001 — Information technology - Security Techniques — Information security management systems — Requirements.
ISO/IEC 27002 — Code of practice for information security controls
ISO/IEC 27004 — Information security management — Monitoring, measurement, analysis and evaluation
ISO/IEC 27005 — Information security risk management
However, ISO 27000 family also have additional standards that specific industries should also consider critical to properly protect information, such as:
ISO/IEC 27017 — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
ISO/IEC 27018 — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO/IEC TR 27019 — Infor mation security for process control in the energy industry
ISO/IEC 27031 — Guidelines for information and communication technology readiness for business continuity
ISO/IEC 27032 — Guideline for cybersecurity
So, a more appropriated statement would be "The ISOs 27001, 27002, 27004 and 27005 can provide the basic foundation for the information security posture of any organisation." -
Standard Contractual Clauses Annexes
Answer:
You should have received two documents one to regulate Controller to Controller transfer and one for the Controller to Processor instance. 06.2_Annex_1_Standard_Contractual_Clauses_for_the_Transfer_to_Controll ers_EN
06.3_Annex_2_Standard_Contractual_Clauses_for_the_Transfer_to_Processo rs_EN
To find out more about cross border data transfers don miss our upcoming webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/ -
Cross border data transfer
Answer:
At first glance I would say that you are facing a cross border data transfer especially if the team in Philippines would be able to copy the data locally on their machines.
To find out more about cross border data transfers don miss our upcoming webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/ -
Requirements for infrastructure
Answer:
ISO 13485 allows exclusions of any requirements from clauses 6, 7 and 8, if they are not applicable to the type of business your organization is performing. Of course, as long as you can provide justification for the exclusion.
Requirements for infrastructure can hardly be excluded, because you still use some kind of equipment, and the entire point of this clause is to define and plan maintenance activities .
Work environment requirements, on the other hand are probably not entirely applicable to your type of business, so you can exclude requirements fo r cleanliness and clothing of personnel (clause 6.4.1) and contamination control (clause 6.4.2).
All the parts of the Procedure for Infrastructure and Work Environment that are not applicable to your type of business can be either edited or completely deleted.
For more information, see: Managing medical device infrastructure requirements according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/ -
Nonconformities and corrective action
Answer:
ISO 9001:2015 speaks about nonconformities in two clauses:
8.7 is about nonconforming outputs (products and/or services)
10.2 is about other nonconformities like process performance
Whenever a nonconformity occurs it must be treated, it must be corrected. Correction eliminates the nonconformity. After the correction one must ask if a corrective action is needed. A corrective action attacks the cause of the nonconformity and reduces the probability or frequency of the recurrence of the nonconformity. When performance is evaluated, for example, the rate of nonconformities, one must ask if the performance is acceptable or an improvement action, a corrective action is needed.
The following material will provide you inform ation about the nonconformities and corrective actions:
- ISO 9001 – Seven Steps for Corrective and Preventive Actions to support Continual Improvement - https://advisera.com/9001academy/blog/2013/10/27/seven-steps-corrective-preventive-actions-support-continual-improvement/
- How to use root cause analysis to support corrective actions in your QMS - https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/
- Procedure for the Management of Nonconformities and Corrective Actions - https://advisera.com/9001academy/documentation/procedure-control-non-conforming-products/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Migración a la nueva ISO 9001:2015
Lo primero con lo que debe de contar es con el apoyo de la alta dirección, que va a facilitar tanto los recursos económicos como de personal para que la transición a la nueva norma se lleve a cabo de manera eficaz. Para ello puede presentar los beneficios de implantar la nueva norma ISO 9001:2015.
Posteriormente puede llevar a cabo un análisis de brecha o GAP, para ver con qué requisitos y documentación cumple en la actualidad. Aquí puede encontrar la herramienta de forma gratuita: https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/
Más tarde debe establecer un plan de proyecto para llevar a cabo la implantación de la norma, que incluya, el responsable del proyecto o el equipo, los plazos, los diferentes hitos así como el presupuesto con el que se cuenta.
Un recomendación es no escribir demasiados, sólo aque llos que realmente sean necesarios. Aquí puede encontrar la lista de documentos necesarios y recomendados: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
Estos materiales también pueden ayudarle en la transición a la norma ISO 9001:2015:
- Curso Fundamentos de la ISo 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos" (sólo en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Herramienta de cumplimiento en línea: https://advisera.com/conformio/