Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • AS9100 Rev D vs ISO 9001:2015 main differences


    Answer:
    As with many other specialized QMS requirements AS9100 Rev D takes the entirety of ISO 9001:2015 and simply adds some aerospace specific requirements to it without taking anything away. While there are some small additions to the processes throughout some of the main additions include; keeping the quality management representative, a process for operational risk management, a process for configuration management, processes to ensure product safety, a process to prevent the use of counterfeit parts, validation and control of special processes, and production process verification.
    To find out more about the aerospace specific terms that are defined in AS9100 Rev D, and later are defined as these additional processes, see this article: https://advisera.com/9100academy/blog/2017/05/01/five-special-aerospace-terms-in-as9100-rev-d/

  • Data processing agreement

    2. Just thinking a little more about this as I see on your notes that this is not a standalone document and is meant to be an annex to the contract the Controller has with a supplier / processor. We don’t have formal contracts / commercial agreements in place with all of our corporate clients and so I’m wondering where this leaves us?
    3. It would also be good to know which of the documents in the toolkit should be issued to our suppliers ie from Processor to Sub-Processor. I’m assuming that we simply need to incorporate the relevant security clauses to handle outsourcing risks as described in A.15.3 and the blog in your notes within our existing contracts? Am I right in thinking that precise/suggested wording for these clauses does not form part of the toolkit and if so do you have any advice where we might find example wording?

    Ans wers:

    1. Based on the provisions of EU GDPR art. 28 – “Processor” (https://advisera.com/eugdpracademy/gdpr/processor/) is the controller that should be the one ensuring it uses processors providing sufficient guarantees to implement appropriate technical and organizational measures to meet the requirements of the Regulation.
    You can of course be proactive and for the controllers that did not provide you a Data Processing Agreement or similar document you can send then the Agreement in the Toolkit (A.15.2) and this would hopefully trigger a reaction from the controller.

    2. Regardless if you don`t have a written contract the services you provide to your customers need to be somehow regulated otherwise legally speaking you would be providing a service outside a contractual frame and this would mean that the parties have no obligations towards another. You may have some Terms & Conditions for providing the services and then Data Processing Agreement should refer to it.
    Any processing activity needs to have a reason behind it so it needs to be regulated especially if is a payed service.

    3. For a Processor to Sub-processor Data Processing agreement you can use the attached document as a reference.

    To learn more about procesors check out our free “EU GDPR Foundations Course” https://advisera.com/eugdpracademy/what-is-eugdpr/

  • Contractual clauses for sub-processors


    Answer:

    Unfortunately the EU Commission only issued controller to controller and controller to processor standard contractual clauses. To learn more about personal data transfers check out our free “EU GDPR Foundations Course” https://advisera.com/eugdpracademy/what-is-eugdpr/

  • Third Party Management


    Answer:

    Dues to the fact that joint controllership is quite rare and usually companies try to avoid that by being sole controllers such document is not part of our EU GDPR Documentation Toolkit.https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

  • Unsubscribe or delete


    Answer:

    The question is too broad to be able to provide a precise answer. Basically it depends on where you got the data from and what you are using it for.

    If you use the data so send advertisement to those individuals you most likely you would need to delete their data if they don’t` consent to your marketing processing activity.

    To find out more about consent and marketing check out our webinar “How GDPR Affects Marketing Practices” https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/

  • Data processors


    Answer:

    This depends on the nature of the contract you have with the processors. If you have a signed commercial contract then you would need to amend it to include a “Supplier Data Processing Agreement” or a similar document.

    However if you contracted some services and you don`t have a customized contract such as Amazon hosting services you can rely on the updated terms and conditions that the processor should issue to be compliant with the EU GDPR.

    To learn more about the processor obligations check out our free “EU GDPR Foundations Course” https://advisera.com/eugdpracademy/what-is-eugdpr/

  • Directive 95/46/EC


    Answer:

    The existing controller-controller and controller-processor Model Contracts will be grandfathered. The EU GDPR removes any need to obtain authorization from a supervisory authority.

    So the Model Contracts will remain valid after the EU GDPR comes into force so no need to change them even if they refer to the Directive.

    To find out more about cross border data transfers don`t miss our upcoming webinar “How to make personal data transfers to other countries” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/

  • Control: 14.1.3 - Protecting application services transactions

    Please note that these items must be implemented only if:
    - There are unacceptable risks demanding the implementation of the items
    - There are legal requirements demanding the implementation oitemsf the
    - There is a top management decision demanding the implementation of the items

    If none of the above occurs, you do not need to implement these items.

    Considering that, you have to verify what of the above conditions occurs to each item to define which one, or both, will be implemented.

    This article will provide you further explanation about selecting controls:
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

    This material will also help you regarding selecting controls:
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • ISO 27001 career


    Answer: Considering your interest in information security, ISO 27001 certification will be of great help to your career, because not only it presents a systematic way to implement, operate and improve an information security management system, but it is also a world-wide recognized and accepted standard, which will allow you to work in any part of the world.

    2 - Which should be pursued first LI/LA as per my case? I have shortlisted onto 3 certification bodies nearer to my place here in New Delhi(India) i.e. PECB / BSI / SGS. PECB is the most expensive and SGS as the least expensive.

    Answer: Let's start with the differences:
    - ISO 27001 Lead Implementer – this certification recognizes people who have competency on the ISO 27001 implementation process.
    - ISO 27001 Lead Auditor – this certification recognizes people who have competency on auditing an ISMS against ISO 27001 requirements and want to become certification auditor (and with this provides more confidence to an organization for being certified).

    Considering your stated background, the decision about which one to take will depend on your professional purposes. If you plan to work on the implementation of information Security Management Systems, then you should consider the Lead Implementer certification. If you plan to work on certifying ISMSs, or to ensure implemented ISMSs are complaint with ISO 27001 requirements, then you should consider the Lead Auditor certification.

    Regarding certification bodies, world-wide recognized LI/LA courses (also known as accredited courses), which are the first step to LI/LA certification, need to be compliant with ISO 17024 (General requirements for bodies operating certification schemes for persons), which helps ensure that even with different approaches their courses can provide confidence in the skills acquired by the people who pass their exams (PECB, BSI and SGS have accredited courses), so good criteria to select your training provider, besides cost, are the certification body reputation in your country and references from previous students (you may find these on professional social networks like LinkedIn).

    These articles will provide you further explanation about ISO 27001 personnel certifications:
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
    - Lead Auditor Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

    This material will also help you regarding ISO 27001 personnel certifications:
    - ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/

  • Transition to ISO 9001:2015


    Answer:

    I recommend starting by performing a Gap Analysis to take a picture of the starting point. Then with that picture you can prepare a transition plan.

    I recommend initiate the change by clauses 4 and 6.

    The following material will provide you information about the transition:

    - ISO 9001 – How to make the transition from ISO 9001:2008 revision to the 2015 revision - https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
    - Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Page 752-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +