Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Standard Contractual Clauses Annexes
Answer:
You should have received two documents one to regulate Controller to Controller transfer and one for the Controller to Processor instance. 06.2_Annex_1_Standard_Contractual_Clauses_for_the_Transfer_to_Controll ers_EN
06.3_Annex_2_Standard_Contractual_Clauses_for_the_Transfer_to_Processo rs_EN
To find out more about cross border data transfers don miss our upcoming webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/ -
Cross border data transfer
Answer:
At first glance I would say that you are facing a cross border data transfer especially if the team in Philippines would be able to copy the data locally on their machines.
To find out more about cross border data transfers don miss our upcoming webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/ -
Requirements for infrastructure
Answer:
ISO 13485 allows exclusions of any requirements from clauses 6, 7 and 8, if they are not applicable to the type of business your organization is performing. Of course, as long as you can provide justification for the exclusion.
Requirements for infrastructure can hardly be excluded, because you still use some kind of equipment, and the entire point of this clause is to define and plan maintenance activities .
Work environment requirements, on the other hand are probably not entirely applicable to your type of business, so you can exclude requirements fo r cleanliness and clothing of personnel (clause 6.4.1) and contamination control (clause 6.4.2).
All the parts of the Procedure for Infrastructure and Work Environment that are not applicable to your type of business can be either edited or completely deleted.
For more information, see: Managing medical device infrastructure requirements according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/ -
Nonconformities and corrective action
Answer:
ISO 9001:2015 speaks about nonconformities in two clauses:
8.7 is about nonconforming outputs (products and/or services)
10.2 is about other nonconformities like process performance
Whenever a nonconformity occurs it must be treated, it must be corrected. Correction eliminates the nonconformity. After the correction one must ask if a corrective action is needed. A corrective action attacks the cause of the nonconformity and reduces the probability or frequency of the recurrence of the nonconformity. When performance is evaluated, for example, the rate of nonconformities, one must ask if the performance is acceptable or an improvement action, a corrective action is needed.
The following material will provide you inform ation about the nonconformities and corrective actions:
- ISO 9001 – Seven Steps for Corrective and Preventive Actions to support Continual Improvement - https://advisera.com/9001academy/blog/2013/10/27/seven-steps-corrective-preventive-actions-support-continual-improvement/
- How to use root cause analysis to support corrective actions in your QMS - https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/
- Procedure for the Management of Nonconformities and Corrective Actions - https://advisera.com/9001academy/documentation/procedure-control-non-conforming-products/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Migración a la nueva ISO 9001:2015
Lo primero con lo que debe de contar es con el apoyo de la alta dirección, que va a facilitar tanto los recursos económicos como de personal para que la transición a la nueva norma se lleve a cabo de manera eficaz. Para ello puede presentar los beneficios de implantar la nueva norma ISO 9001:2015.
Posteriormente puede llevar a cabo un análisis de brecha o GAP, para ver con qué requisitos y documentación cumple en la actualidad. Aquí puede encontrar la herramienta de forma gratuita: https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/
Más tarde debe establecer un plan de proyecto para llevar a cabo la implantación de la norma, que incluya, el responsable del proyecto o el equipo, los plazos, los diferentes hitos así como el presupuesto con el que se cuenta.
Un recomendación es no escribir demasiados, sólo aque llos que realmente sean necesarios. Aquí puede encontrar la lista de documentos necesarios y recomendados: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
Estos materiales también pueden ayudarle en la transición a la norma ISO 9001:2015:
- Curso Fundamentos de la ISo 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos" (sólo en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Herramienta de cumplimiento en línea: https://advisera.com/conformio/ -
AS9100 Rev D vs ISO 9001:2015 main differences
Answer:
As with many other specialized QMS requirements AS9100 Rev D takes the entirety of ISO 9001:2015 and simply adds some aerospace specific requirements to it without taking anything away. While there are some small additions to the processes throughout some of the main additions include; keeping the quality management representative, a process for operational risk management, a process for configuration management, processes to ensure product safety, a process to prevent the use of counterfeit parts, validation and control of special processes, and production process verification.
To find out more about the aerospace specific terms that are defined in AS9100 Rev D, and later are defined as these additional processes, see this article: https://advisera.com/9100academy/blog/2017/05/01/five-special-aerospace-terms-in-as9100-rev-d/ -
Data processing agreement
2. Just thinking a little more about this as I see on your notes that this is not a standalone document and is meant to be an annex to the contract the Controller has with a supplier / processor. We don’t have formal contracts / commercial agreements in place with all of our corporate clients and so I’m wondering where this leaves us?
3. It would also be good to know which of the documents in the toolkit should be issued to our suppliers ie from Processor to Sub-Processor. I’m assuming that we simply need to incorporate the relevant security clauses to handle outsourcing risks as described in A.15.3 and the blog in your notes within our existing contracts? Am I right in thinking that precise/suggested wording for these clauses does not form part of the toolkit and if so do you have any advice where we might find example wording?
Ans wers:
1. Based on the provisions of EU GDPR art. 28 – “Processor” (https://advisera.com/eugdpracademy/gdpr/processor/) is the controller that should be the one ensuring it uses processors providing sufficient guarantees to implement appropriate technical and organizational measures to meet the requirements of the Regulation.
You can of course be proactive and for the controllers that did not provide you a Data Processing Agreement or similar document you can send then the Agreement in the Toolkit (A.15.2) and this would hopefully trigger a reaction from the controller.
2. Regardless if you don`t have a written contract the services you provide to your customers need to be somehow regulated otherwise legally speaking you would be providing a service outside a contractual frame and this would mean that the parties have no obligations towards another. You may have some Terms & Conditions for providing the services and then Data Processing Agreement should refer to it.
Any processing activity needs to have a reason behind it so it needs to be regulated especially if is a payed service.
3. For a Processor to Sub-processor Data Processing agreement you can use the attached document as a reference.
To learn more about procesors check out our free “EU GDPR Foundations Course” https://advisera.com/eugdpracademy/what-is-eugdpr/ -
Contractual clauses for sub-processors
Answer:
Unfortunately the EU Commission only issued controller to controller and controller to processor standard contractual clauses. To learn more about personal data transfers check out our free “EU GDPR Foundations Course” https://advisera.com/eugdpracademy/what-is-eugdpr/ -
Third Party Management
Answer:
Dues to the fact that joint controllership is quite rare and usually companies try to avoid that by being sole controllers such document is not part of our EU GDPR Documentation Toolkit.https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ -
Unsubscribe or delete
Answer:
The question is too broad to be able to provide a precise answer. Basically it depends on where you got the data from and what you are using it for.
If you use the data so send advertisement to those individuals you most likely you would need to delete their data if they don’t` consent to your marketing processing activity.
To find out more about consent and marketing check out our webinar “How GDPR Affects Marketing Practices” https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/