Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Privacy notice template


    Answer:

    The template can work for website privacy notices as well. Just bear in mind that the website privacy notice may be different than other privacy notices if you collect other personal data such as IPs for example. You can have different privacy notices for different processing activities such as or your customers, website visitors, employees, etc.

    You can find more information about privacy notices from our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Documented information


    Answer:

    Document controlling is what clause 7.5 of ISO 9001:2015 speaks about when it mentions documented information.
    Clause 7.5.2 is about document creation – you want clear documents, consistent format and authorized approval and review
    Clause 7.5.3.1 is about how to assure access to the documents to those that need to use them and how to protect them from loss of integrity and misuse
    Clause 7.5.3.2 is about versions change control and about controlling records

    The following material will provide you information about documented information:

    - ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

    - Procedure for Document and Record Control - https://advisera.com/9001academy/documentation/procedure-document-record-control/

    - free onl ine training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Internal audit requirements


    Answer:

    Yes, you are. Objectivity is an important issue when we speak about audits. Do not forget other issues like training about the standard and training about internal audits.

    The following material will provide you information about the internal audits:

    - ISO 9001 – Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
    - Free ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - free online training ISO 9001:201 5 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - ISO INTERNAL AUDIT: A PLAIN ENGLISH GUIDE - https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Risks and context


    Answer:

    Considering your strategic orientation your organization will determine relevant internal and external issues.

    As an example of internal issues, you can have:

    Quality problems;
    Low productivity;
    Delay problems;
    New subcontractor.
    As an example of external issues, you can have:

    Raw materials price evolution;
    New legislation that will affect what your customers, or your customers’ customers will buy;
    New technology that will affect how you manufacture, or how you sell;
    New consumer trends that will affect demand quality and volume.


    With this kind of issues in stake, we can look at them also as uncertainty generators. And risk is the effect of uncertainty on expected results.

    Quality problems, low productivity and delays can be viewed as the manifestation of risks. If your organization want to reduce the probability or frequency of those risks one good way to accomplish that is to change, to improve the processes where those risks are generated

    New consumer trends are an external issue that can be viewed as a risk, or an opportunity, perhaps your organization can focus production on a particular category where demand is increasing, and you have a competitive advantage. Do you need to make changes in the production? Or in the commercial approach to the market? Do you need changes in how to buy, or whom to subcontract?

    The following material will provide you information about the context and risks:

    - ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits – https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
    - ISO 9001:2015 Risk Management Toolkit – https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • CAR, PAR, Security control

    I'm understanding that in your context the P.A.R./C.A.R. is considered relevant and/or mandatory to be used, regardless of the ISO 27001 requirements.

    If this is the case, then you can use the PAR to handle the implementation of the controls (it will be your Risk Treatment Plan).

    The CAR can be used to handle security incidents or non conformances identified in audits, but not security threats (if the threat did not occur you should use the PAR).

    Again it is important to note that CAR and PAR documents are not required by ISO 27001 and this approach works as a mean to integrate ISO 27001 practices to your working framework.

  • Required GDPR documentation


    Answer:

    By the looks of it you are engaged in processing activities of both your employees as well as your customers. As you are a controller in both instances there are quite an extensive set of requirements that you need to comply with to achieve compliance with the EU GDPR and avoid the hefty fines. There are several record you may need to keep as required by the EU GDPR such as the “Inventory of Processing Activities” as well as records of your customer consents and if it comes to it you need to keep records of your personal data breaches.

    All of the records mentioned above as well as all additional documents that you n eed to achieve compliance can be found in our “EU GDPR Documentation Toolkit” https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

    You can also find out about EU GDPR compliance check our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • GDPR - Encrypted e-mails


    Answer:

    The EU GDPR in art. 23 – “Security of processing” (https://advisera.com/eugdpracademy/gdpr/security-of-processing/) mentions encryption as a means to protect personal data. It also mentions that “appropriate technical and organisational measures “ need to be taken according to the risks involving a specific processing activity.

    So, basically is up to the controllers and processors to determine which security measures they need to take. Coming back to the question whether an email should be encrypted or not you would need to think about the content of your emails. Basically emails that contain large amounts of personal data should be encrypted as well as emails containing sensitive personal data.

    If you want to learn more about the security of personal data you can check out our article “ How cybersecurity solutions can help with GDPR compliance” https://advisera.com/eugdpracademy/blog/2017/11/27/how-cybersecurity-solutions-can-help-with-gdpr-compliance/

  • Auditor competence for AS9100


    Answer:
    The AS9100 Rev D standard, as with the ISO 9001:2015 standard, does not state what is required for auditor competence for internal audits. So, as with all processes it is up to the company to define what the competences are for the internal auditors. If you define your competency as “having taken an AS9100 Rev D Internal Audit Training Course” then having taken an ISO 9001:2015 internal audit training course will not be sufficient.
    However, if you define your competencies as 1) understanding AS9100 Rev D, 2) Understanding process auditing, and 3) understanding the internal processes to be audited then you need to find a way to address each of these competencies. As process auditing is the same in ISO 9001:2015 and AS9100 Rev D then having the competence to audit is covered and all you need to fulfill is the competence to understand the AS9100 Rev D standard.
    For an understan ding of what is included in AS9100 Rev D see this whitepaper: https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d

  • Log monitoring and review

    NOTE : 'Control 12.4 Logging and Monitoring' has been marked applicable in the Statement of Applicability.

    Answer: By monitoring you are collecting and recording information about specific events, while review refers to a critical evaluation of the gathered results (and sometimes the set of data can show relevant information that cannot be seen from isolated events), so these are different actions, and control A.12.4.1 (Event logging Control) requires not only log recording, but also the review of the collected data.

    This article will provide you further explanation about log and monitoring:
    - Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/

    These materials will also help you regarding log and mon itoring:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Scope communication


    Answer: The scope statement should be known by the personnel who:
    - handles the information the ISMS is intended to protect;
    - work on the locations included in the ISMS scope;
    - work on the processes described in the ISMS scope

    Additionally, personnel that may affect or be affected by the ISMS (e.g., customers, suppliers, regulators) should be informed about the content that are relevant to them.

    These articles will provide you further explanation about ISO 27001 scope:
    - What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
    - How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
    - Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

    These materials will also help you regarding ISO 27001 scope:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 753-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +