Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk assessment and treatment process
Is the sequence in the last steps (SoA vs risk treatment plan) interchangeable or is there a correct way?
Answer: The ISO 27001 risk treatment consists of these requirements (exactly in this order):
- Selection of applicable risk treatment options
- Determination of necessary controls to implement the chosen options
- Comparison of determined controls against SO 27001 Annex A
- Elaboration of the Statement of Applicability
- Formulation of the Risk Treatment Plan
- Approval of the Risk Treatment Plan and residual risks
The standard follow this order because, besides the results of risk assessment, the risk treatment plan must also consider applicable legal requirements and top management decisions when defining actions, resources and deadlines to implement a control, and these information is found in the SoA justification for controls inclusions.
These articles will provide you further explanation about risk treatment and SoA:
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
This material will also help you regarding risk treatment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/ -
Cómo presentar los documentos en la auditoria
No es necesario tener impresos todos los documentos obligatorios para la auditoria interna, siempre y cuando todos los documentos obligatorios se encuentren correctamente codificados e identificados en soporte digital se daría cumplimiento a la parte documental de la norma ISO 9001:2015.
Para más información, vea el artículo "Cómo preparar su empresa para la auditoria de certificación (en inglés): https://advisera.com/9001academy/03/how-to-prepare-your-company-for-the-iso-9001-certification-audit/#
Estos materiales también pueden ser de utilidad para el proyecto de implementación y posterior auditoria :
- Libro "Preparación para la auditoria de certificación ISO: una guía en un lenguaje sencillo": https://advisera.com/books/preparacion-para-la-auditoria-de-certificacion-iso-una-guia-en-un-lenguaje-sencillo/
- Curso de fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Herramienta de cumplimiento en línea: https://advisera.com/conformio/ -
Deadlines for acceptance of documents
I recommend you to set the deadlines for the acceptance of individual documents in accordance to project files . It is important to follow the structure of the toolkit (the folders are numbered for the optimalimplementation) when implementing the standard, and of course, not to skip the folders.
This book can help you with the implementation project: "Preparations for the ISO implementation project: a plain English guide": https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
-
Starting off ISO 9001:2015
Following there are some tips that should help you to avoid most of the problems during the implementation:
- Get real management support – enough money, enough human resources. For this purpose the business benefit of the project need to be communicated to the top management.
- Establish project structure – nominate the project manager, the project sponsor, the project team (if needed), define the milestones, deadlines, outputs and budget.
- Do not try to write too many documents – you should aim at the minimum that is really needed; do not try to write too detailed documents (e.g., risk assessment) – such documents will be improved throughout time during the regular review process.
- Learn which documents and records are mandatory. In this article you can find the mandatory documents and those wh ich are recommended: https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
These materials will provide you information about ISO 9001:2015 implementation:
- Free online training ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Book "Discover ISO 9001:2015 Through Practical Examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Privacy notice
Answer:
Yes, you can do that. Alternatively you can also send the privacy notices to the employers instead of the data subjects. This may save you some time.
To find out more about privacy notices check out our webinar “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/ -
Questions in the DPIA
Or is there need for extending the questionnaire?
Can you help me with putting an sample example of one process in the DPIA register?
Answers:
The DPIA register is meant to be use as a tool to asses the risks related to a processing activity. Based on EU GDPR art. 35 – “Data protection impact assessment” ( https://advisera.com/eugdpracademy/gdpr/data-protection-impact-assessment/) the need to perform a DPIA is assessed by the controller and this first assessment is done through the first 5 questions in the DPIA register.
The questions within the DPIA register are consistent with the EU GDPR requirements but there is nothing keeping you in adding additional questions and to customize the document for your needs.
To find out more about how to perform DPIAs you can check out our free webinar “Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR” (https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/) as well as our article “ 5 phases of the EU GDPR Data Protection Impact Assessment” https://advisera.com/eugdpracademy/knowledgebase/5-phases-of-the-eu-gdpr-data-protection-impact-assessment/ -
GDPR Regions planning
Answer:
US is out of the question, Canada however because is one of the countries which was issued an adequacy decision may very well make some changes to its data protection legislation to match with the requirements of the EU GDPR.
Other countries such as Switzerland also announced that they will try to mirror the requirements of the EU GDPR in their own local laws.
If you want to find out more about the EU GDPR you can check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// -
SMART and Good Quality Objectives
Answer:
I know too several variations of that acronym. There is no need for a leading authority, your organization is free to decide which variation suits best. Really important is taking care of clause 6.2.1 when defining quality objectives.
The following material will provide you information about Good Quality Objectives:
- ISO 9001 – How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Documented information format
Answer:
The standard gives some examples about what can be considered as format. Language – if your organization is present in several countries you have to handle the language issue.
Software version – Will all users have access to the software for consulting?
Graphics – Will all procedures have the same graphic look? Will all work instructions have the same graphic look? Will all forms have the same graphic look?
The following material will provide you information about the documented information:
- ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://training.a dvisera.com/course/iso-90012015-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Documentación obligatoria en ISO 9001
En la nueva versión de la norma se reduce el número de documentos obligatorios que necesita para poder recibir la certificación. Sin embargo, es conveniente contar aún con algunos de los procedimientos que pueden ayudarle a realizar los procesos del Sistema de Gestión de Calidad de forma sistemática, es decir, que en futuras revisiones los procesos se lleven a cabo de la misma manera. En el siguiente artículo puede encontrar la lista de documentos obligatorios y documentos recomendados de la ISO 9001:2015:
https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
Los siguientes materiales pueden ayudarle con la ISO 9001:2015:
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos" (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso Fundamentos d e la ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Herramienta de cumplimiento en línea: https://advisera.com/conformio/