Search results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Planning changes to the QMS


    Answer:

    Presently I am working with a manufacturing shoe company with a QMS for production of comfort fashion shoes. They are making a change to their QMS to include in the scope the production of occupational uniform shoes to corporations – other requirements, other materials, other processes.

    Last year I worked with an injection molding company that duplicated the number of machines and changed location to another site, with a lot of new workers recruited – that was a great change in planning, operating and controlling production.

    Some years ago, I worked with a machine manufacturing company. One of their operations was painting parts of the machines. Then, due to stricter environmental legislation they decided to subcontract that operation to a painting services specialist. They had to change their production planning and quality control to consider the new flow of production.

    I hope that these examples show what can be considered “a change to the QMS”.

    The following material will provide you information about planning change:

    - ISO 9001 – QMS Change Management in 7 steps - https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
  • Personal data


    Answer: Broadly speaking, any information that can identify or be related to an identifiable natural person must be considered personal data (e.g., name, address, email address, etc.).

    Considering that, the most common information gathered during an internal audit that is personal data refers to employees and to their competence records. Depending upon the QMS scope, an auditor may have access to organization's clients personal data (e.g., when the organization's scope includes customer support services, or financial processes), so you should consider evaluating the scope statement to identify other types of personal data that auditor may be find.
  • Organizational knowledge and processes or individuals


    Answer:

    The first two paragraphs of clause 7.1.6 are about keeping and sharing when needed, the necessary knowledge to operate processes and getting conforming products and services. What I do is: look for each process and list the roles that participate, and determine what kind of knowledge someone with that role need to be autonomous and make good decisions, aligned with the quality policy and objectives. So, it is about processes and roles more than with individuals. Individuals come when you look to competencies and clause 7.2.

    The following material will provide you information about the organizational knowledge:

    - ISO 9001 – How to manage knowledge of the organization according to ISO 9001 – https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
    - free online training ISO 9001:2015 Foundations Course – https://t raining.advisera.com/course/iso-90012015-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
  • Employee security awareness training


    Answer:

    There is no single document explaining to employees what to do and how to treat personal data within the a specific company. However, if you take a closer look each of the policies/procedures in the “EU GDPR Documentation Toolkit” refer to specific tasks that some employees need to undertake in order to ensure compliance with the EU GDPR.

    You can start by going through the documents starting with the “Personal data protection policy” and build up your own list of responsibilities for your employees.

    You can also use our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course// as a reference.
  • Re-consent


    Answer:

    Unless the 20000 emails belong to the members of the charity you would need to reach out to get consent from the data subject before engaging them is email and SMS marketing activities. If you don`t have the means to prove that consent was given is a if it does not exist.

    Makes sure that the consent fulfills the requirements of the EU GDPR namely to be freely given, specific, informed and unambiguous indication of the individual’s wishes. You must keep records so it can demonstrate that consent has been given by the relevant individual.

    To find out more about consent you can check out our webinar “How to handle consents under GDPR” (https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/ ) as well as our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//
  • Resources for ISO 27001 Exam

    Thats great many thanks for your help. Syed.
  • Reaction plan vs Contingency plan


    Answer:

    There is no big difference between contingency and reaction plan, the both plans represent the series of steps that you would take in response to a specified abnormal condition and help to minimize damage. They are often referred to as "Plan B," because they can be also used as an alternative for action if expected results fail to materialize. The plans are a component of business continuity, disaster recovery and risk management.

    Here you can download free preview of our Contingency Plan https://advisera.com/16949academy/documentation/contingency-plan/
  • Data Protection Directive


    Answer:

    Where consent has been given under the Data Protection Directive, it will continue to be valid under the EU GDPR if it also meets the requirements of the Regulation.

    This may be difficult given the new and stringent requirements for consent. In theory, you should therefore consider approaching your existing customers to obtain a fresh consent that is valid under the EU GDPR. Be aware that opt-out consents are not valid under the EU GDPR.

    Basically you need to benchmark the consents you already have against the requirements of the EU GDPR and if the consents meet those requirements you need to do nothing if they don`t you need to reach out to the individuals to get new compliant consents.
  • ISO 27001/GDPR


    Answer:

    ISO 27001 is a standard that specifically deals with information security. ISO27001 and GDPR overlap in terms of keeping personal data secure as required by EU GDPR art. 32 “Security of processing” (https://advisera.com/eugdpracademy/gdpr/security-of-processing/).

    So, basically adding to your current security framework additional measures as per the ISO27001 standard will help you to be in compliance with the EU GDPR.

    To learn more about the EU GDPR check out our “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//
  • Personal data

    If we give a work-issued cell phone number as part of the contact information does that count as GDPR Personal Data as the number can be called to reach the data subject?

    Answers:

    1. The phone number and email address personal data because they relate to a individual are personal data regardless if it relates to work. The physical address of data subject is not necessary for the rest of the data set to be considered personal data.
    2. Yes it does, because the phone number relates to an individual.
Page 757-vs-13485 of 1130 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +