Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Un sólo documento o varios
Respuesta: Sí, podrías tener un único documento incluyendo información sobre el alcance, objetivos, funciones, etc, pero en mi opinión, esta no es la mejor manera, porque estás mezclando conceptos que son diferentes, y si tienes un único documento con mucha información, puede ser difícil e incómodo encontrar algo. Por tanto, lo mejor es que tengas un documento para el alcance, otro para la política de seguridad de la información y objetivos, etc.
Recuerda que existe una lista de documentos que son obligatorios, que puedes ver aquí “Lista de documentos obligatorios exigidos por la norma ISO 27001 (revisión 2013)” : https://advisera.com/27001academy/es/knowledgebase/lista-de-documentos-obligatorios-exigidos-por-la-norma-iso-27001-revision-2013/
Y este artículo puede ayudarte a estructurar los documentos para los controles del Anexo A de la ISO 27001 “How to structure the documents for ISO 27001 Annex A controls” : https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/ -
ISO 9001
Respuesta: La última versión de la ISO 9004 es la ISO 9004:2018, y puedes descargarla directamente de la página oficial de iso.org
Con respecto a la segunda cuestión, disculpa, pero no ofrecemos ese tipo de servicios.
Finalmente, quizas puedan interesarte estos artículos:
"ISO 9004" : https://advisera.com/9001academy/knowledgebase/iso-9004/
“How to make your QMS successful with ISO 9004” https://advisera.com/9001academy/blog/2015/04/28/how-to-make-your-qms-successful-with-iso-9004/# -
GDPR related question about SPAM email
Answer:
What you are describing is commonly referred to as unsolicited marketing. The EU GDPR states that for marketing you need to obtain the consent of the data subject. Also, the ePrivacy Directive imposes additional constraints if you market by telephone, email or fax.
For example, you can only send direct marketing to someone by email if:
- they have given you consent; or
- you have an existing relationship with them and fall within the so-called similar products and services exemption
Unless one of the two criteria apply I would suggest to file a complaint to your local Supervisory Authority.
You can find out about how the EU GDPR will affect marketing by checking out our free webinar “How GDPR Affects Marketing Practices” https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/ -
Content of the medical device file
Answer:
The medical device file should contain the following information:
- General description of the medical device, intended purpose and instructions for use (I think you've covered that)
- specification for the product
- specifications or procedures for manufacturing, packaging, storage, handling and distribution;
- procedures for monitoring and measuring;
- procedure for installation, if appropriate; and
- procedure for servicing, if appropriate.
For more information, see: How to meet ISO 13485:2016 requirements for medical device files https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/ -
IATF Certificate suspension
I am trying to find out what is the process for IATF certification suspension for the corporate scheme.
The situation is like this: one corporate scheme has few manufacturing sites. What happens if the central functions are claimed by the customer as having an issues? How the manufacturing sites are impacted and where I can find this information? Can the certification body request a special audit at a manufacturing site even if the issues is strictly related to the central functions? The central functions have their own IATF certification audit. In the 5th rules I was not able to find all this details.
Answer:,
According to Rules for achieving and maintaining IATF recognition, the certification body can suspend the certificate if the certification body receives a performance complaint against the client from an IATF OEM member, its relevant IATF Oversight office, or any automotive customer of the client.
The certification body must undertake immediate analysis of the situation to dete rmine the severity of the situation and risk to the customers of the certified client, taking into account, where applicable, IATF OEM customer-specific requirements. This analysis shall be completed within a maximum of twenty (20) calendar days from the start date of the decertification process.
Since the manufacturing sites are under the same certificate as the central office, they can also be subjected to additional audits.
For more information, you can take a look at Rules for achieving and maintaining IATF recognition 5th edition, clause 8.0 CERTIFICATE DECERTIFICATION PROCESS -
Appendix for Inventory of Processing Activities
Answer:
EU GDPR art. 30 “Records of processing activities” https://advisera.com/eugdpracademy/gdpr/records-of-processing-activities/ states that you need to provide a “of data subjects and of the categories of personal data” which suggest that a certain amount of granularity is required and sensitive and non-sensitive would not be enough. -
Information security and ISO 27001 topics
Contudo, gostaria de saber se existe a possibilidade de me fornecer algum material que me ajude nos seguintes tópicos:
Grupo 6 - ISO 27001 - Tecnologia da informação
Iniciar com conceitos e definições do que é “ISO 27001 ”; Quando surgiu, onde surgiu; Atuação das empresas na busca da ISO 27001; Custos de implantação; Concorrência e mercado; Certificação (como é o processo); Quais os requisitos da norma; Exemplos de empresa que aplicam; Por que esta empresa adotou esta norma; Resultados/benefícios desejados; Etc; Desde já grato pela atenção e ao seu dispor.
(I am a Logistics student at XXXX and I need to prepare an academic paper about ISO 27001 requested by the XXXX professor.
However, I would like to know if there is a possibility of providing me with some material that will help me in the following topics:
Group 6 - ISO 27001 - Information technology
Start with concepts and definitions of what is "I SO 27001"; When it arose, where it arose; Companies acting in the search for ISO 27001; Implementation costs; Competition and market; Certification (how is the process); What are the requirements of the standard? Examples of companies that apply; Why this company adopted this standard; Desired outcomes / benefits; Etc; Thank you in advance for your attention and at your disposal.)
Answer: For some topics you asked for information, I suggest you these materials:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO survey https://www.iso.org/the-iso-survey.html
These materials will also help you regarding your questions:
- Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project
- Applicability of ISO 27001 divided by industry https://info.advisera.com/27001academy/free-download/applicability-of-iso-27001
- Checklist of mandatory documentation required by ISO 27001:2013 https://info.advisera.com/27001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-27001
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Mandatory documents as barriers in ISO 9001
Answer:
ISO 9001 is a general standard applicable to any organization. ISO 9001 per se has no mandatory document especially difficult to obtain. What ISO 9001 determines is that any mandatory requirement extra-ISO 9001 text is what any organization already has to submit independently of the standard, due to regulations and legislation.
The following material will provide you information about statutory and regulatory requirements:
- ISO 9001 – How to include statutory and regulatory requirements in your QMS - https://advisera.com/9001academy/blog/2017/02/14/how-to-include-statutory-and-regulatory-requirements-in-your-qms/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Determining environmental objectives
Answer:
When determining the environmental objectives for an organization you should start by the environmental policy. An environmental policy is not written on the air based on abstractions, it is a top management statement based on choices after an environmental assessment. For example, a small service organization can have as significant environmental impacts things like: emissions that could affect local air quality and/or generate greenhouse gas emissions after employees transportation to customers sites where they perform services; landfill occupation with urban wastes generated, …
Now, consider that among all significant environmental impacts top management decided that emissions from transportation and recyclability are very important and were included as commitment to improve performance in the environmental policy. In that case, Reducing air emissions by changing part of the fleet to electric cars or by usin g more public transportation can be a general objective. Increasing solid waste segregation and establishing targets for recyclability can be another genera objective.
The following material will provide you information about environmental objectives:
- ISO 14001 – How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
- Ensuring that environmental objectives are aligned with the company’s strategic direction - https://advisera.com/14001academy/blog/2017/02/06/ensuring-that-environmental-objectives-are-aligned-with-the-companys-strategic-direction/
- Environmental Objectives and Plans for Achieving Them - https://advisera.com/14001academy/documentation/environmental-objectives-targets-and-programs/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Incentives to collect opt-ins from user
Answer:
Based on the requirements EU GDPR article 7 “Conditions for consent” https://advisera.com/eugdpracademy/gdpr/conditions-for-consent/) consent must be a freely given, specific, informed and unambiguous indication of the individual’s wishes. You must also keep records so it can demonstrate that consent has been given by the relevant individual.
Regarding the incentive part the only way that work in my view is that you can offer “coupons” to those customers that have consented to marketing activities. Basically, since the coupons themselves can contain marketing only the customers that have consented to receive marketing.
You can learn more about marketing consent from our webinar “ How GDPR Affects Marketing Practices “ https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/