Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Mandatory documents as barriers in ISO 9001


    Answer:

    ISO 9001 is a general standard applicable to any organization. ISO 9001 per se has no mandatory document especially difficult to obtain. What ISO 9001 determines is that any mandatory requirement extra-ISO 9001 text is what any organization already has to submit independently of the standard, due to regulations and legislation.

    The following material will provide you information about statutory and regulatory requirements:

    - ISO 9001 – How to include statutory and regulatory requirements in your QMS - https://advisera.com/9001academy/blog/2017/02/14/how-to-include-statutory-and-regulatory-requirements-in-your-qms/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Determining environmental objectives


    Answer:

    When determining the environmental objectives for an organization you should start by the environmental policy. An environmental policy is not written on the air based on abstractions, it is a top management statement based on choices after an environmental assessment. For example, a small service organization can have as significant environmental impacts things like: emissions that could affect local air quality and/or generate greenhouse gas emissions after employees transportation to customers sites where they perform services; landfill occupation with urban wastes generated, …

    Now, consider that among all significant environmental impacts top management decided that emissions from transportation and recyclability are very important and were included as commitment to improve performance in the environmental policy. In that case, Reducing air emissions by changing part of the fleet to electric cars or by usin g more public transportation can be a general objective. Increasing solid waste segregation and establishing targets for recyclability can be another genera objective.

    The following material will provide you information about environmental objectives:

    - ISO 14001 – How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
    - Ensuring that environmental objectives are aligned with the company’s strategic direction - https://advisera.com/14001academy/blog/2017/02/06/ensuring-that-environmental-objectives-are-aligned-with-the-companys-strategic-direction/
    - Environmental Objectives and Plans for Achieving Them - https://advisera.com/14001academy/documentation/environmental-objectives-targets-and-programs/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • Incentives to collect opt-ins from user


    Answer:

    Based on the requirements EU GDPR article 7 “Conditions for consent” https://advisera.com/eugdpracademy/gdpr/conditions-for-consent/) consent must be a freely given, specific, informed and unambiguous indication of the individual’s wishes. You must also keep records so it can demonstrate that consent has been given by the relevant individual.

    Regarding the incentive part the only way that work in my view is that you can offer “coupons” to those customers that have consented to marketing activities. Basically, since the coupons themselves can contain marketing only the customers that have consented to receive marketing.

    You can learn more about marketing consent from our webinar “ How GDPR Affects Marketing Practices “ https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/

  • Specific consent

    Generally speaking, do we have to mention each third service provider by name in our privacy policy in order to be eligible to use these 3rd services?

    Answers:

    1. You don’t need to have the consent your customers if you are using a third party as a processor. However you need to mention in the Privacy Notice that you may use third parties that may have access to their personal data.
    2. The answer is no. You just need to specify the type of activity that the supplier is providing in generic terms.

  • Specification of Information System Requirements


    Answer: Unfortunately we have to apologize about not having a video tutorial about this issue, but to help you fill in this document you can schedule a meeting with one of our experts (some sessions with our experts are included in the toolkit you bought). To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/

    This article will provide you further explanation about defining system requirements:
    - How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/

    2 - Is this document in reference to the applications that we develop or is this in reference to the tools we use to maintain and develop the applications? The question at hand is what does “Information Systems” reference? Is it the internal applications/tools used to produce our product? Is it the external applications that our clients use, that are developed by us? Could it be both?

    Answer: Let's start with the definition of Information systems. For ISO 27001, information systems are software, hardware, databases and any other asset used to store and/or process information.

    The purpose of this document is to document all requirements for new information systems, and for improvements of existing information systems, whether they are used internally or by customers.

    Considering that, this document is applicable either for systems your organization develops, and for systems your organization acquires, for internal purposes only or to provide to external customers. Your organization can define the range of application in the ISMS scope statement.

    3- With internal applications, we can dictate specifically access and security as these systems are only for company use. With external applications, we lose control as while these have specific purposes, the end user dictates the use of these.

    If we do apply to external applications, does it apply only to the process to ensure that any work done by us is verified to not to significantly affect the end user’s use, regardless of how they use it? For example, for system XXXX is specifically built for XXXX but we do know that we have at least one client that specifically caters to XXXX. The application is the same but workflows are different.

    Answer: As mentioned in the previous answer, this document covers the system's requirements, i.e., what a system can do, what it cannot do, and how it must behave under specific conditions. Specifically for the applications you develop for third parties, the conditions to not significantly affect the end user’s use most probably will come from the end users.

  • Additional evidences of competence


    Answer:

    The standard does not prescribe what kind of evidence of competence the organization will provide, it can be training record, diplomas, certificates, CVs and any other record that demonstrates that the employee is competent to perform certain activity.

    The only novelty in the new standard is that the organization will need to provide documented evidence of the trainer's competency to perform internal audit training, but other than that there are no changes in requirements for competency.

    For more information, see: How to ensure competence of your employees according to IATF 16949 https://advisera.com/16949academy/blog/2017/10/04/how-to-ensure-competence-of-your-employees-according-to-iatf-16949/

  • Training internal auditors


    Answer:

    The shorter answer is NO! Your internal audit team members do not have to be "trained/certified" by an external registrar for the 2015 edition, your organization can simply perform your own internal training program to communicate the changes with the new standard. Remember, it is your organization that have the authority to define what are the competence requirements to be internal auditor in your organization.

    The following material will provide you information about internal auditor competence:

    Check this article about ISO 14001 but applicable to ISO 9001 – What competences should an ISO 14001 internal auditor have? - https://advisera.com/14001academy/blog/ og/2016/07/04/what-competences-should-an-iso-14001-internal-auditor-have/
    - free online training - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - free online training - ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Process modeling


    Answer:

    If you see my book “Discover ISO 9001:2015 Through Practical Examples” (see link below) and click on the left “Click to Look Inside” you can see how to model an organization using the process approach and then, how to map each process with simple techniques.

    The following material will provide you information about the process approach:

    - ISO 9001 – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Context and ISO 14001


    Answer:

    Independently of the economic sector I use as a basis the PESTEL framework. Having environment in mind defy your team to think if there are actual or foreseeable issues relevant about:

    Politics;
    Economic;
    Social;
    Technology;
    Environmental;
    Legislation.

    For example; imagine the future impact of cars without drivers: cars will be less prone to accidents. Will car makers use less steal? Will car makers use plastic composites instead of metal? Less demand for steel? Less mining activity? Smaller steel manufacturing plants?

    The following material will provide you information about context determination:

    - ISO 14001 – Determining the context of the organization in ISO 14001 - https://advisera.com/14001academy/knowledgebase/determining-the-context-of-the-organization-in-iso-14001/
    - List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • Privacy Notices Under the EU GDPR

    For the case you mentioned I would suggest to put the Privacy Notice on your website and to communicate them to the European Customer together with the first communication(email, telephone) you initiate with him.
Page 762-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +