Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Incentives to collect opt-ins from user
Answer:
Based on the requirements EU GDPR article 7 “Conditions for consent” https://advisera.com/eugdpracademy/gdpr/conditions-for-consent/) consent must be a freely given, specific, informed and unambiguous indication of the individual’s wishes. You must also keep records so it can demonstrate that consent has been given by the relevant individual.
Regarding the incentive part the only way that work in my view is that you can offer “coupons” to those customers that have consented to marketing activities. Basically, since the coupons themselves can contain marketing only the customers that have consented to receive marketing.
You can learn more about marketing consent from our webinar “ How GDPR Affects Marketing Practices “ https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/ -
Specific consent
Generally speaking, do we have to mention each third service provider by name in our privacy policy in order to be eligible to use these 3rd services?
Answers:
1. You don’t need to have the consent your customers if you are using a third party as a processor. However you need to mention in the Privacy Notice that you may use third parties that may have access to their personal data.
2. The answer is no. You just need to specify the type of activity that the supplier is providing in generic terms. -
Specification of Information System Requirements
Answer: Unfortunately we have to apologize about not having a video tutorial about this issue, but to help you fill in this document you can schedule a meeting with one of our experts (some sessions with our experts are included in the toolkit you bought). To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/
This article will provide you further explanation about defining system requirements:
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
2 - Is this document in reference to the applications that we develop or is this in reference to the tools we use to maintain and develop the applications? The question at hand is what does “Information Systems” reference? Is it the internal applications/tools used to produce our product? Is it the external applications that our clients use, that are developed by us? Could it be both?
Answer: Let's start with the definition of Information systems. For ISO 27001, information systems are software, hardware, databases and any other asset used to store and/or process information.
The purpose of this document is to document all requirements for new information systems, and for improvements of existing information systems, whether they are used internally or by customers.
Considering that, this document is applicable either for systems your organization develops, and for systems your organization acquires, for internal purposes only or to provide to external customers. Your organization can define the range of application in the ISMS scope statement.
3- With internal applications, we can dictate specifically access and security as these systems are only for company use. With external applications, we lose control as while these have specific purposes, the end user dictates the use of these.
If we do apply to external applications, does it apply only to the process to ensure that any work done by us is verified to not to significantly affect the end user’s use, regardless of how they use it? For example, for system XXXX is specifically built for XXXX but we do know that we have at least one client that specifically caters to XXXX. The application is the same but workflows are different.
Answer: As mentioned in the previous answer, this document covers the system's requirements, i.e., what a system can do, what it cannot do, and how it must behave under specific conditions. Specifically for the applications you develop for third parties, the conditions to not significantly affect the end user’s use most probably will come from the end users. -
Additional evidences of competence
Answer:
The standard does not prescribe what kind of evidence of competence the organization will provide, it can be training record, diplomas, certificates, CVs and any other record that demonstrates that the employee is competent to perform certain activity.
The only novelty in the new standard is that the organization will need to provide documented evidence of the trainer's competency to perform internal audit training, but other than that there are no changes in requirements for competency.
For more information, see: How to ensure competence of your employees according to IATF 16949 https://advisera.com/16949academy/blog/2017/10/04/how-to-ensure-competence-of-your-employees-according-to-iatf-16949/ -
Training internal auditors
Answer:
The shorter answer is NO! Your internal audit team members do not have to be "trained/certified" by an external registrar for the 2015 edition, your organization can simply perform your own internal training program to communicate the changes with the new standard. Remember, it is your organization that have the authority to define what are the competence requirements to be internal auditor in your organization.
The following material will provide you information about internal auditor competence:
Check this article about ISO 14001 but applicable to ISO 9001 – What competences should an ISO 14001 internal auditor have? - https://advisera.com/14001academy/blog/ og/2016/07/04/what-competences-should-an-iso-14001-internal-auditor-have/
- free online training - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- free online training - ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Process modeling
Answer:
If you see my book “Discover ISO 9001:2015 Through Practical Examples” (see link below) and click on the left “Click to Look Inside” you can see how to model an organization using the process approach and then, how to map each process with simple techniques.
The following material will provide you information about the process approach:
- ISO 9001 – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Context and ISO 14001
Answer:
Independently of the economic sector I use as a basis the PESTEL framework. Having environment in mind defy your team to think if there are actual or foreseeable issues relevant about:
Politics;
Economic;
Social;
Technology;
Environmental;
Legislation.
For example; imagine the future impact of cars without drivers: cars will be less prone to accidents. Will car makers use less steal? Will car makers use plastic composites instead of metal? Less demand for steel? Less mining activity? Smaller steel manufacturing plants?
The following material will provide you information about context determination:
- ISO 14001 – Determining the context of the organization in ISO 14001 - https://advisera.com/14001academy/knowledgebase/determining-the-context-of-the-organization-in-iso-14001/
- List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Privacy Notices Under the EU GDPR
For the case you mentioned I would suggest to put the Privacy Notice on your website and to communicate them to the European Customer together with the first communication(email, telephone) you initiate with him. -
Applicability of GDPR on business secret data
Answer:
The EU GDPR protects the rights and freedoms of individuals as regards to their personal data. The EU GDPR defines personal data as being “any information relating to an identified or identifiable natural person” (art 4 – “Definitions” https://advisera.com/gdpr/definitions/
So unless your patent information or copyright information don’t fall under the EU GDPR unless they contain personal data of individuals which is highly unlikely. -
ISO 14001 and stakeholders
Answer:
Your organization can consider, for example:
* its neighborhood as a relevant environmental stakeholder. Then, your environmental management system, according to ISO 14001:2015, should consider their relevant expectations about the environment like environmental noise and work to reduce it;
* its customers as a relevant environmental stakeholder. Then, your environmental management system, according to ISO 14001:2015, should consider their relevant expectations about the environment like easy recyclability and work to improve it.
The following material will provide you information about environment and stakeholders:
- ISO 14001 – How to determine interested parties according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-determine-interested-parties-according-to-iso-140012015/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/