Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001 certification


    Answer:

    Any organization can implement a quality management system according to ISO 9001. What results does your organization intends to meet by being certified? If your customers value being also ISO 14001 perhaps you should implement an integrated system (quality and environmental).

    The following material will provide you information about the benefits of certification:

    - ISO 9001 – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
    - ISO 14001 - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • ISO 27001 and EU GDPR


    Answer: ISO 27001 is a standard which focus on protection of information, and EU GDPR is a regulation defining requirements for protection of privacy, so ISO 27001 can be used as basis to achieve compliance with ca 50% of EU GDPR.

    These articles will provide you further explanation about ISO 27001 and EU GDPR:
    - ISO 27001 implementation checklist https://a dvisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    - 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/
    - Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/

    These materials will also help you regarding ISO 27001 and EU GDPR:
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - Free online training EU GDPR Foundations Course https://advisera.com/training/eu-gdpr-foundations-course//

  • Vulnerability scanning periodicity


    Answer: ISO 27001 specify only which objectives must be achieved when performing a vulnerability scanning (see control A.12.6.1 Management of technical vulnerabilities). The frequency should be defined by each organization, considering the perceived risks and the sensitiveness of the information and information systems involved.

    These articles will provide you further explanation about penetration testing:
    - How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
    - How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

    This material will also help you regarding penetration testing:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Policy template content


    Track name                                        [List of authorized persons to access documents]
    Storage location                               With the information itself, at the place where the degree of secrecy is indicated
    Responsible person for storage     Information resource owner
    How to protect records                   In the same way that information is protected
    Storage time                                      The list must exist for the duration of the information itself

    Track name  – what does the track refer to?

    Example: The price in the contract or the whole contract? A record in database or entire database?

    Answer: The track name refers to the name by which the record is known in the organization. For example, for contracts you may use as track name the word "contract"to refer to any type of contract, the expression "customers contracts", to refer to contracts related only to customers, or the expression "service contracts" to refer to contracts related to services provided by your organization. This definition is up to each organization depending on how it refers to its information.

    These materials will also help you regarding control of documents:
    - Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Root cause analysis in AS9100D


    Answer:
    The AS9100 Rev D standard does not specify how you identify root cause analysis, so unless you have customer requirements telling you how you will do the root cause analysis you can choose any way you wish; 5 Why, fishbone, 8D, etc.

    It is also useful to note that the new revision of AS9100 now allows you to made a determination for your process nonconformities to determine if you require the full root cause analysis and corrective action to address this (See clause 10.2.1 b). You do need to correct the problem and deal with the consequences, but you can then determine if you need to take action to eliminate the cause of the nonconformity. Again, if your customer is requiring you to perform full root cause analysis on a problem you will not have a choice.

    For more information on the corrective action process in AS9100 Rev D see this article: https://advisera.com/9100academy/knowledgebase/corrective-actions-vs-continual-improvement-in-as9100/

  • Supplier Data Processing Agreements

    Is the reseller's duty to ensure the products its sells are compliant with the legal requirements including the EU GDPR.

  • Quality Manual content


    Answer:

    Now, ISO 9001:2015 does not require a quality manual, so we have total liberty to develop that kind document. I like your idea or making it as short as possible, perhaps 10 pages. 10 pages where you answer to questions like:

    a) Who are we?

    b) What do we do?

    c) Whom do we serve?

    d) What kind of compromises do we assume?

    e) How do we work? (where you can map your processes and explain each one in plain English. I like to use photos and charts as much as possible)

    The following material will provide you information about the quality manual:

    - ISO 9001 – Writing a short Quality Manual - https://advisera.com/9001academy/knowledgebase/writing-a-short-quality-manual/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Controller vs processor


    Answer:

    For the situation you described the insurance company acts as a controller in its own rights because they would be determining the means and purpose of the processing regarding the data of your employees.

    If you want to find out more about the distinction between processors and controllers check out our article “EU GDPR controller vs. processor – What are the differences?” - https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

  • Contracts and compliance with GDPR requirements

    2) Do we need to obtain consents from impacted personnel of third parties (e.g., we concluding contract with consulting firm or non-EU financial institution)?

    Answers:

    1. When acting as a controller or example for the processing of personal of your employees you would need to inform them about the processing activities . You can do that by using a “Privacy Notice” which is aimed at explaining to the employees the Employee Privacy Notice can be delivered to the new employees when sign the labor agreement. The employees do not have to agree with the content of Notice but just have to acknowledge it. For existing employees you can chose to post the Notice on your internet and inform them that they can access it at any time. We are currently working on an Employee Privacy Notice that should be with you sometime next week.

    Regarding your contracts with your that process data on your behalf you will need to have in place a Supplier Data Processing Agreement which you can find in folder 7. Third Party Compliance in our EU GDPR Documentation Toolkit.

    If you want to find out more about the impact of EU GDPR on your HR activities you can check out our article “How the GDPR could impact your HR department” - https://advisera.com/eugdpracademy/blog/2018/02/22/how-the-gdpr-could-impact-your-hr-department

    2. If you are transferring personal data outside the EEA is not necessarily to have the consent of the data subject. You need, however, to notify him/her about the cross border data transfer. If you transfer data outside the EEA just make sure that you use the Standard Contractual Clauses you find in folder 6. Personal data transfers.
Page 780-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +