Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001 or ISO 13485


    Answer: I would say you have to identify first for what purpose this organization needs a certificate – if your clients prefer ISO 9001 better than ISO 13485, then you should go for the ISO 9001, and vice versa.

    This article will provide you further explanation about ISO 9001 implementation benefits:
    - Six Key Benefits of ISO 9001 Implementation https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/

  • The GDPR “right to be forgotten”


    Answer:

    The right to be forgotten is not an absolute right that the data subject has in relation with its data. A controller does not need to comply with such a request the processing is:
    - necessary for rights of freedom of expression or information;
    - for compliance with a legal obligation under Union or Member State law;
    - in the public interest or carried out by an official authority;
    - for public interest in the area of public health;
    - for archiving or research;
    - for legal claims.

    So, as you can see if there is a legal obligations set forth under Member State law then you need to keep the data even if the data subject requests for the data to be deleted.

    For more information about data subject rights you can check out or webinar “Data Subject Rights under the EU GDPR” https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/

  • Deciding on what to check


    Answer:

    As you can imagine there is no explicit requirement in ISO 9001:2015 to support those auditor demands. I do not know the particular requirements that your customers demand about the painting job, in the past I worked with a company that had to ensure a certain thickness layer of paint over a metal. Th e requirement was not on the paint characteristics but on the result, on the thickness. For that, they used an instrument to measure the thickness. If there is no customer requirement, and if in your risk assessment you saw no problems with the viscosity of the paint, there is no requirement to do what the auditor is asking.



    The following material will provide you information about product release:

    - ISO 9001 – ISO 9001: Requirements for the release of the product or servisse - https://advisera.com/9001academy/blog/2017/03/28/iso-9001-requirements-for-the-release-of-the-product-or-service/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Documenting the context


    Answer:

    There is no mandatory requirement from ISO 9001:2015 to keep documented information about the context of an organization. That is up to each organization to decide if they will document it and how. For example, it can be a meeting minute where a SWOT matrix was created and analyzed. About legal requirements, your organization can keep a database of all the legal requirements applied to your own organization. Your organization should know the legal requirements to be able to assume the compromise of meeting them.

    The following material will provide you information about the context of an organization:

    - ISO 9001 – How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
    - ISO 9001:2015 Case stu dy: Context of the organization as a success factor in manufacturing company - https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Handling non-conformities


    Answer: According to ISO 27001, clause 10.1 b) 2), causes of nonconformities shall be determined in order to evaluate the need to take action to eliminate them and prevent nonconformities recurrence, or occurrence elsewhere. Considering that, since the outsourced services are affecting your ISMS, a root cause analysis must be performed.

    This article will provide you further explanation about handling nonconformities:
    - Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
    - 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

    These materials will also help you regarding handling nonconformities:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Disaster Recovery Plan template


    Answer: Usually there is a single RTO for a whole process / department, and all activities and applications related to it have to meet this RTO.

    If you have applications that really have to meet different RTOs (normally this occurs because these RTOs are smaller than the general established RTO), then you should create separate plans.

    This material will also help you regarding disaster recovery plans:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • Approved supplier list


    Answer:

    No, there is no explicit requirement for having an approved supplier list under ISO 9001:2015. Imagine that you work in a governmental organization, most countries require public tenders to which potential suppliers have to compete and don’t allow approved suppliers lists.

    The following material will provide you information about the external providers:

    - ISO 9001 – Purchasing in QMS – The Process & the Information Needed to Make it Work - https://advisera.com/9001academy/blog/2014/03/18/purchasing-qms-process-information-needed-make-work/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Major Incident communication


    Answer:
    Communication is one of the essential during Major Incident resolution. Communication should be timely and regular. During the communication (e.g. bridge call, as you suggested) you should focus on customer's business process, facts (particularly if you can explain them in some measurable way, or in monetary values) and to ensure customer that you know what you are doing i.e. that you'll bring that incident to the resolution. Also, take customers' alternatives serious. It could be that they contain some usable elements.

    This article can give you more information "
    Major Incident Management – when the going gets tough…" https://advisera.com/20000academy/knowledgebase/major-incident-management-going-gets-tough/

  • Risks an opportunities at department level

    List the department objectives.

    • Satisfy the needs of workers to keep up with the company's growth
    • Reduce the occurrence of problems related to skills gaps
    • Increase the effectiveness of actions to fill skills gaps
       

    What can positively affect (opportunities) the ability to meet those objectives? (examples)

    • Increase the company's notoriety to make it more attractive to potential employees.
    • Create a reward system for workers who bring in new workers.
    • Adopt a new methodology for identifying gaps in skills.
    • Change the criteria for selecting trainers to give weight to the quality of results in previous training
       

    List the department's main activities.

    • Select and recruit
    • Onboard training
    • Competency gaps detection …
       

    What can positively affect (opportunities) the ability to meet desired effects? (examples)

    • Digitize the recruiting process to more quickly respond to production requests.
    • Set up an online training program to speed up the onboarding training

  • Privacy Notices


    Answer:

    The purpose of the Privacy Notice is to provide the data subject with information about the processing activities related to his/her personal data. If you have similar processing activities you can choose to have a single Privacy Notice to cover multiple scenarios.

    You can use “layering” to provide the individual with a short summary of the important or unusual uses of their personal data and provide a link to a full specific privacy notice for those who want the detail.

    You can find more information about Privacy Notices by accessing our webinar “Privacy Notices Under the EU GDPR” - https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/
Page 782-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +