Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Selling consulting services
Answer:
In your proposal you want to be clear to your potential customer about the outcomes of the project, about what kind of resources you need from the customer to execute the project (a Project responsible from the customer side, team members with time to work on the project), about the duration of the project and about the price that you will charge, and the terms of payment.
The following material will provide you information about writing a Project Plan and selling consulting services:
- ISO 9001 – Project proposal for ISO 9001 Implementation - https://info.advisera.com/9001academy/free-download/project-proposal-for-iso-9001-implementation-ms-powerpoint
How to sell your ISO 9001 consulting services - https://advisera.com/9001academy/blog/2017/06/20/how-to-sell-your-iso-9001-consulting-services/
- Free webinar – How to sell ISO consulting services - https://advisera.com/9001academy/webinar/how-to-sell-iso-consulting-services-free-webinar-on-demand/ -
ISO9001: Integrating QMS and Business Processes
Answer:
The key to integrating the business processes and QMS processes is to first identify what the business needs are (a SWOT analysis is recommended), which will allow you to identify your strategic company direction. From this you can then create your quality objectives to support your business needs, thus aligning your quality objectives to your strategic direction.
Once these quality objectives are created they can be integrated into your business processes so that the processes you use to run your business link to your overall business objectives. For instance, If you have a quality objective for improving on-time delivery, you can then have objectives and measurables for the important business process to meet to ensure this on-time delivery is improved.
For more information, see this article on writing quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/ -
ISO 27001 ¿Para personas y empresas?
Respuestas: Con respecto a la primera pregunta, la certificación ISO 27001 es realmente para empresas, aunque una persona también puede obtener la cualificación en ISO 27001 (como auditor o como implementador). Este artículo puede resultarte interesante “Lead Auditor Course vs. Lead Implementer Course - Which one to go for?” : https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/
Y también este "ISO 27001 certification for persons vs. organizations" : https://advisera.com/27001academy/iso-27001-certification/
Con respecto a la segunda pregunta, si tu compañía quiere implementar la ISO 27001, o tu compañía quiere ofrecer servicios relacionados con la ISO 27001, puedes obtener el conocimiento sobre este estándar con cursos como los que te he mencionado arriba, y probablemente la organización le interese pagarte el curso, porque puede ser una oportunidad de negocio para ellos (la compañía necesita siempre un beneficio). Este artículo te puede resultar interesante “How to become an ISO 27001 / ISO 22301 consultant” : https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/
Con respecto a la tercera pregunta, generalmente los cursos que conozco tienen una duración de unas 15-20 horas, que puedes hacer en 1 ó 2 semanas. Con respecto el coste, lo siento, pero depende de la compañía, y hay muchas compañías ofreciendo estos cursos, y los precios son muy variables. En cualquier caso, estos cursos gratuitos te pueden interesar:
“ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
“ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/
Finalmente, puedes encontrar aquí recursos gratuitos que puedes usar para aprender los principios básicos sobre la ISO 27001, y puedes usarlos para empezar a trabajar en este sector https://advisera.com/27001academy/es/descargas-gratuitas/ -
Standard list of types of personal data
Answer:
You could use the following taxonomy as a reference because there is no standard list.
List of the type of data:
- Personal master data (e.g. Name, surname, date of birth,)
- Communication data (e.g. telephone, e-mail, address)
- Contract master data (contractual relationship, product or contract interest)
- Customer history
- Contractual invoicing and payment data
- Planning and control data
- Academic and professional data (training / qualifications, professional experience).
- Employment details (work center, job position and department)
- Employee disciplinary sanction
- Compensation and benefits data
- IP addresses
- Transaction Data
- Location Data (GPS coordinates)
- Others………….. (please describe)
Sensitive Data:
- Racial or ethnic origin
- Political opinions, religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Health data
- Sex life or sexual orientation
- Criminal record
Data subjects:
- Customers (including the main cardholder and other cardholders)
- Employees
- Trainees
- Suppliers
- Suppliers employees
- Website visitors
- Consultants and sales agents
- Others: ……. (please describe) -
QMS implementation priority
Answer:
Based on my personal experience I cannot agree that there is one universal answer. Some parts/components of a QMS will deliver faster results when organizations live a certain situation, other parts/components of a QMS will deliver faster results when organizations live another situation. Presently, I can remember the case of a SME with too much demand where starting with the process approach was critical to avoid losing customers, and I can remember the case of another SME, with not enough demand, where starting with a strategic orientation and customer focus was critical to find a direction, a purpose. Perhaps you could design 2/3 situations where a SME can be and study patterns for each situation.
The following material will provide you information about QMS implementation:
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Process for changing purpose
Answer:
If you are going to use the collected personal data for another purpose than the initial one, this means that the data subject will not be informed about this new purpose thus the requirements of EU GDPR article 13 (1)(b) - Information to be provided where personal data are collected from the data subject https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/) will not be complied with.
So, if you identify a legitimate interest for that specific processing activity and you can provide the updated information via a Privacy Notice.
However, if you cannot rely on legitimate interest you could turn to consent although not the most reliable of the legal grounds. Note that the consent needs to be informed thus the same information as in the Privacy Notice needs to be provided.
You might find the following article useful “Is consent needed? Six legal bases to process data according to GDPR” https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/ as well as our webinar on “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/ -
Implementation steps
Answer: Robust implementation approaches include diagnosis, definition of a plan, and time effectively dedicated to implementation of the solution. As for the certification step, this can vary accordingly the purposes of the organization (some of them only wish to implement the standard's practices while others want to go all the way and achieve certification).
I suggest you to take a look at our ISO 27001/ISO 22301 Implementation Duration Calculator at this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/
This tool can help you estimate the implementation duration considering your company scenario.)
This article will provide you further explanation about ISO 27001 implementation steps:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These materials will als o help you regarding ISO 27001 implementation steps:
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISO 27001 implementation
1- é possível implementar a ISO27001 em uma empresa dentro de 9 meses? (is it possible to implement ISO27001 in a company within 9 months?)
Answer: A duração da implementação depende de muitas variáveis (por exemplo, tamanho e complexidade do escopo, recursos financeiros e conhecimentos disponíveis, etc.), mas para pequenas e médias empresas geralmente é possível implementar a ISO 27001 dentro de 9 meses. Sugiro que você dê uma olhada na nossa Calculadora de Duração da Implementação ISO 27001 / ISO 22301 neste link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/
Esta ferramenta pode ajudá-lo a estimar a duração da implementação considerando o cenário da sua empresa.
(The implementation duration depends on many variables (e.g., size and complexity of the scope, financial resources and expertise available, etc.), but for small and mid-sized business generally is possible to implement ISO 27001 within 9 months. I suggest you to take a look at our ISO 27001/ISO 22301 Implementation Duration Calculator at this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/
This tool can help you estimate the implementation duration considering your company scenario.)
2 - Como funciona a auditoria de certificação dessa ISO? (How does ISO certification audit work?)
Answer: O processo de certificação ISO 27001 é como qualquer outro processo de certificação ISO. Está dividido em duas fases:
- Análise de documentação, para verificar se eles são compatíveis com os requisitos da norma
- Avaliação da operação e registros, para verificar se o que é definido na documentação é executado corretamente e como os desvios nos processos e resultados são tratados.
Uma vez que esta fase seja realizada, o auditor de certificação elaborará um relatório para apresentar as evidências e conclusões reunidas, que podem recomendar diretamente a certificação, recomendam a certificação após a submissão de um plano de ação, para lidar com não conformidades identificadas ou não recomendadas para a certificação. certificação.
(The ISO 27001 certification process is like any other ISO certification process. It is divided in two phases:
- Documentation analysis, to verify if they are compliant with the standard's requirements
- Operation and records evaluation, to verify if what is defined in the documentation is performed properly and how deviations in the processes and results are handled.
Once these phases are performed the certification auditor will elaborate a report to present the gathered evidences and conclusions, which can recommend for the certification directly, recommend for the certification after an action plan is submitted, to handle identified non conformities, or not recommend for the certification.)
These articles will provide you further explanation about certification process:
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
- ISO 27001 Certification: What’s next after receiving the audit report? https://advisera.com/27001academy/blog/2015/05/18/iso-27001-certification-whats-next-after-receiving-the-audit-report/
This material will also help you regarding certification process:
- Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/ -
Mandatory documents for ISO 27001
Answer: Clause 4.2 requires the determination of relevant interested parties and the requirements of these parts, but it does not require these information to be documented. You can document them as a best practice to record information you used to develop the ISMS scope, but the standard does not require the documentation of such information. -
Training or awareness
Answer:
If they attend training or awareness sessions about the quality policy, and/or the quality objectives, and/or QMS effectiveness, and/or importance and impact of non-conformities I believe that clause 7.3 is more appropriated. In other cases, I believe that clause 7.2 is more appropriated.
The following material will provide you information about ISO 9001 training:
- ISO 9001 Training - https://advisera.com/9001academy/knowledgebase/iso-9001-training/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/