Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Internal auditors competence requirements


    Answer:

    Yes he can. The only requirements for being an internal auditor are: not auditing own work/department and being competent. It is up to your organization to determine what is a competent auditor. If you have job descriptions, describe there what are your requirements for the job of internal auditor.

    The following material will provide you information about internal auditors:
    ISO 9001 – ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
    free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/

  • Data Processors and DIPA


    Answer:

    The EU GDPR states that DPIAs should be performed by data controllers. This is because the controller are the ones taking the decisions as regards to the purposes and means of the processing. However processors might also be called up to provide support to controllers when they are performing DPIAs if a part of the processing activity which is subject of the DPIA is outsourced to the processor. The processor must assist the controller should the controller need to carry out a privacy impact assessment. Art. 28(3)(f)

  • Data Protection Impact Assessment and BIA


    Answer:

    If you identify your personal data as critical items for your business you could do this. But the DPIA should be kept a a separate process.

  • Legacy backup data


    Answer:

    If you have huge amount of legacy backup data you should determine adequate retention periods. As a general rule unless there is a specific legal requirement or a legitimate interest personal data should be deleted after they are no longer needed for that specific processing activity.

  • Employee data privacy


    Answer:

    If you only provide telecom services to companies this does not mean that you should only focus on your employee personal data. I am guessing that while providing the service to your corporate clients you would actually have access to some of their persona data as well. In this instance you would be acting as a data processor and your main focus would be to comply with the requirements of the Controller. You also have to have the Inventory of the processing activities that you perform on behalf of the controller as well.

  • Difference between DPIA and data processing risk assessment


    Answer:

    If your risk assessment focuses only on the security of personal data then one of the main differences would be that DPIAs focus on the right and freedoms of personal data subjects. You could keep the personal data as safe as you want but this does not guarantee that the data is processed lawfully nor that the data subjects can effectively exercise their rights.

  • Control gap treatment


    Answer: If the gap refers to a standard's mandatory requirement, or to risks considered unacceptable in your risk assessment, it has to be solved at most before the certification audit. Otherwise, its deadline can be defined to a date after the certification, but you have to be prepared to present to the certification auditor the action plan related to the treatment of this gap and any evidence of results already achieved.

  • Supplier Assessment questionnaire


    Answer: There is no specific document for a Supplier Assessment questionnaire (such questionnaire is not mandatory to comply with ISO 27001 requirements), but you can drawn up one based on the Security Clauses for Suppliers and Partners document, since this document lists security requirements that can be put into contract with suppliers and outsourcing partners,and through them you can evaluate how prepared a potential supplier is. You also can take a look at the free demo of our Processor GDPR Compliance Questionnaire at this link: https://advisera.com/eugdpracademy/documentation/processor-gdpr-compliance-questionnaire/

    This document can show you how a questionnaire to assess supplier’s compliance with should look like.

    These articles will provide you further explanation about suppliers assessment:
    - Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
    - How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Page 823-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +