Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Impacts of EU GDPR
Answer: EU GDPR only will come to force on 25 May 2018, so there are no companies penalized for not being in compliance to it until this moment. Regarding penalties, depending on the situation, the penalties may vary from 2% up to 4% of total worldwide annual turnover of the preceding financial year.
2 -I want to know is what is the impact of EUGDPR on India based companies operating in EU?
Answer: All organizations that handle personal data from EU citizens, even those not established in the EU will need to be compliant with EU GPDR if they will want to provide goods and services in the EU or to EU citizens.
3 - How privacy sheild will work parallely with this?
Answer: The EU-U.S. Privacy Shield is more of a U.S. EU initiative to help companies outside the EU to be compliant with EU GDPR, so in many points, by attending the Privacy Shield an organization will be compliant with EU GDPR. But both, content a nd approval of the Privacy Shield are a point of discussion, so the suggested alternative is to get legal support to identify were these frameworks may differ to take proper measures.
This article will provide you further explanation about EU GPDR:
- What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/27001academy/blog/2016/10/03/what-is-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
These articles will provide you further explanation about privacy controls and EU GPDR:
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/ -
Risks identification and treatment
Thanks! I think I got the point. It seems that it is required to be pragmatic in the assessment... -
Performance indicators in EMS
In simple words, environmental performance indicator is measurable representation of the status or condition of operations related to significant environmental aspects. For example, if your significant environmental aspect is CO2 emission, your environmental performance indicator can be amount of CO2 per unit of product.
For more information about environmental performance, see: How to define EMS key performance indicators (KPIs) according to ISO 14001 https://advisera.com/14001academy/blog/2016/05/30/how-to-define-ems-key-performance-indicators-kpis-according-to-iso-14001/ -
Risks and opportunities and Leadership requiremnets
As a transition to ISO 9001:2015, how to address Risk based thinking? Do we need to have single process relating to risks planning OR every process should have "Risks and Opportunities" addressed in it ?
How to implement Clause 5 "Leadership"?
Looking forward to hear from you.
Answer:
Risks and opportunities to be addressed are the ones related to entire context of the organization, not only the processes. It is better to have single process for all risks and opportunities, the easiest way to address this requirement of the standard is to arrange a meeting with all relevant people in the company and discuss possible risks and opportunities related to all elements of your business and than to plan action to address those risks and opportunities. For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
The management will d emonstrate leadership if all requirement from the clause 5 have been met. This means that the top management must, at least, approve the Quality Policy and conduct management reviews, along with other requirements such as providing resources, raising awareness, assigning responsibilities, etc. For more information about responsibilities to the top management, see: To what extent should top management be involved in your QMS? https://advisera.com/9001academy/blog/2016/11/22/to-what-extent-should-top-management-be-involved-in-your-qms/ -
ISO 9001:2015 requirements and clasues
I need clarification if the standard requires and which clause this is stated in for:
1. A documented policy
Requements for QUality policy are placed in clause 5.2. For more information about QUality Policy, see: How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
2. the preparation of a documented quality manual
Quality Manual is no longer requred in ISO 9001:2015, for more information, see: The future of the Quality Manual in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/
3. The preparation of documented procedures for all quality critical activites
There is no longer a requirement to document every procudure, the company itself can decide what processes need to be documented. FOr more information, see: Deciding Which Procedures to Document in QMS https://advisera.com/9001academy/blog/2013/11/26/deciding-procedures-document-qms/
4. methods for determing customer satisfaction is devised.
Requirements for measuring customer satisfaction are placed in clause 9.1.2 .
5. all material used to manufacture the product must be traceable to its original source
Requirements for traceability are located in clause 8.5.2
6. All product nonconformities to be recorded.
Requirements for nonconformities are placed in cluauses 8.7 and 10.2
7. A schedule or equivalent showing the current revision of documents
Requirements related to documented information are placed in 7.5
Thanks in advance for your help -
What % of companies have already transitioned to ISO 9001:2015?
probably about 25% since there is still two more years for the trasition -
Defining BCMS scope
Answer: The BCMS should be implemented in all departments that can affect your organization's capability to deliver your products and/or services. For example, in a beverage industry the logistics department plays a crucial role in delivering the products, so it should be considered in a BCMS implementation. The same applies to air traffic control activities for airports. So, you should consider your business products and/or services nature to identify on which departments the BCMS should be implemented.
This article is related to ISMS, but can provide some tips about defining a BCMS scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
These materials will also help you regarding BCMS scope definition:
- Book Becoming Resilient, The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Free online training ISO 22301: An overview of the BCM implementation process https://advisera.com/27001academy/webinars/ -
Threats identification
thanks, very helpful input. will consider your suggestions. -
ISO 27005 and ISACA RiskIT
Answer: Unfortunately we do not have this kind of material in our toolbox, but RiskIT framework material provided by ISACA, in Appendix 2 has a high-level comparison with other risk management standards and frameworks, including ISO 27005. To download this material you only have to have a site login, you can obtain one free of charge. What I can inform you without incur in Intellectual Property Rights violation is that ISO 27005 processes (Risk analysis, identification, estimation, and evaluation) are covered by RiskIT process RE2 (Analyse Risk), but since RiskIT is a more specific framework, it has a deeper level of detail than ISO 27005. -
Certification audit findings
I am confusing about that, I have seen many report samples on google but every one is different from the other. Should I submit the stage 1 report with the mention of all non-conformists and it's corrective actions or I should just submit a list of what I find whatever it was negative or positive.
Answer:
During both stages of certification audit, the auditor can find minor and major nonconformities and observations. If you found any nonconformity during the 1st stage audit, you should write them in your report, but you shouldn't write corrective actions because it is up to organization to decide what kind of corrective action will it take to address the nonconformity.
For more information, see: How to deal with nonconformities in an ISO 9001 certification audit https://advisera.com/9001academy/blog/2015/06/09/how-to-deal-with-nonconformities-in-an-iso-9001-certification-audit/