Please select user.Assign
There are no topics yet.
I Have a question concerning my 22301Q2019 package
I have two companies
1st TRADE, STORAGE & HANDLING (SIMPLE COOLING, TEMPERATURE ENVIRONMENT) of FRESH FRUIT & VEGETABLES
offers environmental technologies and specializes in the design and manufacture of Prefabricated Innovative Water Treatment and Wastewater System which incorporate innovative advanced solutions and are suitable for wastewater treatment for civil and industrial applications.
Both use External providers- Supply chanin (such as technical services, drivers and trucks, externalwarehouses and engineers .
Where in this package can i find procedures for suppliers to cover the control of External Providers
8.1 Operational planning and control
The organization shall plan, implement and control the processes needed to meet requirements, and to implement the actions determined in 6.1, by:
The organization shall ensure that outsourced processes and the supply chain are controlled.
There is a External Audit observation (Minor Non conformance) for clause 8.1 of ISO22301 with following statement:
There was no objective evidence of process plans identifying the process criteria and the controls implemented in accordance with the criteria.
What is a corrective action plan for this audit observation. How to close this minor non conformity (Any new document/procedure required) ??? Your prompt guidance/help on this matter is appreciated
How to document mandatory documents for ISMS?
What would be the compliance with the monitoring and measurement requirement? Were they indicators?
I am going to update the INCIDENT MANAGEMENT PROCEDURE according to our own company. I have some questions.
It would be great if you could share some examples for different categories like security weakness or event and incidents. This way we can get a better understanding of each type.
Should we include our maintenance window to this document to exclude from our SLA? I mean we use this document as a reference for SLA.
Do you recommend any tool for handling incidents proper for small business?
I have just some questions regarding Contingency planning
1-is contingency plan part of ISO22301 requirements?
2-who should develop contingency plan and scenarios
4-is there any conflicts between having contingency plan is ready and ITDR project ?? I mean is it an obstacle for DR project if I do not have contingency pls
N is ready
Finally, do u have a kit for crisis scenarios?
Thx a million
We have purchased your „ISO 27001 Power Toolkit" and would need support. We, ***, offer our customers a SaaS solution. We are currently preparing for TISAX certification and are in the process of setting up the ISMS. TISAX is largely based on ISO 27001.
Here is my question about the scope to be determined:
Our headquarters are in the *** with branches in various countries among others in ***. Only the branch based in *** should be certified and defined in the scope. The design and maintenance of the IaaS and SaaS is specified and executed by the *** headquarters, Therefore we want to treat this area (hosting) and thus its service lines as a supplier. The problem is that employees in our IT department in the *** branch take on maintenance and administrative tasks for the EMEA area of hosting. How can this be excluded in the definition of the scope?
quais os requisitos para certificar uma empresa do setor gráfico?
what are the requirements to certify a company in the printing industry?
I have a question for you if you can help me on this.
Is customer PII considered as Information in ISO27001:2013 Standard?
If yes then shouldn't monitoring of PII shared with vendors be mandatory and not dependent upon contractual agreement. Shouldn't this activity be not allowed to be excluded from contractual agreement?
This question confuses me on allowing exclusions in ISMS