Search results

Home / Search

Category:
Select
Select

11268 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Where to focus during ISO 9001:2015 transition


    Answer:

    The key changes in new ISO 9001 are the requirement for determining context of the organization and addressing risks and opportunities and of course there are some changes in every clause of the standard.

    For more information, see:
    - How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
    - The Role of Risk Assessment in the QMS https://advisera.com/9001academy/blog/2014/01/07/role-risk-assessment-qms/

  • Where to start with ISO 9001 implementation


    Where do i start.
    1. I know i am supposed to have a quality policy
    2.The company mainly consults on EIAs, so correct me if i am wrong, i am supposed to understand the stages of the EIA process. I should have a project plan for the implementation of quality systems in this process from the Basic Assessment Report, Environmental Impact Report, Scoping report e tc. I should document the procedures for work done at each level
    3.If it was OHSAS or ISO 14001, i know i would do a risk assessment or impact /aspect register, but in this case, not sure what i would do there.Do a risk register for poor quality documentation and the control measure to ensure quality products and services?. Where can i get templates for the risk assessemnt
    4.Have checklists for documents that need to be produced by the company for the client,
    5. An organogram , that would include the clients being sevices, not sure i know zve safety file and contents of safety file.
    6.Would need to ensure quality in terms of administrative documents : of invoices, employees IDs, filing of all work being done for the different projects, both in soft copy and hard copy in a systematic way for tracing records

    What have i left out, do u have anything else that i could use. and templates for documentation that i need to do

    Answer:

    The best way to start is to conduct GAP analysis to determine to what extent the company is already compliant with the standard and what needs to be done to achieve the full compliance with ISO 9001:2015, here is the link to our free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/ Once you determine this you can develop a project plan for the implementation and define deadlines, responsibilities, resources, etc.

    Here are the answers to your questions:

    1. Yes there should be quality policy, here is the article that can be interesting for you:
    - How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/

    2. Yes, you need to identify all the processes inside the company and determine how they relate to the requirements of the standard and what needs to be done to ensure that the processes are compliant with the standard. There is no specific requirement to document every process in the company but it is very common since it helps with achieving compliance with the requirements for each process.

    3. Requirements to address risks and opportunities in ISO 9001 is very different from ISO 14001 and OHSAS 18001, ISO 9001 does not require methodology or written procedure and it doesn't require any records to be made and the scope of the assessment is completely different, for more information, see this article Methodology for ISO 9001 Risk Analysis https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/

    4. Here you can find the free whitepaper Checklist of Mandatory Documentation Required by ISO 9001:2015 https://advisera.com/9001academy/free-downloads//

    5. I don't understand this question

    6. It all depends on how you develop your system and what is included in the scope of the QMS, it can be done but it is not mandatory by the standard.

    For more information about ISO 9001 implementation steps, see: ISO 9001 Implementation Diagram https://advisera.com/9001academy/free-downloads//

  • ISO 27005 training vs ISO 31000 training


    Answer:

    I think you should go for both - ISO 27005 training will give you specific knowledge for information security risk management, while ISO 31000 will give you a broad knowledge on how to manage any type of risk in an organization, without providing you detailed methodology for particular types of risks.

    Here are some free materials from our website that will help you:
    - Webinar The basics of risk assessment and treatment according to ISO 27001 https://advisera.com/27001academy/es/webinar/the-basics-of-risk-assessment-and-treatment-according-to-iso-27001-free-webinar-on-demand/ k-assessment-and-treatment-according-to-iso-27001-free-webinar/
    - Series of articles on risk management: https://advisera.com/27001academy/knowledgebase-category/risk-management/
    - ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
    - ISO 27001 Foundations Course - you'll find there pretty detailed explanation of risk management: https://advisera.com/training/iso-27001-foundations-course/

  • Financial impact in BIA methodology


    Answer:

    Yes, financial impact is assessed through 3 questions in our BIA methodology, you can see the questions in this article: https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

    By the way, the questions in this methodology are adapted for smaller and mid-sized companies.

  • Difference between List of Interested Parties and Conformance Evaluation Record


    Answer:

    The Appendix 1 List of Interested Parties is used for identification of interested parties and defining their needs and expectations, the Appendix 2 Conformance Evaluation Record is used for evaluation of conformance to the requirements of the relevant interested parties.

  • New ISO 9001:2015 and TS 16949


    Answer:

    ISO 9001 and TS 16949 are separate standards although TS 16949 has derived from ISO 9001. The decision whether to comply with ISO 9001 or TS 16949 or with both should be made on the top level of the organization. If your customers require only TS 16949 than you should go only with it, but the TS 16949 will also go through change as ISO 9001 so it will be easier to make transition of TS 16949 if you already made transition for ISO 9001.

  • Controls for IT department


    Answer:
    I am not sure if I have understood what you need, but if your IT department is interested in a code of best practices, can be interesting for them ISO 27002. In ISO 27001 you can only see in the Annex A a brief description of 114 controls, but in the ISO 27002 you can find a guideline about how to implement each control.

    Controls that are more related to IT, and from my point of view, that can be important for your IT department are: A.9 Access control, A.10 Cryptography, A.12 Operations security, A.13 Communications security, A.14 System acquisition, development and maintenance, and A.17 Information security aspects of business continuity management.

    By the way, remember that with the implementation of ISO 27001, you need to identify risks and reduced them, and for this, you only need to select the controls that can help you to reduce these risks.

    This article about the differences between ISO 27001 and ISO 27002 can be interesting for you “ISO 27001 vs. ISO 27002” : https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

    And also this article about the basic logic of ISO 27001 “The basic logic of ISO 27001: How does information security work?” : https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

    Finally, our online course can be also interesting for you because we talk with more details about the ISO 27001 and the controls of the Annex A “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • ISO 27001 and ISO 22301

    2. Is there any blog where I can read detailed domains, controls for ISO 22301?
    3. I wish to have a copy of ISO 22301... Is this something I will need to buy from ISO - Do you have any spread sheet which list all controls and you could share with me please.

    Answers:

    We do not have a detailed comparison of these two standards, but we do have this article that will help you: How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

    You can see an overview of ISO 22301 clauses in this article: What is ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/

    For a detailed explanation of ISO 22301 requirements and how to comply with them see this book: Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

    Unfortunately, we do not sell the standards - you can purchase ISO 22301 from an official ISO website: https://www.iso.org/iso/catalogue_detail?csnumber=50038

  • 13.1.2 Security of network services


    Answer:

    The process is very similar as with other assets - you have to assess the risks related to the network and find appropriate controls. Some of the controls you might apply yourself, and some controls you might outsource to a supplier - this is what you have to state in Statement of Applicability. Make sure you specify all the obligations of this supplier in the agreement.

    These article might help you:
    - The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
    - 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

  • Interested parties in the ISMS manual?


    Answer:
    From my point of view, you can maintain this information in your ISMS manual, although the manual really is not necessary in an ISMS. This article can be interesting for you “Is the ISO 27001 Manual really necessary?” : https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/

    Another option is that you use our specific template for this, which contain an easy procedure for the identification of legal, regulatory, contractual and other requirements (including requirements of interested parties) “List of Legal, Regulatory, Contractual and Other Requirements” : https://advisera.com/27001academy/documentation/list-of-legal-regulatory-contractual-and-other-requirements/

    And this article can also help you to identify the interested parti es, which you can also use for your procedure “How to identify interested parties according to ISO 27001 and ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//

    And our online course can be also interesting for you because we give more information about the identification of interested parties “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Page 1010-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +