Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Project Plan

    That is probably a mistake because the project plan was in the folder 00 in previous version of the toolkit so we probably delivered you previous version of "How to start using the toolkit info". Thank you for the feedback

  • Quality Policy

    No, this is not usually included in the Quality Policy but it should be documented. Information about the scope and location are usually documented in Quality Manual or in document about the QMS scope. Here is the free preview of our document: Scope of the Quality Management System https://advisera.com/9001academy/documentation/scope-of-quality-management-system/

  • Difference between problem ticket and major incident


    Answer:
    Problem ticket is a record where all details about particular problem are recorded. Problem has task to find out a root cause of one or more incidents (what caused them). On the other side, major incident is an incident (malfunction or unavailability of a service) with higher impact and urgency. Meaning, once the major incident is resolved - a problem will be opened in order to find root cause and prevent future incidents (of that kind) to occur.
    Learn more about this here:
    "ITIL and ISO 20000 Problem Management – Organizing for problem resolution" https://advisera.com/20000academy/blog/2014/07/29/itil-iso-20000-problem-management-organizing-problem-resolution/
    "ITIL Problem Management: getting rid of problems" https://advisera.com/20000academy/blog/2013/08/05/itil-problem-management-getting-rid-problems/
    "Major Incident Management – when the going gets tough…" https://advisera.com/20000academy/knowledgebase/major-incident-management-going-gets-tough/

  • Questions on Risk treatment table


    Answer: You should copy only those risks that are not acceptable - if you're using our Risk assessment methodology, the risks with values 3 and 4 are not acceptably.

    And for certain risks, can we have same control? Like I have few assets with the risk of Disclosure/Leakage of Information, can I apply Confidentiality or disclosure agreements control for that risks?

    Answer: Sure, you can apply some controls for several risks, while other controls will be applied only for one risk; further, you should apply several controls for one risk, just to make sure that risk is decreased.

  • Beneficios de gestión de riesgos e ISO 27001


    Respuesta:
    Supongo que tu pregunta está relacionada solamente con la gestión de riesgos, si es así, el principal beneficio es que puedes identificar riesgos de seguridad de la información, y reducirlos. Y esto es muy importante, porque puede permitir evitar pérdidas económicas importantes a la organización. Por ejemplo, puedes identificar un riesgo alto relacionado con la operación continua del servicio principal de la compañía, y para reducir este riesgo (y evitar la interrupción del servicio), probablemente tengas que implementar un Plan de Continuidad de Negocio.

    En cuanto a los costes, dependen de cada organización, porque cada organización tiene sus propios riesgos y sus propios controles para reducirlos, por tanto creo que no existen datos estadísticos al respecto.

    En cualquier caso, con respecto a la implementación de la ISO 2700 1 (cuyo punto más importante es la gestión de riesgos, aunque no es lo único, es decir, también hay que realizar revisiones por dirección, auditorías internas, etc.), existen 4 beneficios importantes: cumplimiento, ventaja competitiva, reducción de costes y optimización de los procesos de su organización. Para más información sobre esto, puedes leer este artículo “Four key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/#

    Y este artículo también te puede resultar interesante "How to write ISO 27001 risk assessment methodology" : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

  • Everything about ISO 27001


    Answer:
    27001Academy is the best site to learn everything about ISO 27001, so, the first step for you can be our articles, webinars, etc. For example, this article can be very useful for you “What is ISO 27001?” : https://advisera.com/27001academy/what-is-iso-27001/

    This free webinar can be also interesting for you “ISO 27001: An overview of the ISMS implementation process” : https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/

    Furthermore, our online course can give you detailed information about the implementation of the ISO 27001:2013 in your organization (is developed for any type of business, including banks), furthermore you will have a course certificate, so I think that can be also very interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

    And for the implementation, you can also use our toolkit, which has all necessary documents required by ISO 27001. You can download a free version of our toolkit clicking on “DOWNLOAD FREE TOOLKIT DEMO” here “ISO 27001 Documentation Toolkit” : https://advisera.com/27001academy/iso-27001-documentation-toolkit/

    Important: If you buy the toolkit, you can also have our support during the implementation

  • Document owner and other questions on document management


    Answer: The document owner should be the person who knows particular subject the best - e.g. document owner of the Backup Policy should be either Head of IT department, or the administrator who is in charge of the backup.

    2. All ISMS documents will be created in English and then translated to our local language. We have no internal translators and that's why this activity will be outsourced. What is the ISO requirements or recommendations about this?

    Answer: There are no requirements nor recommendations in ISO 27001 regarding the translations. You only have to make sure that the documents are translated properly and that the confidentiality is maintained.

    3. What is the ISO requirements or recommendations about document update frequency?

    Answer: There are no requirements nor recommendations in ISO 27001 regarding the update frequency. My recommendation would be to update most of the documents once a year, but some of them would need to be updated more often - e.g. recovery plans. By the way, each of our templates suggest the optimal frequency of updates.

  • Perform the internal audit


    Answer:
    From my point of view, in your case, the best recommendation is to hire an external professional (or a company). If you have participated in the implementation of the ISO 27001, you cannot perform the internal audit, because it is a conflict of interest for the requirement 9.2 e) of ISO 27001:2013 : “select auditors and conduct audits that ensure objectivity and the impartiality of the audit process”.

    Another easy option is that you select an employee in your organization, but this employee cannot be involved in the implementation of the ISO 27001, and this employee need to be also trained in ISO 27001, but the good news is that our online course can help you train your employees to perform the internal audit, and furthermore they will have a certificate, so, maybe can be interesting f or you “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/

  • Where to start to implement ITIL


    Answer:
    Our free downloads area contains materials related to ITIL implementation. Check the Project plan, Implementation diagram...etc. on following link:https://advisera.com/20000academy/free-downloads/
    Before you start implementation, do the following:
    - use our free ITIL Gap Analysis Tool https://advisera.com/20000academy/itil-iso-20000-tools/itil-gap-analysis-tool/
    - check some of our webinars (because they cover sat-up of some of the processes, e.g. Incident Management, Change Management) - https://advisera.com/20000academy/webinars/
    - read the articles
    "Who is your ideal project manager for ITIL/ISO 20000 implementation?" https://advisera.com/20000academy/blog/2016/02/02/who-is-your-ideal-project-manager-for-itiliso-20000-implementation/
    "How to implement ITIL" https://advisera.com/20000academy/knowledgebase/how-to-implement-itil/
    "Considerations before ITIL implementation" https://advisera.com/20000academy/blog/2014/05/21/considerations-itil-implementation/
    "Ready, steady… go – Starting ITIL implementation" https://advisera.com/20000academy/blog/2014/06/10/ready-steady-go-starting-itil-implementation/

  • NOC

    NOC. Especially first and second level. What are the tasked performed and
    what level of expertise is required.

    Also what are the strategy for outsourcing non core technical activities in
    an organisation e.g. telecommunication company.

    Answer:
    #1 NOC - NOC belongs to IT Operations Management function and it takes care about daily activities to maintain the infrastructure and related services. However, NOC gets involved in operational processes, like Incident Management, because incidents often have root cause in network i.e. infrastructure. When setting up a NOC focus your effort on:
    - creating proactive organization
    - interface with other processes (e.g. Event Management, Incident Management, Change Management...etc.)
    - collaborate/integrate activities with other specialist groups or functions like Application Management (studies reveal that NOC staff spends majority of their time on addressing issues related to applications, network (WAN particularly) and server s
    - this gets you to the tools that you need - having majority of work with applications means that NOC is not waiting for "green light to switch off" but taking active role in performance monitoring and measurement. That should direct your activities related to tools in place, staffing level and skills
    - number of levels - that depends on organizational setup, but it's important to be clear regarding keeping bureaucracy on minimum
    There are a lot of other elements which are organization specific, but read the article "Is the NOC (Network Operations Center) still viable according to ITIL?" https://advisera.com/20000academy/blog/2015/04/21/is-the-noc-network-operations-center-still-viable-according-to-itil/ to learn more.

    #2 When setting up outsourcing keep in mind following:
    - organizational involvement - from both sides, having supplier tightly integrated in your processes as well as to integrate in suppliers processes
    - clear roles and responsibilities
    - implemented service management framework - ITIL or ISO 20000 are excellent foundation before you outsource to external organization
    - efficiency - define and measure. This means set clear measurement points and expected result. Compare achieved against agreed targets. And - do it continuously
    - keep in mind that you are still responsible for results (including outsourced activities) towards your customers.

    Read the articles
    "ISO 20000 Supplier Management – You lead the game" https://advisera.com/20000academy/blog/2015/03/17/iso-20000-supplier-management-you-lead-the-game/
    "ITIL Supplier Management and Service Level Management – How to put the two in balance" https://advisera.com/20000academy/blog/2015/11/10/itil-supplier-management-and-service-level-management-how-to-put-the-two-in-balance/
    and
    "ITIL Supplier management – the third party you depend on" https://advisera.com/20000academy/blog/2013/12/30/itil-supplier-management-third-party-depend/
    to learn more.
Page 1012-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +