Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Proactive vs. reactive Problem Management process


    Answer:
    Regarding TAT - more inputs are needed.
    Reactive Problem Management is usually reaction to an existing incident and finding a root cause of it. Proactive Problem Management involves activities where Problem Management analyse incidents and problems and looks for some common pattern. By eliminating root cause - future incidents are omitted. Read the article "ITIL Reactive and Proactive Problem Management: Two sides of the same coin" (https://advisera.com/20000academy/knowledgebase/itil-reactive-proactive-problem-management-two-sides-coin/) to learn more.

  • GLPI tool


    We didn't list all available tools but rather made selection of it, as you could see in the article https://advisera.com/20000academy/knowledgebase/free-tools-for-itsm/
    GLPI is quite usable one and I can recommend it for usage (functionality, usage, scope, add-ons...etc.).

  • Scope for a data center

    thank you so much dear ajsegovia :)

  • Data centre externalized


    There will be a change however – our primary data centre will be hosted by a third party in the near future.

    Currently it’s in our data centre in our office – so we manage everything…now, we’ll be renting rack stage from that data centre.

    I would like to know what ISO controls I should consider ( cloud services , hosting services… )

    Answer:
    If you have a data centre outsourced, you can manage risks from those assets that you can manage: data, applications (if you have web servers, application servers, virtual servers, etc managed by you), so in this case your risk management must be done for these assets.

    For those assets that are not managed by you (facilities, devices of physical access, personnel of the data centre, etc), you can see them as an asset of type service, and you can identify all risks related to it.

    There are no specific controls in the Annex A of ISO 27001:2013 for cloud services and hosting ser vices, but for this you can use ISO 27017, which is a standard specifically developed for the information security control for cloud services. For more information about this standard, please read this article “ISO 27001 vs. ISO 27017 – Information security controls for cloud services” : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/

    By the way, this article about how to handle an asset register, can be also interesting for you “How to handle Asset register (Asset inventory) according to ISO 27001” : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

  • Gestionar riesgos en la nube

    Si existen activos específicos fuera del alcance de tu SGSI, no tienes que incluirlos en la gestión de riesgos, esto significa que no tienes que hacer un tratamiento de los mismos (transferir, aceptar, evitar, aplicar controles).

    Pero si existe una entidad externa que te ofrece un servicio (relacionado con el alcance de tu SGSI), puedes identificar los riegos relacionados con este servicio durante el proceso de tratamiento de riesgos, y transferirlos a la entidad externa.

    Por cierto, recuerda que no es lo mismo el Plan de Tratamiento de Riesgos, que el Proceso de Tratamiento de Riesgos, aquí puedes ver las diferencias “Risk Treatment Plan and risk treatment process – What’s the difference?” : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

    Y este artículo también puede ser interesante para ti “6-step process for handling supplier security according to ISO 27001” : https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

  • Information Classification for Client SOP


    Answer:

    Since your classification is about confidentiality, you can label this document as unclassified; plagiarism protection is another issue - you have to mark the document with copyright so that you make it clear that the document is protected with intellectual property rights.

  • Implementing 2004 before 2015 revision


    Answer:

    I think it is the best to go strait towards ISO 14001:2015 because if you implement the 2004 revision first, you will need to make transition to the 2015 revision until September 2018 and this means you will need additional time and resources for something that you could done at the first time.

    For more information, see:
    - Infographic: ISO 14001:2015 vs. 2004 revision – What has changed? https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/infographic-iso-140012015-vs-2004-revision-what-has-changed/

  • Document types to be controlled in QMS


    Answer:

    Actually the new version of the standard does not specify the types of documents like the previous version where you had policies, procedures and records, it only mentions documented information.

    However, this doesn't change much in practice, types of documents to be used and therefore controlled in the QMS are policies, procedures, instructions and records and this is basically their hierarchy. The most important are the policies and the least important are the records.

    Control of documented information or documents and records includes defining a way of creating, updating, distributing, preservation, withdrawal, disposition and retrial.

    For more information, see:
    - New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - How to structure quality ma nagement system documentation https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/

  • What should be done first in the transition?


    Answer:

    Performing the gap analysis should be the first step in order to determine to what extent you existing QMS is compliant with the requirements of the new version and what needs to be done to achieve the full compliance.

    The next step would be to develop a project plan for the transition, this is not a mandatory step but it will help you to define activities, resources, responsibilities and deadlines and avoid missing something out.

    After developing a project plan, you need to implement the changes, that includes revision of the existing documentation and processing and establishing new process and documents.

    Once the transition is finished, the company must conduct internal audit and management review to ensure that the QMS is compliant with the new version and then you can call certification body to conduct certification audit.

    For more information, see:
    - How to make the transition from ISO 9001:2008 revision to the 2 015 revision https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
Page 1021-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +