Search results

Home / Search

Category:
Select
Select

11271 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Documenting the measurement of controls


    Answer:

    The easiest way to document the measurement is to define the information security objectives for each control (or group of controls) through the Statement of Applicability, and then regularly review if those objectives are achieved - this can be done through the Management meeting minutes, and no other documents are needed. For a smaller company, this approach is the best because it doesn't require too many documents.

    There materials will also help you:
    - article How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
    - a rticle ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
    - article Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
    - webinar ISO 27001 and ISO 27004: How to measure the effectiveness of information security? https://advisera.com/27001academy/webinar/iso-27001-iso-27004-measure-effectiveness-information-security-free-webinar/

  • ISO 9001 for the implementation of ISO 27001


    Answer:
    Yes, sure. It is easy to implement ISO 27001 from ISO 9001, because there are many points in common (Document management, Internal Audit, Corrective actions, Human Resources management, Management review, etc). For more information, please read this article “Using ISO 9001 for implementing ISO 27001” : https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/

    And also this free webinar can be interesting for you “ISO 27001 implementation: How to make it easier using ISO 9001” : https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/

    Finally, maybe can be interesting for you our online course “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • ISO standards related to cabling


    Answer:
    I suppose that you mean “data center”, and yes, the best ISO standard for cabling is ISO/IEC 24764, you can download it from the official site of iso.org: https://www.iso.org/standard/43520.html
    Another international standard related to cabling is TIA-942, although it is not a ISO standard.

    Regarding overhead or underground, both methods have advantages and disadvantages, and a study is necessary to know what is the best in each case (for example, keep in mind that if the refrigeration system is underground, can be better to cabling overhead).

    Anyway, remember that ISO 27001 can also help you, because there are controls related to management of physical and environmental security (for example control A.11.2.3 is about cabling security), and there are many companies that have decided to certify with ISO 27001 their data centers. This article can be interesting for you “ISO 270 01 Case study for data centers: An interview Goran Djoreski” : https://advisera.com/27001academy/blog/2013/10/29/iso-27001-case-study-for-data-centers-an-interview-with-goran-djoreski/

    By the way, this article can be also interesting for you “Physical security in ISO 27001: How to protect the secure areas” : https://advisera.com/27001academy/blog/2015/03/23/physical-security-in-iso-27001-how-to-protect-the-secure-areas/

    And finally, if you are interested in ISO 27001, maybe can be also interesting for you our online course “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • How to set measurable security objectives?

    Yes

  • ITIL certification


    Answer:
    ITIL certification exists only for individuals but not for organizations/companies. So, from the company point of view – only ISO 20000 certification can be granted.

    These article will help you:
    ITIL/ISO 20000 Certification / Training https://advisera.com/20000academy/knowledgebase-category/itil-iso-20000-certification-training/

  • ISO 20000 Foundation


    Answer:
    Yes, it's worth to go for ISO 20000 Foundation certification. It will give you thorough overview of the standard requirements, as well as what do you need to implement to achieve ISO 20000 certification for your organization.

    These article will help you:
    "Process to obtain ISO/IEC 20000 certification: Companies and individuals" https://advisera.com/20000academy/knowledgebase/iso-20000-certification-the-process-of-obtaining-a-certifica/

  • Major Incident disadvantages


    Answer:
    You noticed correct - high pressure (including a lot of buzz and mess inside the incident management team are example of disadvantages. The other, what I can think of, are:
    - misuse - when there is no right definition of what major incident is - there is a danger in misusing incident categorization as major incident in order to get more attention, resources and quicker resolution
    - costs - resolving major incidents will require recruiting of best people you can find. Sometimes external ones. And such resources are expensive. More incidents categorized as "major" - more money spent.
    - time factor - major incident gets (usually)highest priority, so all other activities are paused until major incident is resolved.
    But, please don't take disadvantages as stopper for major incident process implementation. Such process has to exist, just be aware that there are side-effects.

    These article will help you learn more about Major Incident Management: "Major Incident Management – when the going gets tough…" https://advisera.com/20000academy/knowledgebase/major-incident-management-going-gets-tough/

  • Implementing ISO 9001:2015 in ceramics company


    Answer:

    The process of implementation is the same for every company regardless of the type of business and processes.

    First, you need to have the top management on board for this project, because without their support it would be impossible to implement the standard. Next step is to perform a GAP analysis in order to determine to which level your company is already compliant with the standard and what needs to be done to achieve the full compliance.

    Then, it is the best to set up the implementation as a project, to clearly define all the tasks and responsibilities for the tasks as well as the deadlines. Once you create all necessary documents and implement the changes in your processes, you can conduct the internal audit and management review and then your company will be ready for certification audit.

    As far as E2 shop system is concerned, this information just need to be included in your documentation and particularly in your sales proced ure.

    For more information about implementation process download this free ISO 9001 Implementation Diagram https://advisera.com/9001academy/free-downloads//

  • Mandatory documents for ISO 9001:2015


    By the way do you have a list of all procedures/documentation that are required by ISO, minimum as well as suggested.

    Answer:

    Yes, we do have a list of mandatory documents and records as well as the suggested ones. You can find them in the article:
    - List of mandatory documents required by ISO 9001:2015 advisera.com/9001academy/blog/2015/10/20/list-of-mandatory-documents-r equired-by-iso-90012015/

    And, there is also a whitepaper with additional information about documents and records in new version of the standard: Checklist of Mandatory Documentation Required by ISO 9001:2015 https://advisera.com/9001academy/free-downloads//

  • Change Initiator vs Change Implementer


    Answer:
    Change initiator is someone who starts i.e. initiates Change Management process. That could be your customer, Service Level Manager, you Continual Service Improvement manager (or some similar role), Problem Management process...etc. That depends how did you set your Change management process.
    Change Implementer is the one who implements change. Usually, Release and Deployment Management process is responsible to implement changes. Of course, standard changes (i.e. pre-approved changes) are not meant by that. They will be implemented by your administrators, IT Operations team or someone similar (again, depending on the organizational setup).

    These articles will help you:
    "Elements of Change Management in ITIL" https://advisera.com/20000academy/blog/
    "ITIL/ISO 20000 Request for Change – Your steering wheel throughout the change lifecycle" https://advisera.com/20000academy/blog/2015/09/01/itiliso-20000-request-for-change-your-steering-wheel-throughout-the-change-lifecycle/
Page 1029-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +