Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Registered Implementer


    I am looking at giving the certification a shot this quarter as a step towards becoming a registered implementer after which your very robust tools will come handy but in the immediate, I will require advise from you an tips for engaging the certification exam.
     

    Answer:

    I suppose that you know that there are no accreditations for the Lead Implementer course, so maybe can be interesting for you the ISO 27001 Lead Auditor course, because it has accreditations. Anyway, we do not have specific information about the exam of the Implementer course, but I think that this article can help you “Lead Auditor Course vs. Lead Implementer Course – Which one to go for?” : https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

  • ISO software


    I was wondering if you could give me your opinion on all-inclusive ISO Software. I have worked with ISOXpress in the past and thought it worked good but I was wondering if you knew of any others or could recommend any other software?
     

    Answer:

    Sorry but we do not have information about this tool, keep in mind that to have a tool in your Management System is not mandatory, anyway this article can be interesting for you “When to use tools for ISO 27001/ISO 22301 and when to avoid them” : https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/

  • Partnerships under clause 4.1 and/or 4.3


    I have another quick question.  Should I define any partnerships under clause 4.1 and/or 4.3?  Or should they be incorporated only into the subcontractor policy and procedures?
     

    Answer:

    Sure, you can define your partnerships under the context of your ISMS, and you can also consider a partnerships like a interested party (clause 4.2 Understanding the needs and expectations of interested parties), so this article can be interesting for you “How to identify interested parties according to ISO 27001 and ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//

  • BCP template


    Looking for BCP template preview.
    I want to implement the basic business continuity and recovery planning and implementation of ISMS practices.
    i have gone through the ISMS domain and controls applicable in 27001:2013, trying to see what I can added up as per the standards (based on the current practices we have in the organization).
     

    Answer:

    You can implement only a Disaster recovery plan as a minimum to be compliant with A.17.1.2 and A.17.2.1 of the ISO 27001:2013, remember that the Business Continuity Plan and the Disaster Recovery are not the same, please read this article “Disaster recovery vs. Business continuity” : https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
    Anyway, here you can find a template for the BCP, you can see a free version clicking on “Free Demo” tab : https://advisera.com/27001academy/documentation/business-continuity-plan/ and for the Disaster Recovery Plan : https://advisera.com/27001academy/documentation/disaster-recovery-plan/
    Also here you can find an article that wil l help you to write a BCP for your organization “How to write business continuity plans?” : https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/

  • Audit ISO 27001:2005


    I have audited (Compliance audit and not certification audit) a client in Feb 2015 for ISO 27001 : 2005 standard. I also indicated all 2005 version certificates are expiring by 30th Sep 2015. My client was explaining old standard doesn't expire and as long as he wishes, he can comply to old standard and it is not must to upgrade to 2013 version. Is this correct?
     

    Answer:

    I am afraid that it is not true. This year all certification bodies in the world have to update to ISO 27001:2013, which means that all companies with a certificate of ISO 27001:2005 needs to adapt to ISO 27001:2013. If not, they can lost the certificate, although can maintain the ISMS implemented. 
    Anyway, there are no main changes in the new revision, so I think that there are no excuses for no updating. Here you can find more information about the transition “How to make transition from ISO 27001 2005 revision to 2013 revision” : https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/

  • Security board/council


    What I was wondering in a few occasions in general is Security Board/Council mandatory for certifications by ISO Standards or just best practice?
     

    Answer:

    If you mean with “Security Board/Council” a group of people to manage the ISMS (I have seen this name in some organizations: “Security committee"), it was mandatory in the old version of the standard ISO 27001:2005, but in the current version ISO 27001:2013 it is just a best practice. 
    Finally, I think that can be useful for you to know the list of mandatory documents (and non mandatory) so please see this article “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

  • Tema de Tesis: ISO 27001


    En realidad  yo  quiero usar la ISO 27001 PARA UN TEMA DE TESIS y espero pueda ayudarme con algunas dudas.
     

    Respuesta:

    Claro que sí, puedes preguntarnos todas tus dudas. En cualquier caso, este trabajo académico relacionado con la implementación de un SGSI (soy el Director de dicho trabajo, desarrollado por uno de mis alumnos), puede ser interesante para ti: https://openaccess.uoc.edu/webapps/o2/bitst****************************************** 

    También puede ser interesante este artículo (en inglés) "The biggest shortcomings of ISO 27001" : https://advisera.com/27001academy/blog/2011/03/21/the-biggest-shortcomings-of-iso-27001/

  • The Manual


    During the implementation of ISO 9001, ISO 14001, OHSAS 18001 etc. as a main document one has to write the Manual which contains general information about the company, overview of procedures and records, and maybe an org chart. Please answer me how to write the ISMS Manual as a top-level document. Also I'm interested which type of documents are the documents from Annex A (procedures or something else)?
     

    Answer:

    It is not necessary by the ISO 27001 to have a manual, so we recommend you to not develop this document, and please read this article “Is the ISO 27001 Manual really necessary?” : https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
    Regarding documents from Annex A, there can be procedures, and technical instructions, but also can be policies, and plans, but keep in mind that it is not necessary to have a document for each control. Here you can find a list of mandatory documents “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

  • Certification bodies


    When it comes to getting certified against ISO 27001 there are different certification bodies available.
    Which one is generally best and on which factors can they be compared.
    Will you like to share some personal experience or pinpoint me to right direction.
     

    Answer:

    Absolutely, it is an important decision and there are many companies available, and there are various parameters that you need to consider. This article can help you to choose the best certification body for your organization “How to choose a certification body” : https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

  • ISO 27001 for a power plant


    The documents and information you provide is very helpful.
    Furthermore, I would ask, how could we approach in auditing and implementing ISO27001 for a thermal power plant, and how could we calculate its worth/cost?
    Thermal power plant is a new practice to me.
     

    Answer:

    There is no specific plan to implement the ISO 27001 for a specific business, although this is one of the best points of the standard, because is developed for any type of business. Our templates are also developed for any type of business, so you can implement and certify the ISO 27001 in your organization. For the implementation, this article can be interesting for you “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    Regarding the auditing, I suppose that you mean the certification of the standard, if so, this article can be interesting “How to choose a certification body” : https://advisera.com/27001academy/knowledgebase/how-to-choose-a-certification-body/
    Finally, this article can help you t o calculate costs "How much does ISO 27001 implementation cost?" : https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
Page 1067-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +