Search results

Home / Search

Category:
Select
Select

11268 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Measurements and Metrics in Software Development Projects


    The purpose of measurements and metrics in ISO 9001 is to provide evidence that the product or service meets initial requirements for product or service quality.

    The measures can be direct (cost, effort, lines of code (LOC), speed, memory) or indirect (functionality, quality, complexity, efficiency, reliability, maintainability), the metrics can beSize of the software produced, Lines Of Code (LOC), 1000 Lines Of Code KLOC, Effort measured in person months, Errors/KLOC, Defects/KLOC, Cost/LOC, Documentation Pages/KLOC, LOC is programmer & language dependent, etc.

    The ISO 9001 standard doesn't prescribe the types of measurement and metrics or force you to perform measuring. You need to perform only the measurements that provide the evidence of product quality, if such measurements don't exist you can exclude the clause 7.6 of the standard.

    Here is one very informative article regarding the subject: Monitoring and Measurement: The basis for evidence-based decisions https://advisera.com/9001academy/blog/2020/09/21/how-to-perform-monitoring-and-measurement-according-to-iso-9001/

  • SRS in Software Product Deleopment


    The SRS (Software Requirements Specification) is necessary for software product development since the SRS is a description of a software system to be developed, laying out functional and non-functional requirements.

    The detailed SRS with information on what the software product is to do as well as what it is not expected to do will reduce the need for future redesign of the software product.

    The SRS is just a product requirements established by customer to a supplier. Here you can find one very informative article regarding the subject: How Product Requirements work in ISO 9001 https://advisera.com/9001academy/blog/2014/04/08/product-requirements-work-iso-9001/

  • Exclusion of clause 7.3 Design and Development


    Design and development can be excluded when organization doesn't perform design of new products or development of existing products. This clause can also be excluded when the design and development are outsourced.

    Here is one article explaining design and development process: ISO9001 Design Verification vs Design Validation https://advisera.com/9001academy/knowledgebase/iso9001-design-verification-vs-design-validation/

  • Development of Quality Objectives


    You must set the quality objectives every year and review the level of their realization during management review.Some objectives can have deadlines longer than one year but they also must be reviewed annually.You can also set some quality objectives that will repeat themselves every year, such as: Increase of annual turnover for 5% compared to last year.

    Here is one very nice article regarding the subject: How to Write Good Quality Objectives https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

  • Mandatory documents for project and product development company?

    Very helpful!

  • Accredited by IRCA

    What accreditation has the examining institute i.e., IBITGQ or BSI or what?

    Answer:
    I am not sure if I have understood your question, but BSI is accredited by IRCA, which is an international entity with presence in all the world and with a good reputation. IRCA certifies individual professionals with specific knowledge and companies providing training related to management systems (ISO 27001, ISO 22301, ISO 9001, etc.), and other examples of companies accredited by IRCA are SGS, TÜV, Bureau Veritas, etc. In the official site of IRCA you can find more companies accredited : https://members.irca.org/IRCA/train***********************************

    IBITGQ is similar to IRCA, although they are only specialized to IT sector, and BSI is not accredited by IBITGQ (at the moment there are few entities accredited by IBITGQ).

    Anyway, this article can be interesting for you “Qualifications for an ISO 27001 Internal Auditor” : https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/

    Finally, our online cours e can be also interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • Business Continuity policy for the whole organization

    I have a Business Continuity policy for the whole organisation. I want to certify to ISO 22301 for only PART of the organisation. Do I modify the existing policy or do I create a new one?

    Answer:
    From my point of view it is not a problem for the standard ISO 22301, so you can maintain the Business Continuity Policy for the whole organization (as a best practice for all units, areas, departments, although the requirements of the ISO 22301 will be mandatory only for the part involved in the scope of the system). Keep also in mind that our recommendation is that in the future you expand the scope of your system implemented to all the organization, because generally it is more easy for the management. So, a Business Continuity Policy for the whole organization can be the first step for this scenario. Anyway, if your organization is not interested in the expansion of the system, the best for me would be to create a new document, based in the existing document, adapting it to the limited scope.

    This article can be interesting for you (altho ugh is related to ISO 27001, the most of the article can be also applied to ISO 22301) “Problems with defining the scope in ISO 27001” : https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

  • The RPO and the time

    RPO describes the point in time to which data must be restored to successfully resume processing. But i don't understand why it's related with the time between last backup and when an disaster occured. Can u explain this and give some examples.

    Answer:
    I will give you an easy example. Imagine that you have established in your backup policy that every day at 22:00pm a full backup is performed. Monday the backup is performed, but Tuesday there is a problem with all information system at 10:00am, and you need to restore information. What information? The information saved in the last backup (Monday at 22:00pm). So, in this case you would lose the information developed after Monday 22:00pm until Tuesday 10:00am. And obviously, it is related with the time, because you can only restore the information saved in the last backup (at 22:00pm).

    Finally, this article can be interesting for you “What is the difference between Recovery Tim e Objective (RTO) and Recovery Point Objective (RPO)?” : https://advisera.com/27001academy/knowledgebase/what-is-the-difference-between-recovery-time-objective-rto-and-recovery-point-objective-rpo/

  • Convince the managers

    I am trying to convince at Managers about the implementation of ISO 27001, but is still not clear for them , they are focused in others subjetcs.

    Looking about process for business core I found that we are ISO 28000 certified, so I was thinking that could be a good chance try to takle advantage for it and promote ISO 27001 implementation, maybe not all the items at first year but at least a Phase 1.

    Could you help me sharing some information or expertice to get that goal?

    Answer:
    You need to show to the top management the benefits about the implementation of ISO 27001. Generally these benefits can be resumed in 4 points : Compliance, marketing edge, lowering expenses and putting your business in order. For more information about this, please read this article “Four key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/, and also see this free webinar “ISO 27001 benefits: How to obtain management support” : https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/

    Furthermore, in your case, taking advantage of that your organization has implemented ISO 28000 and it is based on the methodology known as PDCA (Plan, Do, Check, Act), the implementation of ISO 27001 can be more easy because also has the PDCA (it is common point to all management systems). So, the implementation of ISO 27001 in your organization can be very easy.

    For the implementation, maybe this article can be interesting for you “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

    Finally, maybe our online course about ISO 27001 can be also interesting for you "ISO 27001:2013 Foundations Course" : https://advisera.com/training/iso-27001-foundations-course/

  • Certification bodies and certificates

    Do you know about "list of ISO 27001 certification resisted web site or something page?

    Answer:
    I am sorry but I am not sure what you mean. There is no list of ISO 27001 certification resisted web site, there are certification bodies that issues certificates about ISO 27001. The typical are BSI, Bureau Veritas, SGS, TÜV, etc. And each certification body has information about the certificates that they issue for each company certified (you need to request this information to each certification body).

    Maybe this article can be interesting for you “How to choose a certification body” : https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
Page 1125-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +