Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Development of Quality Objectives


    You must set the quality objectives every year and review the level of their realization during management review.Some objectives can have deadlines longer than one year but they also must be reviewed annually.You can also set some quality objectives that will repeat themselves every year, such as: Increase of annual turnover for 5% compared to last year.

    Here is one very nice article regarding the subject: How to Write Good Quality Objectives https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

  • Mandatory documents for project and product development company?

    Very helpful!

  • Accredited by IRCA

    What accreditation has the examining institute i.e., IBITGQ or BSI or what?

    Answer:
    I am not sure if I have understood your question, but BSI is accredited by IRCA, which is an international entity with presence in all the world and with a good reputation. IRCA certifies individual professionals with specific knowledge and companies providing training related to management systems (ISO 27001, ISO 22301, ISO 9001, etc.), and other examples of companies accredited by IRCA are SGS, TÜV, Bureau Veritas, etc. In the official site of IRCA you can find more companies accredited : https://members.irca.org/IRCA/train***********************************

    IBITGQ is similar to IRCA, although they are only specialized to IT sector, and BSI is not accredited by IBITGQ (at the moment there are few entities accredited by IBITGQ).

    Anyway, this article can be interesting for you “Qualifications for an ISO 27001 Internal Auditor” : https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/

    Finally, our online cours e can be also interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • Business Continuity policy for the whole organization

    I have a Business Continuity policy for the whole organisation. I want to certify to ISO 22301 for only PART of the organisation. Do I modify the existing policy or do I create a new one?

    Answer:
    From my point of view it is not a problem for the standard ISO 22301, so you can maintain the Business Continuity Policy for the whole organization (as a best practice for all units, areas, departments, although the requirements of the ISO 22301 will be mandatory only for the part involved in the scope of the system). Keep also in mind that our recommendation is that in the future you expand the scope of your system implemented to all the organization, because generally it is more easy for the management. So, a Business Continuity Policy for the whole organization can be the first step for this scenario. Anyway, if your organization is not interested in the expansion of the system, the best for me would be to create a new document, based in the existing document, adapting it to the limited scope.

    This article can be interesting for you (altho ugh is related to ISO 27001, the most of the article can be also applied to ISO 22301) “Problems with defining the scope in ISO 27001” : https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

  • The RPO and the time

    RPO describes the point in time to which data must be restored to successfully resume processing. But i don't understand why it's related with the time between last backup and when an disaster occured. Can u explain this and give some examples.

    Answer:
    I will give you an easy example. Imagine that you have established in your backup policy that every day at 22:00pm a full backup is performed. Monday the backup is performed, but Tuesday there is a problem with all information system at 10:00am, and you need to restore information. What information? The information saved in the last backup (Monday at 22:00pm). So, in this case you would lose the information developed after Monday 22:00pm until Tuesday 10:00am. And obviously, it is related with the time, because you can only restore the information saved in the last backup (at 22:00pm).

    Finally, this article can be interesting for you “What is the difference between Recovery Tim e Objective (RTO) and Recovery Point Objective (RPO)?” : https://advisera.com/27001academy/knowledgebase/what-is-the-difference-between-recovery-time-objective-rto-and-recovery-point-objective-rpo/

  • Convince the managers

    I am trying to convince at Managers about the implementation of ISO 27001, but is still not clear for them , they are focused in others subjetcs.

    Looking about process for business core I found that we are ISO 28000 certified, so I was thinking that could be a good chance try to takle advantage for it and promote ISO 27001 implementation, maybe not all the items at first year but at least a Phase 1.

    Could you help me sharing some information or expertice to get that goal?

    Answer:
    You need to show to the top management the benefits about the implementation of ISO 27001. Generally these benefits can be resumed in 4 points : Compliance, marketing edge, lowering expenses and putting your business in order. For more information about this, please read this article “Four key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/, and also see this free webinar “ISO 27001 benefits: How to obtain management support” : https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/

    Furthermore, in your case, taking advantage of that your organization has implemented ISO 28000 and it is based on the methodology known as PDCA (Plan, Do, Check, Act), the implementation of ISO 27001 can be more easy because also has the PDCA (it is common point to all management systems). So, the implementation of ISO 27001 in your organization can be very easy.

    For the implementation, maybe this article can be interesting for you “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

    Finally, maybe our online course about ISO 27001 can be also interesting for you "ISO 27001:2013 Foundations Course" : https://advisera.com/training/iso-27001-foundations-course/

  • Certification bodies and certificates

    Do you know about "list of ISO 27001 certification resisted web site or something page?

    Answer:
    I am sorry but I am not sure what you mean. There is no list of ISO 27001 certification resisted web site, there are certification bodies that issues certificates about ISO 27001. The typical are BSI, Bureau Veritas, SGS, TÜV, etc. And each certification body has information about the certificates that they issue for each company certified (you need to request this information to each certification body).

    Maybe this article can be interesting for you “How to choose a certification body” : https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

  • Access Management process ownership

    Well, Access Management is fulfillment of Information Security Management policies. But, that doesn't mean that Information Security Management should keep ownership of the Access Management process. Reason is that Access Management is operational process. In the real life, it's rare that an organization has Access Management function. Usually, IT Operations Management performs tasks which belong in the domain of the Access Management, i.e. IT Operations Management should/could have ownership of the process.
    Read the article:
    "ITIL Access Management – where do you think you’re going?" https://advisera.com/20000academy/blog/2014/02/12/itil-access-management-think-youre-going/ to gain more information about Access Management.

  • ISO 22301 and the risk assessment

    I am interesting in buying the ISO 22301 toolkit, but i am wondering why the Risk assessment is not included in the toolkit despite RA is essential part of Business Continuity.

    Answer:
    You are right, the Risk Assessment is essential part of Business continuity, but this does not mean that you need a specific document for example for the Risk Assessment methodology (in ISO 27001 it is mandatory). In ISO 22301 only is mandatory to have documented the results of risk assessment (clause 8.2.3), and you can merge it with the results of the Business impact analysis through the Business continuity strategy. If you want to know the list of mandatory documents of ISO 22301, this article can be interesting for you “Mandatory documents required by ISO 22301” : https://advisera.com/27001academy/knowledgebase/mandatory-documents-required-by-iso-22301/

    So, in our ISO 22301 Toolkit we do not have a specific template related to the Risk Assessment, but we reference the risk management in our template about the Business continuity strategy (section 3.2) . You can see a free version of our template here clicking on “Free Demo” tab “Business Continuity Strategy” : https://advisera.com/27001academy/documentation/business-continuity-strategy/ (you can summarize the results of the Business impact analysis and Risk assessment in the Business continuity strategy).

    Anyway, if you are interested in the risk assessment, you can also use our Risk assessment methodology (included in the ISO 27001 Toolkit) “Risk Assessment and Risk Treatment Methodology” : https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/, and this article can be also interesting for you “Can ISO 27001 risk assessment be used for ISO 22301?” : https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/

  • Logos for a company with ISO 27001 implemented

    We have now completed all mandatory documentation and processes and implemented a security training and exam throughout the company.

    Do you have logos or know of any logos that we can use to show that we are compliant with ISO 9001, ISO 22301 and ISO 27001.

    Answer:
    I am sorry but we do not have logos, keep in mind that generally the logos about ISO 27001 (or ISO 9001, ISO 22301) are issued from a certification body after the certification process, so if you have implemented the standard in your organization, next step should be certify it, and on this way, the certification body can give you a logo about the system certified (if your organization is compliant with the requirements of the ISO standard).

    By the way, do you need information about how to choose a certification body? Maybe this article can be interesting for you “How to choose a certification body” : https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
Page 1126-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +