Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Incident Management - setting up resolution time
Your time related to priority level has to be agreed with your customer. Use priority matrix (see the article "All About Incident Classification" https://advisera.com/20000academy/knowledgebase/incident-classification/) and include definition of different type of incidents which belong to different priority levels in your SLA (to be clear which type of incidents belong to which priority level).
If you use a tool, insert priority levels inside your tool and connect them to SLA. -
Updating to ISO 27001:2013 Lead Auditor Course?
I was just about to contact you about the steps for obtaining the certificate and you sent me an appropriate email.
You said that I can take the course any time I want, of course after the payment.
Does it mean that the time of taking the exam is during the valid date of the standard, in other words, until other version of the standard is declared by the ISO organization.
Answer:
I am not sure what you mean, but if you are qualified as ISO 27001 Lead Auditor, it is so for any time, anyway if you are qualified now on ISO 27001:2013, and next year is published ISO 27001:2016, you will need to perform a transition course, but you do not lose your qualification about ISO 27001.
Maybe this article about qualifications can be interesting for you “Qualifications for an ISO 27001 Internal Auditor” : https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/ -
IRCA/RABQSA accredited certificate
I am willing to undergo ISO:27001 certification. I want to know what difference does it makes whether the institute/organisation which is providing me training will give IRCA/RABQSA accredited certificate.
Answer:
They have the same functions (basically both can certify individual professionals: ISO 27001 Lead Auditor, Lead Implementer, etc) and they are competitors, so the difference can be that IRCA maybe is more known internationally, although RABQSA also has good prestige.
By the way, a course accredited (by IRCA or RABQSA, or any other), have more international prestige that one course that is not accredited by a entity with good prestige, although probably you can obtain the same knowledge.
This article can be interesting for you “Qualifications for an ISO 27001 Internal Auditor” : https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
And finally, maybe our online course can be also interesting for you “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/ -
Criterios para la aceptación del riesgo y registros
Lo siento pero no estoy seguro si te he entendido bien, porque realmente no es necesario que lleves a cabo una evaluación de los criterios para la aceptación de riesgos, simplemente tienes que establecer criterios para el riesgo (los valores financieros pueden ser un ejemplo de criterios para el riesgo), y la aceptación del riesgo (establece la condición que puedes usar para decidir si puedes vivir con un particular riesgo). Para más información sobre esto, por favor, lee este artículo (en inglés) “Risk appetite and its influence over ISO 27001 implementation” : https://advisera.com/27001academy/blog/2014/09/08/risk-appetite-influence-iso-27001-implementation/ En relación a tu segunda pregunta, nosotros registramos la información sobre los criterios del riesgo y la aceptación del riesgo en nuestra plantilla relativa a la metodología de gestión de riesgos, por tanto, quizás pueda ser interesante para ti (puedes ver una versión gratuita pulsando en el enlace "Demo gratis") “Metodología de evaluación y tratamiento de riesgos” : https://advisera.com/27001academy/es/documentation/metodologia-de-evaluacion-y-tratamiento-de-riesgos/ Finalmente estos artículos también te pueden resultar interesantes (en inglés): "Why is residual risk so important?" : https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/ "How to write ISO 27001 risk assessment methodology" : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/ -
BCM structure
Answer:
You can learn about the BCM structure according to ISO 22301 in this article: https://advisera.com/27001academy/what-is-iso-22301/, and you'll find the steps in the ISO 22301 implementation here: 17 steps for implementing ISO 22301 https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/
Reporting structure and the position of crisis management are not very clearly defined in ISO 22301, but you can find some suggestions in this article: Activation procedures for business continuity plan https://advisera.com/27001academy/blog/2011/09/26/activation-procedures-for-business-continuity-plan/
By the way, this book will explain you the whole ISO 22301 implementation, including suggestions on crisis management: Becoming Resilient https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Welcome to the ISO 14001 Expert Advice Community!
This is your most comprehensive source for information related to ISO 14001. What can you do here? Look for ideas or find answers to your questions, chat with other colleagues, share your thoughts or success stories with others… or just hang out. So, dig in and start exploring! -
eStewards Version 2 and ISO 14001:2015
Answer:
The current version of e-Stewards Standard for Responsible Recycling and Reuse of Electronic Equipment is referencing explicitly to the ISO 14001:2004. If you take a look at the text of eStewards Version 2, you will notice that the ISO 14001 requirements are marked with italic font and clearly distinguished from eStewards Version 2 requirements.
New version of the ISO 14001 didn't changed in a way that significantly alters requirements common to the both standards, it only has additional ones such as context of the organization and addressing risks and opportunities that doesn't influence on the compliance with eStewards Version 2.
Since there is three years period to transition to the new version of the ISO 14001, you can wait for the new version of the eStewards which will be published in 2017 or even earlier, or to make the transition before that and later just comply with new re quirements of the eStewards (if there are any).
For more information, see:
- 12 steps to make the transition from ISO 14001:2004 to 2015 revision https://advisera.com/14001academy/blog/2015/09/28/12-steps-to-make-the-transition-from-iso-140012004-to-2015-revision/
- How to avoid nonconformities during the ISO 14001:2015 transition https://advisera.com/14001academy/blog/2015/10/26/how-to-avoid-nonconformities-during-the-iso-140012015-transition/
If you want to find out more about ISO 14001:2015 requirements, you can visit our free online course -
Welcome to the ITIL & ISO 20000 Expert Advice Community!
This is your most comprehensive source for information related to ITIL & ISO 20000. What can you do here? Look for ideas or find answers to your questions, chat with other colleagues, share your thoughts or success stories with others… or just hang out. So, dig in and start exploring!