Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO27001 Lead Implementer Training

    1 - I recognize that the exam for the course provided by Advisera is "accredited" by Exemplar Global but there seem to be several ISO27001 Lead Implementer qualifications provided by and accredited by various companies. Are these qualifications benchmarked against each other to ensure they are the same level of detail/difficulty?  

    Unfortunately, at this moment our ISO 27001 Lead Implementer exam is not accredited, but we are in the accreditation process at this moment. As soon as this process is concluded our customers will be contacted.

    Considering accredited exams, you need to check if the accredited providers are certified against ISO 17024 – which provides general requirements for bodies operating certification of persons.

    Provided they fulfill this standard’s requirements, their certifications qualification levels are similar.

    These articles will provide you a further explanation about ISO 27001 personnel certifications:

    2 - Also, having passed the exam can you state you are an "ISO27001 Lead Implementer" or do you need to demonstrate some level of practice in the industry (in the same way as the CISSP and CISM qualifications) to an overarching body?

    I’m assuming that by overarching body you mean “certification body”, or a similar organization that is responsible for issuing the certification (like ISC2 for CISSP and ISACA for CISM). 

    Considering that, depending on the organization that is responsible for the exam, there may be other requirements to fulfill to be allowed to use the title "ISO27001 Lead Implementer". To know the specific detail you need to contact directly the exam provider.

    For Advisera's ISO 27001 Lead Implementer Course, there are no additional requirements but attending the workshop and passing the exam.

  • Who to audit during Top Management audition

    ISO 9000:2015 defines top management as “person or group of people who directs and controls an organization at the highest level”. Normally, auditing top management means auditing the member of the top management responsible for the quality management system (QMS). Auditing top management may mean auditing the owner of an organization, or the member of an Administration board responsible for the QMS.

  • Creating validation report

    The Validation procedure for the new machine consists of the following elements: installation qualification, operational qualification, and performance qualification. The purpose of the validation is to prove that the new machine works correctly and  provide accurate and expected results. Installation qualification confirms that the exact required equipment has been received and installed, in the correct design or format in undamaged form with parts, spare parts, gauges, and other necessary elements. Operational qualification ensures that the installed equipment will function in accordance with all its operational specifications in the specified environmental conditions. Performance qualification ensures that the installed equipment consistently performs its functions in accordance with the specification corresponding to its daily/routine use.

    For each validation, you need to have a validation plan and validation report. Validation report must have the following elements:

    • It must identify the impact of each piece of equipment on the product
    • Identifiy the risk that equipment have on the final product
    • Document which SOPs are used, calibration equipment, etc.
    • Have to have all criteria defined what is acceptable and what is not
    • All test results that were performed during the validation process<
    • Photos are always a good way of proving that you have performed something – like a photo of the screen on the equipment that reflects the conditions of the process and so on
    • Criteria when the revalidation will be performed

    For more information, see:

    • How to establish process validation in the QMS https://advisera.com/9001academy/blog/2017/01/31/how-to-establish-process-validation-in-the-qms/

    • Temperature calibrator

      As this apparatus was already in use, I assume that it was listed in the Record List_of_Laboratory_Equipment (8.1_Appendix_1). You could indicate in this record that it “removed or retired”, i.e. taken of service, by adding another column. I would use this option if you are a laboratory that has a big turnover of equipment. Otherwise just remove the entry from the record,  strikeover the text or add a comment and save an updtated revision of the record. If you already have an Equipment_Maintenance_Record (Appendix_4) for the apparatus, record in there as well, that the apparatus is out of service.

      Don’t forget if you are storing the item in the laboratory to mark it clearly as “out of service” as well. 

    • Documenting processes in the ISMS

      Please note that ISO 27001 does not require "mapping" or documenting of each and every process in the Information Security Management System (ISMS) scope.

      For example, the HR process does not need to be documented, but if you decide to write it, you only need to document it in the level necessary for the people using them to perform their jobs correctly and securely.

      For example, the documentation detail level for experienced personnel will be much lesser than for novice personnel.

      These articles will provide you a further explanation about documentation development:
      - How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
      - 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
      - List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

    • Mudanças no documento

      A política de dispositivo móvel não foi revista. Uma atualização apropriada da política de acordo com o contexto da sua organização requer a realização de uma avaliação de riscos de segurança da informação para identificar quais novos riscos relevantes surgiram, para que se possa identificar os controles adequados a serem aplicados.

      Este artigo fornecerá mais explicações sobre a avaliação de risco:

    • CAB

      If a laboratory (the Conformity Assessment Body - CAB) performs sampling at the source, e.g a factory or river, to collect a sample for testing; only then does clause 7.3 Sampling apply. Another way of putting it is a laboratory is not responsible for sampling if the sample is taken by another party and brought in or delivered for testing. That is, clause 7.3 does not apply. The other party could for example, be either the production department, researchers or other clients. Typically laboratories will state in the Quality Manual that Clause 7.3 requirements of ISO 17025 are not applicable as they do not perform sampling,

      There may be certain situations, where it is necessary, to meet Clients purpose of the test, for the laboratory to provide sampling and transport instructions or guidance to assist the client present a more representative, stable sample. This is to ensure the sample result is more representative of the source as a whole (e.g a drinking water well). The client should also be informed as to what information to record, like date of sampling. This is crucial information for the interpretation of many results. Once the sample arrives at the laboratory any sample splitting, aliquoting or handling is covered other the other technical requirements, including clause 7.4 Handling of test or calibration items.

      For more information on the requirements of ISO 17025, download the free White Paper Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025

    • Documents required from support/CSM perspective

      I’m assuming that by CSM you mean Customer Support Management.

      Considering that, to be compliant with ISO 27001, besides the mandatory documents and records, to define which documents would be required, you would need to consider elements like:
      - relevant risks
      - compliance with legal requirements (e.g., laws, regulations, and contracts)
      - company size
      - process importance, complexity, and maturity
      - number of people involved
      - frequency of use

      For example, regarding compliance with legal requirements, there might be a customer requirement to classify data exchanged through customer service which you would cover through Classification Policy, or there might be a regulation which requires the protection of customer personal data with encryption which you would cover through Encryption Policy.

      This article will provide you a further explanation about which document to develop:
      - 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

      This article will provide you information about ISO 27001 mandatory documents and records, as well as the most commonly used documents:
      - List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

    • Requirements to satisfy the requirements of ISO 27001?

      To fulfill ISO 27001 requirements related to competence (clause 7.2), you need to identify which competencies are necessary for doing work that affects information security performance.

      While the Security Awareness Training, GDPR e-learning, and training about policies and procedures most probably will fulfill part of the requirement, you need to check if more specific activities are required. For example, training on a specific technology used by your organization, or on a new process that needs to be implemented, like a disaster recovery process.

      This article will provide you a further explanation about training and awareness:

    • Compliance

      If there are certified calibrators for the test method then you could provide the traceability that way. 

      I suggest you contact the national accreditation body or preferred accreditation body and discuss what programme your work would fall under. Then you will know if you need to address traceabilty as a calibration test (i.e calibration lab) or equipment performance test (i.e a testing lab). At the same time, the accreditation body will be able to provide an estimate of the costs to apply for accreditation.

      Then regarding your implementation costs, they will depend on your scope of work and whether you use a consultant or a toolkit. For more information have a look at my response to a similar question regrding costs; at https://community.advisera.com/topic/iso-17025-accreditation-2/. There are number of links there to assist with further.
Page 134-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +