Search results

IATF Requirements

During the incoming inspection of the product, the features of the part according to the technical drawing should be checked. These are both size checks and visual checks. For example, controls such as color, burrs, deformation, and rust are visual controls.

If such features are specified in the technical drawing, visual checks should be made during incoming inspection. 

Smart devices

You can find a lot of useful information on the ENISA site: https://www.enisa.europa.eu/

For this specific need, you should take a look at ENISA’s control map at this link: https://www.enisa.europa.eu/topics/incident-reporting/for-telcos/guidelines/technical-guideline-on-minimum-security-measures/metaframework

Other useful information:

• https://www.enisa.europa.eu/publications/guideline-on-security-measures-under-the-eecc
• https://www.enisa.europa.eu/publications/5g-supplement-security-measures-under-eecc

Incident Management

While ISO 27001 only defines one objective for information security incident management, and seven controls that can be applied, it does not specify processes or activities to be performed. ISO 27035 defines detailed phases to be considered:

• Plan and prepare
• Detection and reporting
• Assessment and decision
• Responses
• Lessons learned.

The incident management procedure template included in the Iso 27001 toolkit presents a simple way to cover these phases in a general level to fulfill Iso 27001 requirements (where details related to the specific organizational context are needed, they are identified by comments in the template).

In this link, you can find more information about this standard: https://www.iso.org/obp/ui/#iso:std:iso-iec:27035:-1:ed-1:v1:en

Risk owner problem

Thank you!

ISO 22301 toolkit - audit procedure

Please note that ISO 22301 does not require clause 6.1 (Actions to address risks and opportunities) to be documented. Since they are related to the implementation of the BCMS, such actions are considered in the project plan, located in folder 01 Preparation for the Project.

Items related to clause 6.2 of ISO 22301 are covered in the template “Preparation Plan for Business Continuity”, located in folder 06 Business Continuity Strategy.

10.3 Appendix 3 Internal Audit Checklist

In case you are implementing only ISO 27001, you can exclude the references to ISO 22301 from your internal audit checklist. A certification auditor will not look for compliance against ISO 22301 if it is not part of the certification scope.

The checklist for ISO 27001 contains all necessary information to cover requirements related to cover continuity of information security in questions related to controls from section A.17.

This article will provide you a further explanation about building a checklist:

• How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

For further information, see:

• Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

Key management template

Please note that control A.10.1.2 is covered in the template Policy on the Use of Encryption, located in folder 08 Annex A Security Controls >> A.10Cryptography

Included in your toolkit there is a List of documents file which will show which controls and clauses of the standards are covered by each template

This article will provide you a further explanation about key management:

• How to use the cryptography according to ISO 27001 control A.10 https://advisera.com/27001academy/how-to-use-the-cryptography-according-to-iso-27001/

Vendor security clauses

Please note that “relevant clauses”, and how they are written, will depend on the context of each organization (i.e., results of risk assessment and applicable legal requirements), so we do not recommend such an approach when developing your own agreements.

In general terms, clauses to be considered would cover:

• Right to audit
• Notification about security breaches
• Adherence to security practices
• Response time to vulnerabilities
• Demonstration of compliance
• Management of supplier’s supply chain risks
• Communication of changes
• Maintenance of service levels

For further information, see:

• Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/

Question about BIA form

Please note that included in your toolkit you have access to a video tutorial that can help you on how to fill out this document, using real-life examples of what you need to write.

To access the tutorial, in your Inbox, find the email that you received at the moment of purchase - there, you will see a link that will enable you to access the video tutorial.