Search results

Toolkit content

The following documents may cover the documents you mentioned (you should consider seeing their free demo to evaluate if they can fulfill your needs):
- Threat management policy and/or process: Incident Management Procedure https://advisera.com/27001academy/documentation/incident-management-procedure/
- Policy and/or monitoring strategy: Security Procedures for IT Department https://advisera.com/27001academy/documentation/security-procedures-for-it-department/
- Data management policy (rest, in transit and in third parties): Information Classification Policy https://advisera.com/27001academy/documentation/information-classification-policy/
- Risk Impact Analysis (RIA): Risk Assessment and Risk Treatment Methodology https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
- Crisis Plan: Business Continuity Plan https://advisera.com/27001academy/documentation/business-continuity-plan/

For the remaining documents, they are not included in the toolkit because they are not commonly used in an ISO 27001 implementation, but in case you need to document them and find it difficult to write them by yourself, by buying the toolkit you will have access to support channels that you can use to clarify your doubts on how you should write them.

Implementing and verifying items

I’m assuming you are referring to ISO 27001.

Considering that, to implement ISO 27001, broadly speaking, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:

• defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
• development of risk assessment and treatment methodology;
• perform a risk assessment and define the risk treatment plan;
• controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
• people training and awareness;
• controls operation;
• performance monitoring and measurement;
• perform an internal audit;
• perform management critical review; and
• address nonconformities, corrective actions, and opportunities for improvement.

To see how documents compliant with ISO 27001 look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

This article will provide you a further explanation of ISMS implementation:

• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These materials will also help you regarding ISO 27001 implementation:

• How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/
• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

How is the compliance of each ITEM verified?

Compliance verification is performed by means of an internal audit. For the preparation for an internal audit you should consider these general steps:

• identification of the audit scope (is it the whole scope or only part of it?)
• review of the ISMS documents related to the audit scope (e.g., policies, procedures, and records), considering the main clauses from the standard (from sections 4 to 10), and controls from Annex A stated as applicable in your Statement of Applicability (SoA). 
• review the status of the actions related to the decisions made in the last management review.
• review the status of the raised nonconformities and opportunities for improvement.

These articles will provide you a further explanation about internal audit:

• How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
• Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/

These materials will also help you regarding internal audit:

• ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
• Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

ISO 14001 PESTLE analysis

Factors from a PESTLE analysis are external issues. Considering your organization’s strategic orientation and relevant interested parties you can classify those factors as positive or negative (opportunities or threats). If you do the same exercise for internal factors you can classify them as positive or negative (strengths or weaknesses).

Now, you can match opportunities with strengths or weaknesses, and you can match threats with strengths or weaknesses, and what you get is a set of risks and opportunities.

Although about ISO 9001, perhaps the technique that I use and present in this free webinar on-demand - Context of the organization, interested parties, and scope - - may be useful for you to work with context and interested parties to determine risks.

Please check this information below with more detailed answers:

• ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO 14001 benefits

Start by reading these articles - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/ and - ISO 14001: The benefits for customers - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/ - can you use one or more topics from the articles to support your proposal. Can your organization win new clients that demand ISO 14001 certification? Can your organization reduce costs due to a systematic improvement of environmental issues? For example, while implementing an environmental management system I was able to reduce costs and improve productivity by changing to water-based adhesives instead of solvent-based ones.

You can find more information below with more detailed answers:

• Project checklist for ISO 14001 implementation - https://info.advisera.com/14001academy/free-download/project-checklist-for-iso-14001-implementation
• ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

SCC

It is the adopted version (the old one) because the draft of new Standard Contractual Clauses (SCC) is not officially adopted. 

If you need to understand how to use SCC, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Is explicit consent request necessary?

According to Article 8 GDPR, the processing of children’s data requires consent from their parents or from the person holding parental responsibility over them. Even if the legal ground is a contract, the child cannot enter into a contract without parental consent.Recently, some social networks had been fined by Surveillance Authorities because it was not implemented a system to verify the age of the user and require parental consent. 

LIMS validation

The Toolkit includes a Laboratory Information Management System (LIMS) Validation Register and generic template for a LIMS record. These are associated with the Quality Assurance Procedure. The record guides the user to record the purpose and type of test planned. Then the Test case and Procedure , Acceptance criteria and Comments / Action required can be recorded. All the other felds are provided, for example for additional comments / monitoring of risk, record of person performing the validation and approving the validation.

It is the laboratory’s role to identify the criteria and list them in the record. This reinforces the awareness and consideration of the needs. The latest Part 11, Electronic Records; Electronic Signatures - Scope and Application is available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application 
To view a preview of the Advisera 17025 toolkit and the LIMS register and record, you can go to https://advisera.com/17025academy/iso-17025-documentation-toolkit/

Retaining documented information

AS9100 Clause 8.2.3 is about the review of requirements for products and services, and clause 8.2.3.2 is a subclause to this. So in clause 8.2.3.1 you review if you are able to meet all of the requirements for your products and services (customer, legal, other), and clause 8.2.3.2 is telling you that you need to keep records on what you found in your review (the results of the review). For example, could you meet everything, did you change requirements due to customer agreement, etc.

As this is common to ISO 9001, you can read mor in this related 9001Academt article: How Product Requirements work in ISO 9001, https://advisera.com/9001academy/blog/2014/04/08/product-requirements-work-iso-9001/