Search results

Home / Search

Category:
Select
Select

11288 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • New version of ISO 27001 standard

    1 - I just want to confirm until the standard goes through the next version there is nothing I need to do on annual basis to maintain my certification? 

    Answer: To keep your ISMS certification, you need to maintain the ISMS and undergo surveillance audits at scheduled times, or your certification will be suspended, and in case of prolonged delay (that will be less than two years), the certification will be canceled, and you will need to undergo all the certification process again.

    For further information, see this material:
    - Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
    - ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
    - How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/ 
    - ISO 27001 Certification: What’s next after receiving the audit report? https://advisera.com/27001academy/blog/2015/05/18/iso-27001-certification-whats-next-after-receiving-the-audit-report/

    2 - Are there any annual certification fees? I just want to get my expectations in place.

    Answer: Costs related to surveillance audits need to be questioned directly to your certification body. Normally contracts with certification bodies are set considering a full certification cycle (i.e., certification audit and surveillance audits), so this information about costs may be included in the contract clauses (the recertification cost is similar to the certification cost).

    Additional costs you need to pay attention are related to the auditor’s travel costs (if he or she is out of your town), as the client will be responsible for his or her lodging, and the auditors’ fee related to his or her experience in the client's industry because their feedback is considered more valuable.

  • Is ISO 27002 part of ISO 27001?

    ISO 27002 is an independent document from ISO 27001. It provides detailed guidance and recommendations for the implementation of controls from ISO 27001 Annex A, but it can be bought and used independently from ISO 27001.

    These articles will provide you a further explanation about ISO 27002:

    This material will also help you regarding ISO 27002:

  • Fiber optic cable risk

    Considering the asset-threat-vulnerability approach for risk assessment, some risks can be raised by the combination of the following threats and vulnerabilities:

    Threats:

    • breakdown of communication links
    • damage caused by third-party activities
    • deterioration of media
    • fire
    • information interception
    • unauthorized physical access
    • vandalism

    Vulnerabilities:

    • cable placing
    • inadequate maintenance
    • inadequate supervision of the work of employees
    • location sensitive to natural disasters
    • unauthorized access to facilities allowed

    For example, damage caused by third-party activities due to cable placing, or unauthorized physical access due to unauthorized access to facilities allowed

    These articles will provide you a further explanation about risk assessment:

    This material will also help you regarding risk assessment:

  • Help on knowledge management implementation

    Perhaps organizational knowledge in ISO 9001 (clause 7.6) can be useful for your purpose. Please consider this image:

    https://www.screencast.com/t/XS7rxCzRoa

    The first and second paragraphs of clause 7.1.6 are about quadrants 1 and 2.

    Quadrant 1 is about what we know that we know – that is written in procedures, work instructions, tables, specifications. Normally, is listed or codified in job descriptions and when someone starts in a new position Human Resources plans an integration program for that knowledge transfer.

    Quadrant 2 is about what we don’t know that we know – that is work experience not codified, you know, unwritten rules. Normally, is transferred through coaching with more experienced job partners.

    What I recommend is to: look for each process and list the functions that participate and determine what kind of knowledge someone with that function need to be autonomous and make good decisions, aligned with the quality policy and objectives.

    The third and fourth paragraphs of clause 7.1.6 are about quadrants 3 and 4.

    Quadrant 3 is about what we know that we don’t know – that is information that when an organization realizes that is missing can be obtained through training, books, seminars, consultants, suppliers, technical magazines. For example, this question fits in this quadrant.

    Quadrant 4 is about what we don’t know that we don’t know – I call it the radar. How does the organization keep a radar working relevant information that can change the future of the business? Normally, organizations keep track of anything new through books, magazines, blogs, conferences, networking, suppliers, …

    The following material will provide you more information about organizational knowledge:

  • Is it necessary for calibration lab to carry out interlab comparisons or join a PT scheme?

    On the one hand that approach is the best you can do and it is anyway, all about assurance – that the result is valid. On the other hand, there are additional specific criteria that Calibration laboratories have to meet, established by the accreditation body. The reason, understandably, is that the calibration laboratory is issuing a certificate were the risk is that any errors will be  transferred to the testing laboratories. I suggest you discuss this with your accreditation body as it may be suitable and appropriate to seek accreditation as a testing laboratory where the lab effectively does quality control and verifies the performance of the produced equipment.

  • Clauses 8 & 10

    I think it will be easier when you start mapping processes and drawing flowcharts about what happens in your organization around patients.

    Some weeks ago, I went to the doctor to see my eyes. I as a patient followed a process like this:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/b7844ece-409f-488e-9cec-8b7e58ba9678

    Your organization draws a flowchart representing a process and can ask: What can go wrong? What needs to be improved? With this, you apply the risk-based approach and can determine week points that need to be handled. Please check slide “Risks and processes” in the free webinar on-demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ way your organization determine the need for process or service control, determine the need for work instructions, determine the need for changes.

    Now, let us see section 8:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/c6747372-2be0-4818-bcb2-bffa494ac6eb

    8.1 – is a general clause

    8.2 – is about understanding what the needs and requirements of patients are and reaching an agreement on conditions to perform the service

    8.3 – is about developing a new service

    8.4 – is about purchasing products, services or processes – it may be cleaning services, administrative services, analysis services, other doctors specialized in particular conditions. It may be buying chemicals or consumables for equipment or tests

    8.5.1 – is about having procedures, having specifications for the process, having qualifications for the job, having specifications for the service

    8.5.2 – is about identification of the patient, doctor, and lots of consumables used

    8.5.3 – is about patient property that may be lost or damaged while he/she is at the facilities

    8.5.4 – is about preservation of chemicals or consumables while stored

    8.5.5 – is about any guarantees or scheduled calls from organization to follow-up patient condition

    8.5.6 – is about changes that need to be done when an equipment is malfunctioning, or a consumable is missing, and the usual procedure cannot be performed

    8.6 – is about quality control to ensure that what can go wrong is not wrong

    8.7 – is about dealing with nonconformities – when what can go wrong go wrong – giving the wrong prescription, for example

    Section 10 is about developing corrective actions (clause 10.2) when a nonconformity occurs or when a relevant process indicator has a bad performance. For example, patients are waiting too much to be seen by a doctor. Clause 10.3 is about deciding to improve even when there are no no-conformities.

    You can find more information below:

  • External audit

    Sem mais informações sobre as não conformidades identificadas (ex.: cláusula(s) impactadas e o que foi observado), o que podemos informar é que os templates disponíveis no kit de documentos da ISO 27001 estão em conformidade com os requisitos da ISO 27001, tendo sido aceitos por auditores de certificação em todo o mundo.

    Para ver uma demonstração deste kit, por favor acesse este link: https://advisera.com/27001academy/pt-br/kit-de-ferramentas-da-documentacao-da-iso-27001/

    Este material pode prover mais informações sobre o uso do kit de documentos:

Page 243-vs-13485 of 1129 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +