Search results

Patch Management Policy and Vulnerability Management Policy

Patch management and vulnerability management would be best covered in A.12.1 - Security Procedures for IT Department, located on folder 08 Annex A Security Controls >> A.12 Operations Security since it involves change management.

This article will provide you a further explanation:

• How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

ISMS scope of a digital bank

Você pode definir o escopo em termos de apenas uma parte da organização (ou seja, o Banco de Dados), mas em geral, para pequenas e médias empresas, a melhor abordagem é incluir toda a organização no escopo do SGSI, porque o esforço para separar o escopo para tais organizações pode não valer a pena.

Estes artigos fornecerão uma explicação adicional sobre a definição do escopo:

• Como definir o escopo do SGSI https://advisera.com/27001academy/pt-br/knowledgebase/como-definir-o-escopo-do-sgsi/
• Problemas com a definição do escopo da norma ISO 27001 https://advisera.com/27001academy/pt-br/blog/2010/12/21/problemas-com-a-definicao-do-escopo-da-norma-iso-27001/

Esses materiais também irão ajudá-lo com relação à definição do escopo:

• How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

BCP implementation

Once you have identified the disruptive scenarios you have to handle, broadly speaking, the development of a continuity plan based on ISO 22301: 2012 requires the development of:

• incident response plans, with emergency actions to be performed right after the disruption being identified;
• continuity actions to bring activities back to the minimum agreed levels;
• recovery actions to bring activities back to normal operations.

These materials will provide you a further explanation about developing a continuity plan:

• Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/
• How to write business continuity plans? https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/
• Writing a business continuity plan according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
• Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

To see how a Business Continuity Plan compliant with ISO 22301 looks like, I suggest you see the free demo of our Business Continuity Plan at this link: https://advisera.com/27001academy/documentation/business-continuity-plan/

Appointment letters

Thank you, Rhand! 

ISO 27001 - Cloud Services

The ISMS scope states the information you want your ISMS to protect, so what you want to protect (in your example data and application software) needs to be stated in the ISMS. The detail that it is located in a cloud solution can be kept to be stated during the Risk Assessment.

This article will provide you a further explanation about the scope definition in the cloud:

• Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/

About implementing ISO 27001

1 - My situation is that I am an intern at a small company whose servers are in the cloud (***), and they have a website of their own. So my question is implementing ISO27001 would be meaningless for such architecture, if not how should i define the context of the organization in such a case.

SO 27001 aims the protection of information regardless of where it is, so it is also applicable when the information to be protected is hosted in a cloud solution.

The definition of the ISMS scope when information is on a cloud solution will depend on the control you have over the cloud

• for IaaS, the scope excludes physical infrastructure and virtual machines
• for PaaS, the scope excludes virtual servers, and, to some degree, applications
• for SaaS, the scope excludes datacenter facilities’ physical location, hardware, and software

This article will provide you a further explanation about defining a scope considering cloud models:

• Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/

2 - Also what sources would help a beginner like me to achieve this implementation of the standard. By the way, I started the course online in advisera titled "ISO 27001:2013 Lead Implementer Course" is it a good start?

To help beginners to implement ISO 27001 Advisera provides several articles and downloadable materials the can provide guidance.

Additionally, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

This toolkit has the mandatory and most commonly used documents for an ISO 27001 implementation, and they include comments that can help to customize the documents to your organization's needs.

Regarding the Lead Implementer course, it is a good way to start an understanding of how to implement ISO 27001.

These articles will provide you a further explanation about ISO 27001:

• What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
• Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/

These materials will also help you regarding ISO 27001:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/  

Is Core Tools the most important tools in implementing IATF 16949?

Yes, core tools are extremely important in IATF 16949:2016  application. Especially in the new product launch process, production and quality processes, APQP, PPAP, FMEA, SPC, MSA must be applied for IATF 16949:2016 requirements.

The necessity of these applications is specified in IATF 16949: 2016 standard clauses 8.1,8.3,8.5,8.6,8.7,9.1.1.1 and customer-specific requirements. Especially according to OEM customer-specific requirements, while giving PPAP for a new project, there must be evidence of core tools in the PPAP file. At the same time, the IATF standard is a technical standard and an important purpose is the reduction of scrap, waste, and ensuring continuous improvement. Achieving this goal cannot be achieved without applying Core tools.

For more information please see the following:

• What are the five core tools of IATF 16949? https://advisera.com/16949academy/blog/2017/08/23/what-are-the-five-core-tools-of-iatf-16949/

• Audit plans and processes

  Yes, you can. I always recommend following that practice, particularly, when an internal auditor has less experience, or has little time to prepare an audit to the whole management system. For example, in this free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ - I give an example of preparing a partial audit.

  You can find more information below

  • ISO 9001 Horizontal audit vs. vertical audit - https://advisera.com/9001academy/blog/2015/03/03/iso-9001-horizontal-audit-vs-vertical-audit/
  • ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
  • Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• ISO 9001 The Best Way to Implement QMS

  Design and implementing a quality management system (QMS) implies being knowledgeable about ISO 9001:2015. Now the standard is less and less bureaucratic, it is up to each organization the task to design, develop and implement its QMS.

  Setup a project sponsor, a project manager and a project team. Determine the scope of the QMS, your organization may decide to include only certain lines of business. Ensure top management support, get training and as a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis you can develop your Project Plan, listing what needs to be done, by whom, until when.

  Then, an important step is to design a model of how your organization work as a set of interrelated processes. For example:

  

  Decide how to describe and monitor those processes.

  From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

  This is a very short description of the journey but below you can find more detailed information:

  • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
  • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Enroll for free course - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• ISO 9001 Implementation in a Start-up Company

  A - Let me use new company to represent a new company with an established business model, like a restaurant, like a new shoe manufacturing plant, or a new transport company.

  B - Let me use start-up company as a designation for a project of company in search of a business model. Startups, in reality, are not yet companies, they are still projects of companies in search of a successful business model and customer fit. So, a startup is like an experiment being done. The startup can be called a company only after finding the right business model, a customer fit, and when it starts scaling. Only then, the procedures and internal standards are ready to be documented.

  So, for situation B it is too early to certify. For situation A, I think it is easier to get ISO certification than with an established company (with same resources and motivation). An established company has to unlearn some practices and that it is not always easy.

  You can find more information below:

  • Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
  • What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
  • How to budget an ISO 9001 implementation project - https://info.advisera.com/9001academy/free-download/how-to-budget-an-iso-9001-implementation-project?utm_source=script-for-iso-9001-lead-implementer-course&utm_medium=downloaded-content&utm_content=lang-en&utm_campaign=free-downloads-9001
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/