Search results

About implementing ISO 27001

1 - My situation is that I am an intern at a small company whose servers are in the cloud (***), and they have a website of their own. So my question is implementing ISO27001 would be meaningless for such architecture, if not how should i define the context of the organization in such a case.

SO 27001 aims the protection of information regardless of where it is, so it is also applicable when the information to be protected is hosted in a cloud solution.

The definition of the ISMS scope when information is on a cloud solution will depend on the control you have over the cloud

• for IaaS, the scope excludes physical infrastructure and virtual machines
• for PaaS, the scope excludes virtual servers, and, to some degree, applications
• for SaaS, the scope excludes datacenter facilities’ physical location, hardware, and software

This article will provide you a further explanation about defining a scope considering cloud models:

• Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/

2 - Also what sources would help a beginner like me to achieve this implementation of the standard. By the way, I started the course online in advisera titled "ISO 27001:2013 Lead Implementer Course" is it a good start?

To help beginners to implement ISO 27001 Advisera provides several articles and downloadable materials the can provide guidance.

Additionally, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

This toolkit has the mandatory and most commonly used documents for an ISO 27001 implementation, and they include comments that can help to customize the documents to your organization's needs.

Regarding the Lead Implementer course, it is a good way to start an understanding of how to implement ISO 27001.

These articles will provide you a further explanation about ISO 27001:

• What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
• Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/

These materials will also help you regarding ISO 27001:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/  

Is Core Tools the most important tools in implementing IATF 16949?

Yes, core tools are extremely important in IATF 16949:2016  application. Especially in the new product launch process, production and quality processes, APQP, PPAP, FMEA, SPC, MSA must be applied for IATF 16949:2016 requirements.

The necessity of these applications is specified in IATF 16949: 2016 standard clauses 8.1,8.3,8.5,8.6,8.7,9.1.1.1 and customer-specific requirements. Especially according to OEM customer-specific requirements, while giving PPAP for a new project, there must be evidence of core tools in the PPAP file. At the same time, the IATF standard is a technical standard and an important purpose is the reduction of scrap, waste, and ensuring continuous improvement. Achieving this goal cannot be achieved without applying Core tools.

For more information please see the following:

• What are the five core tools of IATF 16949? https://advisera.com/16949academy/blog/2017/08/23/what-are-the-five-core-tools-of-iatf-16949/

• Audit plans and processes

  Yes, you can. I always recommend following that practice, particularly, when an internal auditor has less experience, or has little time to prepare an audit to the whole management system. For example, in this free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ - I give an example of preparing a partial audit.

  You can find more information below

  • ISO 9001 Horizontal audit vs. vertical audit - https://advisera.com/9001academy/blog/2015/03/03/iso-9001-horizontal-audit-vs-vertical-audit/
  • ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
  • Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• ISO 9001 The Best Way to Implement QMS

  Design and implementing a quality management system (QMS) implies being knowledgeable about ISO 9001:2015. Now the standard is less and less bureaucratic, it is up to each organization the task to design, develop and implement its QMS.

  Setup a project sponsor, a project manager and a project team. Determine the scope of the QMS, your organization may decide to include only certain lines of business. Ensure top management support, get training and as a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis you can develop your Project Plan, listing what needs to be done, by whom, until when.

  Then, an important step is to design a model of how your organization work as a set of interrelated processes. For example:

  

  Decide how to describe and monitor those processes.

  From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

  This is a very short description of the journey but below you can find more detailed information:

  • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
  • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Enroll for free course - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• ISO 9001 Implementation in a Start-up Company

  A - Let me use new company to represent a new company with an established business model, like a restaurant, like a new shoe manufacturing plant, or a new transport company.

  B - Let me use start-up company as a designation for a project of company in search of a business model. Startups, in reality, are not yet companies, they are still projects of companies in search of a successful business model and customer fit. So, a startup is like an experiment being done. The startup can be called a company only after finding the right business model, a customer fit, and when it starts scaling. Only then, the procedures and internal standards are ready to be documented.

  So, for situation B it is too early to certify. For situation A, I think it is easier to get ISO certification than with an established company (with same resources and motivation). An established company has to unlearn some practices and that it is not always easy.

  You can find more information below:

  • Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
  • What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
  • How to budget an ISO 9001 implementation project - https://info.advisera.com/9001academy/free-download/how-to-budget-an-iso-9001-implementation-project?utm_source=script-for-iso-9001-lead-implementer-course&utm_medium=downloaded-content&utm_content=lang-en&utm_campaign=free-downloads-9001
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

   

• Disclosing identity of user in a copyright infringement proceeding

  I assume that the establishment you are referring to is under extra-EU law and subject to the legislation of its own country. If so, I am afraid it must share personal data in a copyright infringement proceeding. Article 6 paragraph 1 letters c) GDPR allow to disclose personal data to comply with a legal obligation.

  Here you can find more information:

  • Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/

  You can consider enrolling in our free EU GDPR Foundations Course

  • EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • ISO 14001 Waste Management

    For waste management I find it useful to design a kind of process flow since waste generation, segregation, general collection, disposal, over a plant of the facilities. That way everybody can grasp the whole picture.

    Where are wastes generated, of what kind, in what amounts and by whom? – From here you can think about the need and dimension of different bins to collect segregated wastes, who needs training and awareness about what bins to use. Who will collect? Who is responsible for contacts with waste disposal company? What can be or what makes sense to measure?

    Please check this information below with more detailed answer:

    • 7 steps in handling waste according to ISO 14001 - https://advisera.com/14001academy/blog/2016/11/07/7-steps-in-handling-waste-according-to-iso-14001/
    • Using ISO 14001 to manage and reduce waste in the electronics industry - https://advisera.com/14001academy/blog/2017/02/13/using-iso-14001-to-manage-and-reduce-waste-in-the-electronics-industry/
    • Is a gap analysis desirable for ISO 14001 implementation? - https://advisera.com/14001academy/blog/2016/11/14/is-a-gap-analysis-desirable-for-iso-14001-implementation/
    • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

  • ISO 9001 Developing Risk Register and an Opportunity Table

    You can certainly see your expertise in the article you write. The world hopes for even more passionate writers like you who aren't afraid to say how they believe. At all times go after your heart.

  • ISO 9001 Question

    I start showing that interaction through a picture like this one.

    

    Then, in each process description I list the main relevant clauses.

    The following material will provide you more information about the process approach:

    • Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ - please check how training can be related with the process approach
    • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - where I extensively use the process approach.
       

  • ISO 9001 Remote Audit Procedure

    Unfortunately, we still have not develop that procedure, but perhaps this free webinar on demand can help you - - How to perform an internal audit remotely - https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/ a detailed explanation about how to remotely audit operations using a tablet, a smartphone, CCTV or a drone.

    You can find more information below:

    • What are the benefits and barriers when performing remote audits? - https://advisera.com/articles/what-are-benefits-and-barriers-when-performing-remote-audits/
    • ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
    • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/