Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11269 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Logs Management

The approach you take must depend on the perceived risks, legal requirements to be fulfilled, and available resources. In terms of ISO 27001 both approaches are acceptable, each one with its own advantages and disadvantages (e.g., logs in separate places mean that regular servers' administrators and operators will not have access to them, increasing security, but this configuration requires more resources and administrative effort).

This article will provide you a further explanation about log management:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
ISO 14001 - Environmental objectives section

No, it is not the same thing.

Based on the environmental assessment an organization determines the significant environmental aspects.

Based on the environmental policy, that sets priorities, and on the significant environmental aspects, an organization must develop its environmental objectives. So, basically, under the priorities of the environmental policy, what environmental improvement challenges must be tackled with scarce resources.

Please check this information below with more detailed answers:
- How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
- Examples of ISO 14001 objectives based on the different company sizes - https://advisera.com/14001academy/blog/2019/10/22/iso-14001-objectives-examples-for-different-company-sizes/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
Based on what the sample size to do MSA?

There are different types and purposes of MSA studies. One of them is GRR, which is a repeatability and reproducibility study. In this study, 3 operators measure 10 parts three times. In other words, MSA study is performed according to 90 measurement results.

Another example of MSA studies is "BIAS" study.

The meaning of BIAS is the difference between the observed average of measurements and the reference value. In this study, the reference part is measured at least 10 times by an operator.

As I mentioned above, there are different types of MSA studies. Such studies are applied according to the type of device and purpose.

For more information, you can see the following article:
- How to Establish Measurement System Analysis According to IATF 16949 https://advisera.com/16949academy/blog/2017/11/08/how-to-establish-measurement-system-analysis-according-to-iatf-16949/
- Risk Assessment Table
  
  This catalog included in the toolkit is generally enough for most of our customers, but if you need additional threats and vulnerabilities to you risk assessment, I suggest you see this document from Enisa, which shows a set of materials with lists of threats and vulnerabilities:
  - Reference source for threats, vulnerabilities, impacts and controls in IT risk assessment and risk management https://www.enisa.europa.eu/publications/archive/reference-source-for-threats-vulnerabilities-impacts-and-controls-in-it-risk-assessment-and-risk-management
- Mandatory Procedures
  
  First of all, we apologize for this situation. This article was written for the 2005 version of the standard.
  
  Although version 2005 of ISO 27001, in fact, prescribed four mandatory procedures, its current version does not prescribe them anymore (although some organizations keep/elaborate them as good practice). These currently non-mandatory procedures are: procedure for document and record control, internal audit procedure, corrective action procedure, and management review procedure.
  
  This article will provide you a further explanation about all mandatory documents and records for ISO 27001:
  - List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Significant aspects of ISO 14001
  
  When working with organizations I start with what I think is the most basic rating system:
  
  Does it comply with compliance obligations? If no, it is significant. If yes, apply a second test based on frequency/probability versus severity.
  
  Where L stands for Low, M stands for Medium and H stands for High.
  
  Please check this information below with more detailed answers:
  - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
  - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
  - ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
  - Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
  - Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
- Implementation of the function segregation matrix in a small company
  
  First is important to note that ISO 27001 does not prescribe how to document responsibilities in an ISMS, so organizations are free to document them the best they fit their needs.
  
  Considering that, there are two common ways:
  - you can document the segregated functions directly in the document they are used (e.g., documenting the responsibilities to create and test backup in the Backup Policy). In this approach, users have easy access to the information, but it is more complicated to have a systemic view
  - you can create a single function segregation matrix, documenting all segregated functions you have. In this approach, it is easier to have a general view of functions, but users may find it difficult to use the documents when needed.
  These articles will provide you a further explanation about documenting responsibilities and segregation of functions:
  - How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
  - Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/
- Implementação da matriz de segregação de funções em um empresa com 130 funcionarios
  
  Em primeiro lugar, é importante observar que a ISO 27001 não prescreve como documentar responsabilidades em um SGSI, portanto, as organizações são livres para documentá-las da melhor forma que atendam às suas necessidades.
  
  Considerando isso, existem duas maneiras comuns:
  - você pode documentar as funções segregadas diretamente no documento em que são usadas (por exemplo, documentar as responsabilidades para criar e testar o backup na Política de Backup). Nessa abordagem os usuários têm fácil acesso às informações, mas é mais complicado ter uma visão sistêmica
  - você pode criar uma única matriz de segregação de funções, documentando todas as funções segregadas que você possui. Nessa abordagem, é mais fácil ter uma visão geral das funções, mas os usuários podem achar difícil usar os documentos quando necessário.
  Estes artigos fornecerão mais explicações sobre a documentação de responsabilidades e segregação de funções:
  - Como documentar papéis e responsabilidades de acordo com a ISO 27001 https://advisera.com/27001academy/pt-br/blog/2016/06/22/como-documentar-papeis-e-responsabilidades-de-acordo-com-a-iso-27001/
  - Segregação de funções em seu SGSI de acordo com a ISO 27001 A.6.1.2 https://advisera.com/27001academy/pt-br/blog/2016/11/23/segregacao-de-funcoes-em-seu-sgsi-de-acordo-com-a-iso-27001-a-6-1-2/
- Individual relevance of ISO 9001
  
  ISO 9001 is a standard developed for organizations not for individuals. Nevertheless, it has benefits for employees. Please, check this article - What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
  
  You can find more information below:
  - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
  - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11269 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Logs Management

ISO 14001 - Environmental objectives section

Based on what the sample size to do MSA?

Risk Assessment Table

Mandatory Procedures

Significant aspects of ISO 14001

Implementation of the function segregation matrix in a small company

Implementação da matriz de segregação de funções em um empresa com 130 funcionarios

Individual relevance of ISO 9001

Didn’t find an answer?