Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Copyright design
8.5.3 it is applicable because certified organizations should take care and protect customers’ intellectual property.
7.5.3 may be applicable because of the need to control relevant documents of external origin.
The following material will provide you more information:
- Managing Production and Service Provision using ISO 9001 - https://advisera.com/9001academy/blog/2017/11/21/managing-production-and-service-provision-using-iso-9001/
- What does “external documents control” mean in ISO 9001? - https://advisera.com/9001academy/blog/2019/02/04/what-does-external-documents-control-mean-in-iso-9001/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
2-factor authentication for Virtual Private Network
ISO 27001 does not prescribe the use of 2FA on VPNs. To identify if such implementation is needed you have the verify the results of risk assessment and applicable legal requirements (e.g., laws, regulations, and contracts), to see if such implementation will properly treat relevant risk, or fulfill legal clauses.
These articles will provide you a further explanation about the selection of controls and 2FA:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- How two-factor authentication enables compliance with ISO 27001 access controls https://advisera.com/27001academy/blog/2017/01/16/how-two-factor-authentication-enables-compliance-with-iso-27001-access-controls/
-
Signatures in documents
ISO 27001 does not prescribe signatures for documents, only that documents are approved before use. Considering that, provided you can ensure that documents content, in physical or electronic format, are approved before use you can adopt any approach you see fit (e.g., signing the front page of each document, keeping electronic versions of approved documents in a specific folder, etc.).
Signing a single document for all processes like you suggested is acceptable but not recommended, because users of documents won't be able to easily check if the document they have on hand is an approved version (signing the front page, or use of specific electronic folder, are examples which provides a balance between the need for signing and easiness of approval verification)
This material will also help you regarding document control:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
-
ISMS scope document
1. What is to be included in the scoping document beyond simply stating the locations that are 'In-scope for the ISMS?
The most important information to be included in the ISMS scope is the information the ISMS is intended to protect. Information like location, processes, or business units included in the scope helps clarify the scope.
To see how an ISMS scope document looks like, I suggest you take a look at the free demo of our ISMS scope document at this link: https://advisera.com/27001academy/documentation/isms-scope-document/
For more information, see:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
2. and when does this document need to be created - before the Project Plan Is signed off?
The ISMS scope is created after the Project Plan is signed off.
This article will provide you a further explanation about ISO 27001 implementation steps:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
This material will also help you regarding ISO 27001:
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
-
Is the book still compliant with the latest amendment of ISO 22301?
At this moment we are working on updating the book according to the 2019 version of ISO 22301 (to be released soon), but we already can say that this new version of the standard has fewer changes in terms of additions (reviewers work heavily on making ISO 22301 lighter in terms of documentation requirements)
These articles will provide you a further explanation about changes in new ISO 22301:
- Infographic: ISO 22301:2012 vs. ISO 22301:2019 revision – What has changed? https://advisera.com/27001academy/blog/2019/12/02/iso-22301-2019-vs-iso-22301-2012-key-changes-infographic/
- Do we need to make the transition from ISO 22301:2012 to the 2019 revision? https://advisera.com/27001academy/blog/2019/11/05/iso-22301-transition-from-2012-to-2019-revision-is-it-needed/
-
ISO that regulates the Guideline from the application of ISO 17025
Your questions is not very clear to me. If you are asking if there are any other ISO standards that require mandatory ISO 17025 accreditation, as part of their requirements; then the answer is no. There are a number of standards or programmes, either mandatory or voluntary for certain sectors, that may require that any required testing or calibration activity is performed by an ISO 17025 laboratory. An example is GLOBALG.A.P. - The Worldwide Standard for Good Agricultural Practices.
ISO 17025 is part of the Conformity assessment family of standards (ISO 17000 family), however each has it’s own specific purpose. ISO 17025 promotes confidence in the operation of laboratories through a guideline of requirements to support the competence, impartiality and consistent operation of laboratories. Accreditation bodies attest to the competency of laboratories through the process of accreditation.
-
Statement of Applicability
When going for the certification audit, you should have most of your controls implemented, and make sure that controls that mitigate the biggest risks are fully implemented, or the certification auditor can consider that the ISMS is not ready for certification yet.
In other words, you can leave only a smaller number of less significant controls to be implemented after the certification. In your case, you have to ask risk owners to accept the residual risks related to this control still "in progress".
This article will provide you a further explanation about certification:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
This material will also help you regarding certification:
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
-
Implementing ISO 9001 when ISO 22000 is already in place
While ISO 9001 has as its purpose meeting and improving customer satisfaction. ISO 22000 has as its purpose food safety.
I can understand that an organization applies to both certifications since they have different purposes and can signalize different messages to interested parties.
The following material will provide you more information about ISO 9001:2015:
- Article - Similarities and differences between ISO 9001 and ISO 22000 - https://advisera.com/9001academy/blog/2018/11/20/similarities-and-differences-between-iso-9001-and-iso-22000/
- Article - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
Are intermediate checks required for calibration laboratories?
A calibration includes evaluation of measurement uncertainty and provides metrological traceability to SI units. The purpose of intermediate checks is to maintain confidence in the calibration status of measuring and test equipment in-between calibrations. This, for some applications may be daily, and others before use. An example is the verification of the performance of a calibrated balance by using calibrated mass pieces in the working range for the measurement. Where results are favourable, intermediate checks can provide justification for the extension of calibration intervals.
All laboratories, both testing and calibration must have a procedure to perform intermediate checks when necessary to maintain this confidence in the performance of equipment. “When necessary” will depend on the nature of the equipment and the purpose of the measurement. When a calibrator (reference standard or certified reference material) is used every time before a measurement, a calibration is being performed – no need for any “intermediate” checks.
For more information on associated calibration intervals, refer to ILAC G24:2007 Guidelines for the determination of calibration intervals of measuring instruments (note currently under revision) available for download at https://ilac.org/?ddownload=818
and the ISO 17025 document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure// -
ISO 9001 benefits
ISO 9001:2015 can benefit an organization through:
- a better definition and standardization of processes;
- a common and explicit set of priorities around a strategic orientation translated into a set of objectives;
- a focus on customer and other interested parties’ satisfaction;
- developing a basis for evidence decision making;
- an improvement of credibility and image.
The following material will provide you more information:
- Article - Gaining employee buy-in for your ISO 9001:2015 implementation - https://advisera.com/9001academy/blog/2015/12/15/gaining-employee-buy-in-for-your-iso-90012015-implementation/
- Article - What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
- Article - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/