Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11272 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Project before implementation

For performing a gap analysis against ISO 27001 requirements, I suggest you take a look at our ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

It is a simple question-and-answer format that allows you to visualize which specific elements of an information security management system you’ve already implemented, and what you still need to do.

In case you are a small company, the scope of the implementation will most probably be their whole company because this will be the easiest for the implementation.

This article will provide you a further explanation about the gap analysis:
- ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
Statement Of Applicability

From our experience with our customers, smaller companies are usually at ca 100 controls, while larger ones are usually above 110.

But please note that the main criteria considered by certification bodies to justify controls applicability are results of risk assessment and applicable legal requirements (e.g., laws, regulations, and contracts).

It is important to understand that because you can have similar organizations with totality different quantity of applicable controls (above or below the mentioned numbers), because they have different approaches towards risks (e.g., more risk aggressive, more cautious, etc.), and still both can fulfill the standards criteria for certification.

For further information, see:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
This material can also help you:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Información documentada

En la última versión de la norma ISO 9001:2015 se habla únicamente de "información documentada", esta información documentada puede ser mantenida, en este caso se trataría de lo que antes denominábamos documento, o la información documentada puede ser retenida, que se trataría de lo que antes conocíamos por registro. Dicho esto, existen una serie de documentos y registros que son obligatorios para cumplir con los requisitos de la norma ISO 9001:2015 y que puede encontrar en el siguiente artículo junto con la cláusula correspondiente:

- Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

Otros materiales que pueden serle de utilidad para enteder la documentación obligatoria en ISO 9001:2015, son los siguientes:

- Lista de verificación de la documentación requerida obligatoria por ISo 9001:2015: https://info.advisera.com/9001academy/es/descarga-gratuita/lista-de-verificacion-de-la-documentacion-requerida-obligatoria-por-iso-90012015

- Curso gratuito en línea - Fundamentos de ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Libro - Gestión de documentación ISO: una guía en un lenguaje sencillo: https://advisera.com/books/gestion-de-documentacion-iso-una-guia-en-un-lenguaje-sencillo/
Importance of ISO 9001 for Senior Management

What Senior Management wants to hear (and does understand) is profit, market share, client satisfaction, cost cutting, business strategy, and business risks. So, if you want to sell ISO 9001 implementation to Senior Management you should consider translating ISO 9001 benefits into a language that they understand. Consider this article - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/ and try to translate each benefit into tangible results:
- Extra revenue from winning new customers that require ISO 9001 certification or implementation;
- Reducing costs due better efficiency;
- Less lost clients due to quality problems and complaints
You can find more information about ISO 9001 below:
- How to budget an ISO 9001 implementation project - https://info.advisera.com/9001academy/free-download/how-to-budget-an-iso-9001-implementation-project?utm_source=script-for-iso-9001-lead-implementer-course&utm_medium=downloaded-content&utm_content=lang-en&utm_campaign=free-downloads-9001
- Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/ may be useful
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Internal audit against all clauses of the standard

During the certification audit, you need to provide evidence that you are fulfilling all standard requirements (from sections 4 to 10), and has implemented all controls stated as applicable in the Statement of Applicability.

Considering that, by not performing a full internal audit before the certification audit you are not fulling clause 9.2 b), because you are not ensuring all elements of the ISMS are effectively implemented and maintained.

After certification, you only need to align the internal audit activities according to the schedule of the surveillance audits, because the schedule will define what will be audited each year before the next certification audit.

These articles will provide you a further explanation about internal audit:
- Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
How does IT prioritize the individual systems within each activity that IT has to enable?

Please note that after finishing the analysis you have activities prioritized and impacted assets, but you still did not decide on the strategy on how to provide those resources, so it is not possible to go directly to definition of resources to support the continuity and recovery plans.

For example, to support an 8 hour RTO, an organization can go for its own alternative site or work with a third-party provider, each option will have different resources to be allocated.

In another scenario, to ensure data availability, alternatives may be backup copies kept in another site, or outsource backup.

The main solution, i.e., the strategy, is decided by the top management, with support of business continuity staff, and only after that, you can start to think about resources to be allocated.

This article will provide you a further explanation about business continuity strategy:
- Can business continuity strategy save your money? https://advisera.com/27001academy/blog/2010/03/15/can-business-continuity-strategy-save-your-money/

This material will also help you regarding business continuity strategy:
- Developing the business continuity strategy according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-22301-free-webinar-on-demand/
Advantages and disadvantages of certification against ISO 27001 standard

I loved how you said that ISO 27001 certification can give you an enhanced competitive edge. My sister was at my house last night for dinner, and she was wondering what she could do to make her company. I'll pass this information along to her so that she can look into getting ISO 27001 certified.
Fire exit plan and ISO 14001

No, it is not mandatory, according to ISO 14001:2015, to have a written fire exit plan in a manufacture. Please check clause 0.5 where it states that ISO 14001:2015 does not include requirements specific for occupational health and safety.

Has a fire been identified as a relevant abnormal possible situation? Were environmental aspects and impacts related with fire determined and evaluated? Were they considered significant? If yes, the only requirement from ISO 14001:2015 is an action plan to prevent or mitigate the environmental impacts.

Please check below information about ISO 14001:2015:
- Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
Levels of ISO standards

There are no ISO 9001:2015 prescribed levels to determine the quality of raw materials, product, process and service. Each organization has the authority to determine the required levels based on complexity, experience of employees, past performance of suppliers, ability to detect problems and their impact on customer satisfaction or internal costs.

You can design the flow of activities from raw materials reception until product delivery to customers and then, based on the risk-based approach, you can ask:
- What can go wrong in this step?
- What can be the consequences?
- How easy it is to detect that wrong?
From here one can design a quality control plan. Don’t expect getting everything right at the first attempt. Use monitoring and measurement to fine tune frequency, sample size and verifications in the quality control plan.

You can find more information below:
- Article - Making the best out of ISO 9001 Quality Plan - https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
- Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11272 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Project before implementation

Statement Of Applicability

Información documentada

Importance of ISO 9001 for Senior Management

Internal audit against all clauses of the standard

How does IT prioritize the individual systems within each activity that IT has to enable?

Advantages and disadvantages of certification against ISO 27001 standard

Fire exit plan and ISO 14001

Levels of ISO standards

Didn’t find an answer?