Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Business continuity management questions

    Hello, I work in management systems consulting and I want to inform myself of information in this business continuity manual, queries:

    1. what kind of incidents can disrupt the business?

    A disruptive incident is any event that can prevent the business to deliver its products or services, or prevent it from achieving its objectives, for an unacceptable period of time. Considering that, without more information about business nature we cannot offer a more precise answer than a natural disaster, or loss of facilities or essential personnel.

    For more precise identification, you should perform a risk assessment, to identify unacceptable risks relevant to your business.

    For more information, see:

    2. Does it only refer to information security? or risks associated with the specific business must be identified.

    Business continuity refers to any risks that can compromise the business, so it covers not only information security risks but any other risks relevant to the organization (e.g., operational, environmental, etc).

    3. Taking into account that we live in XXXX where there are no earthquakes or volcanoes, no snow, there can only be a strong storm is the scope of this oriented emergency planning and evacuation and information security?

    Besides natural events, you also have to consider intentional and unintentional man-made events (e.g., strikes, terrorism, vandalism, accidents, etc.)

  • Opencast procedure

    I have no experience in mining. I would gather a set of participants with knowledge about what happens and with sticky notes I would ask them to describe the main activities of the opencast process.

    Then, for each main activity I would ask them to describe what is done, by whom, with what equipment, under which rules, using which records. Please check in the following free webinar on demand the use of the turtle diagram to collect information about a process - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/

  • Documenting policies

    ISO 27001 does not prescribe how documents should be grouped, so organizations are free to use the approach that better suits them. Our general recommendation is to put policies together only up to the size the document is manageable. People tend not to read large documents, and they also are difficult to handle in case they are in physical format.

    This article will provide you further explanation about documenting policies:
    - One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

    This material will also help you regarding documenting policies:
    - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • ISMS documents

    If I understood correctly, it seems to you that some documents are missing.

    Considering that, Advisera's ISO 27001 Documentation Toolkit does not have a document for each and every control from ISO 27001 because of the following reasons:

        1) ISO 27001 does not require each and every control to be documented
        2) If the toolkit had a document for each control, there would be too many documents, and this would be an overkill for smaller and mid-size companies.

    Since our targets are SMEs, we have decided to include an optimum amount of documents for companies of this size - the toolkit includes:

        All the mandatory documents - e.g. Information Security Policy, Statement of Applicability, Risk Assessment Methodology, Access Control Policy, etc.
        Documents that are not mandatory, but are commonly used - e.g. BYOD Policy, Classification Policy, Password Policy, Backup Policy, etc.

    You can see a full list of documents included in the toolkit in the list of documents file in your toolkit.

    In case your organization needs a document not included in the toolkit, you can use the blank template included in the toolkit to write the document yourself, send us an email asking the specific questions about this new document, or schedule a meeting with one of our experts, so he can help you to write the document. You can schedule a meeting at this link: https://advisera.com/27001academy/consultation/

  • ISO 9001 / Cost of Quality

    No, neither ISO 9001:2015 neither ISO 9000:2015 define “Cost of Quality”.

    For example, the term “cost of quality” is used in this article - How to measure the cost of quality in line with ISO 9001 principles - https://advisera.com/9001academy/blog/2019/10/28/cost-of-quality-how-to-measure-it-in-line-with-iso-9001/ Before ISO 9001 I used the term “cost of quality” as a designation to the sum of cost of quality prevention (like training), quality control (like controller’s wages) and quality failure (like cost of defects and rework).

    Cost of quality can be a quality objective.

    Below, you can find more information about quality objectives:

    - How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
    - Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Quality objective

    Good quality objectives derive from the quality policy. A good template should test this condition: which commitment of the quality policy is executed through this quality objective?

    Good objectives should comply with the S.M.A.R.T (specific, measurable, achievable, realistic and time-based) test. A good template should test these conditions.

    In my work with organizations I also include a time chart to answer to three important questions: what to do, by whom and until when.

    A good template should also clarify upfront what resources are available to meet the objective.

    Below, you can find more information about quality objectives:

    - How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
    - What has changed with quality objectives in ISO 9001:2015? - https://advisera.com/9001academy/blog/2018/05/08/what-has-changed-with-quality-objectives-in-iso-90012015/
    - Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • BRM roles

    Business Relationship Manager has following respoinsibilities:

    • It coordinates activities with other Service Management roles and processes
    • Identifies customer needs and ensures that company is able to meet those needs
    • Ensures high level of customer satisfaction
    • Establishes and maintains communication and constructive relationships with customers
    • Understands customers and their business needs, recognizes new opportunities 
    • Serves as a mediator for conflicts
    • takes care about Customer satisfaction survey and Customer complaints

     

    Following article can help you further: "ITIL Business Relationship Management – Know your customer" https://advisera.com/20000academy/blog/2014/05/14/itil-business-relationship-management-know-customer/

  • Risk assessment and treatment

    The Risk Assessment and Risk Treatment template is fully compliant with ISO 27001 requirements and is accepted by all certification bodies that have performed the audits on companies that use our toolkits.

    However, please note that ISO 27001 does not prescribe how risk must be scored (only that consequence and likelihood must be assessed to determine risk), so if the approach used by your consultant fulfills the standards requirements it will also be acceptable by certification bodies. Please be aware that we offer the simplest method available, while consultants typically prefer more complex risk assessment methods.

    This article will provide you a further explanation:

  • Change management

    Included in your toolkit there is a Change Management Policy which can help you define how changes to the information systems are controlled, fulfilling requirements of control A.12.1.2 Change management from ISO 27001 Annex A. This template covers the minimum requirements for managing changes, so it can be adapted to include any specificity regarding CI/CD

    You can find this template in folder 08_Annex_A_Security_Controls >> A.12_Operations_Security

    This article will provide you a further explanation about the change management:
    - How to manage changes in an ISMS according to ISO 27001 A.12.1.2 https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/

  • Access control

    ISO 27001 does not prescribe which roles must define access rights, only that such accesses must be defined, so organizations are free to designate roles as best fit them.

    Common practice is that the person with the most knowledge of the value of the information to be accessed should define the access rights, taking into account the access need to perform business activities, and applicable legal requirements. IT staff normally assumes the role to implement defined accesses.

    For example, access rights to financial information should be defined by Financial Manager, while access to salary information should be defined by the HR manager.

    This article will provide you a further explanation about access control:
    - How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
Page 442-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +