Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Incident and problem tracking and recording
Tools are great help while implementing ISO 20000 and/or ITIL. Use them to automate your procedures, record activities and create documents and records required by the standard. Here is an article that can help you with this topic: 5 things to beware of when selecting an ITSM tool https://advisera.com/20000academy/blog/2016/03/08/5-things-to-beware-of-when-selecting-an-itsm-tool/
But, there is no requirement that tools need to be "certified" on the standard or the framework (which is very arguable topic, anyways). Also, using two tools (for IT Service Management and/or ISO 20000 based SMS implementation) is counterproductive. Quite contrary, such approach will cause more problems than it will help.
-
ISO 9001 pasos de certificación
Los pasos a seguir en la implementación y certificación son los siguientes:
1. Obtener el apoyo de la alta dirección que proporcione los recursos necesarios.
2. Identificar los requisitos de ISO 9001:2015 con los que tiene que cumplir la organización.
3. Definir el alcance de la organización, es decir los límites del sistema de gestión de calidad.
4. Definir los procesos y procedimientos necesarios para cumplir con la norma ISO 9001:2015 y asegurar resultados coherentes y adecuados con respecto a la calidad.
5. Implementar esos procesos y procedimientos que se han definido.
6. Llevar a cabo programas de formación y concienciación.
7. Elegir una entidad certificadora.
8. Operar el sistema de gestión de calidad y llevar a cabo las mediciones necesarias.
9. Llevar a cabo la auditoria interna
10. Realizar la revisión por la dirección.
11. Llevar a cabo las acciones correctivas pertinentes.
12. Realizar la auditoria de certificación, primero la fase 1 donde principalmente se revisa la documentacióny después la fase 2, que puede llevar varios días, donde se revisan los registros, procesos, etc..
En este artículo puede encontrar más información sobre los pasos a seguir - Checklist of ISO 9001 implementation and certification steps: https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
Para llevar a cabo el proyecto de implementación de la norma le recomiendo que primeramente atienda algún curso, como por ejemplo el de curso de Fundamentos ISO 9001:15 u otro más completo, como el de Implementador Líder (sólo disponible en inglés) - ISO 9001 Lead Implementer Course: https://advisera.com/training/iso-9001-lead-implementer-course/
Además estos materiales pueden ayudarle en la implementación y certificación de ISO 9001:2015:
- Libro - Descubra ISO 9001:2015 a través de ejemplos prácticos: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
ISO 9001 Support Documents for Business Continuity Management
ISO 9001:2015 does not require Business Continuity Management. However, due to an explicit customer requirement or due to a risk analysis outcome an organization can decide to do Business Continuity Management.
Some years ago, working as a consultant for a subcontractor of an electric power company, we had to apply Business Continuity Management to minimize disruption during and after important storms. We used as a basis for work ISO ISO 22301. In this article - The basics of ISO 22301 - https://advisera.com/27001academy/what-is-iso-22301/ - you can see that the 2019 version has a similar structure to ISO 9001:2015. Although not mandatory, as you can see in the article, a good disruption risk determination register and its assessment and business continuity plans seem to me very important for learning and improvement. Perhaps this other article could be useful for you - 17 steps for implementing ISO 22301 - https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/
-
ISO 27001 helping in implementing ISO 22301
ISO 27001 and ISO 22301 are quite compatible, so that risk management, document control, internal audit, management review, corrective action, human resource management and measurement can be used in common for both of these standards.
These materials will help you:
- ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/es/webinar/iso-27001-iso-22301-why-is-it-better-to-implement-them-together-free-webinar-on-demand/
- Can ISO 27001 risk assessment be used for ISO 22301? https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/
- ISO 27001 & ISO 22301 Premium Documentation Toolkit https://advisera.com/27001academy/iso-27001-22301-premium-documentation-toolkit/
-
ISO 13486:2016 certification for a machine
You have to see that with the manufacturer of that device. There is no any restriction from the standard to do this, but you will need to seek permission from the manufacturer itself for this.
-
Ways to define ISMS scope
Here are the answers:
What are the concrete methods and ways to define a good ISMS scope
You need to identify in which part of your company is your most valuable information - see the details here: How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
what steps need to be taken while identifying the risk
Here's the article that will help you: ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
and while writing the policies itself
Here are the articles that will help you:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
Copyright notice
This relates to the copyright notice in the footer of the document(s) as well as copyright notice in properties of the particular document.
-
Position and Function of an information security specialist
I assume that by "graduate" you mean a student that has graduated from an university.
ISO 27001 has no requirements in this respect - usually, people with less experience could be a part of a security team, but not lead the security team.
Here are some articles that can help you:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
These materials will also help you on how to position yourself in ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
ISO certification code
You can ask an organization a copy of their certificate. Check the name of the certification body and verify if its name is in any list of an accreditation body recognized by the International Accreditation Forum (IAF). If that certification body is working with an accreditation body recognized by the IAF you can contact them and confirm if their certificate is valid or not. Sometimes certification bodies issue lists with the name of certified organizations. In that case you can search the name there.
The following material will provide you more information about solving doubts around a certificate validity:
- How to know whether ISO 9001 certificate is valid? – https://advisera.com/9001academy/blog/2018/05/23/how-to-know-whether-iso-9001-certificate-is-valid/- Free webinar – ISO 9001:2015 clause 4 – Context of the organization, interested parties, and scope – https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/- Enroll for free course – ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
SaaS products
Basically, you need to include in the ISMS scope the cloud elements you can control - this article will provide you with details: Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/