Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Applicability of A.10.1 Cryptographic Controls

    If you are referring to SSL certificates, then control A.10.1.1 Policy on the use of cryptographic controls is probably applicable to you, while control A.10.1.2 Key management may not be applicable because you are not handling keys. 

    But you primarily need to assess your risks, and analyze requirements to define which controls are applicable and which not. 

    Here are a couple of helpful articles:

  • A6 Internal Organisation

    If your question is about if you need to prepare a documentation for data breach, then from the perspective of ISO 27001 you do not need to do it because ISO 27001 does not require such documents. 

    Depending on the country/state you are based in, such documents might be required because of local regulations - for example, EU GDPR requires you to have some documents for data breach, see this article: List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/

    In this EU GDPR Toolkit you'll find all the required templates: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ 

  • Clause 5.4 consultation and participation of workers

    When discussing consultation and participation of workers in clause 5.4 of ISO 45001, the standard refers to workers’ representatives, where they exist. So, the ISO standard is not dictating that you have workers’ representatives, or how you determine them. The reason for this is that the rules for worker representatives in laws around the world are very different, and you must turn to the local laws if you want a definitive answer on how many worker representatives you need and how you choose them.

    If you do not have a legal requirement, and wish to put worker representatives in place anyway, then how you choose them needs to be determined by you, the ISO 45001 standard does not have any requirements around this. A general rule of thumb for setting your own rules would be to ask yourself “How many representatives do we need, and how should they be distributed across departments, so that the consultation of all workers can happen effectively?” Remember, the production department is not the only place with OH&S rules and hazards.

    For more on implementing clause 5.4, see the article: How to meet participation and consultation requirements in ISO 45001, https://advisera.com/45001academy/blog/2016/03/16/how-to-meet-participation-and-consultation-requirements-in-iso-45001/

  • ISO 17025 for internal quality control laboratory

    Certainly, we will guide you how to adapt the toolkit for your special circumstances - in the price of the toolkit, we include one-on-one consultations, document review, and unlimited email support - we will tell you which steps to take and what to pay attention to when implementing the standard.

    The toolkit is suitable for any testing laboratory that is wanting to implement ISO 17025:2017 and seek accreditation, irrespective of whether they have external customers; or as in your case, are an in-house Quality Control laboratory, where the factory/manufacturing plant is your customer. In some ways it is simpler implementing for an inhouse laboratory, for example, meeting reporting requirements is easier.

    Note that while we offer advice on using the ISO 17025 toolkit to implement your management system, as well on how to integrate the toolkit and ISO 17025 with other Management Systems you may have; the scope of the toolkit and our expertise is ISO 17025, not Food Safety (ISO 22000) or HACCP (Hazard Analysis and Critical Control Points) certification.

    Here is a detailed description of the toolkit, you can also download the free demo: ISO 17025 Documentation Toolkit https://advisera.com/17025academy/iso-17025-documentation-toolkit/

  • COBIT, ITIL and ISO27001 comparison

    Here are a couple of materials that can help you: 

  • ISO 22301 Base policy

    If you are using our ISO 27001 / ISO 22301 Documentation Toolkit, you can find the ISO 22301 documents in the folder "08 Annex A Security Controls" - "A.17 Business Continuity" - there you will find the Business Continuity Policy, and ca 20 other business continuity documents. 

    By the way, in the root folder of the toolkit you will find the "List of documents" which lists all the documents within the toolkit, as well as their folder location, and the related clause of the standard. 

  • BCM Manager tasks

    To implement ISO 22301 you will need to follow the steps explained in this article: 17 steps for implementing ISO 22301 https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/

    These materials will also help you: 

  • Implementation timeframe

    The time for the implementation depends on the size of your company:

    • Very small organizations (up 10 employees) usually implement the standard in up to 4 months
    • Smaller organizations (up to 50 employees) usually implement the standard in 4 to 8 months
    • Mid-size organizations (up to 500 employees) usually implement the standard in 8 to 12 months
    • Large organizations (500 employees and more) – implementation usually lasts 12 to 15 months

    You can find more details here: How long does it take to implement ISO 27001 / BS 25999? https://advisera.com/27001academy/blog/2011/11/08/how-long-does-it-take-to-implement-iso-27001-bs-25999/ 

  • ISO 17025 Lead Auditor Certification

    As you are performing internal audits on behalf of laboratories for their ISO 17025:2017 management system purposes, not on behalf of a certification body, ISO 17025 Lead auditor certification it is not mandatory. It is important, however, if your customers’ require it; or you see it as a means to further develop your skills and career. As per ISO 17025:2017 clause 6.6, Externally provided products and services; the requirement is that as an external provider, you should be competent (able apply your knowledge and skills) to perform the contracted tasks and provide a service that meets the laboratory’s need. The laboratory must communicate to you the reason they are contracting you and the qualification and competence required. This should include if they require you to have lead auditor certification or not. 

    If you choose to obtain ISO 17025:2017 Lead Auditor certification; select a suitable course offered by an approved Training Partners of an international certification body such as Exemplar Global (formally RABQSA) or IRCA (The International Register of Certificated Auditors). 

    As ISO 9001 is incorporated into the ISO 17025:2017 Management requirements and ISO 17025 Lead Auditor certification courses may not be as readily available as ISO 9001, you may consider starting by enrolling in the free ISO 9001 Lead Implementer Course. It is available at https://advisera.com/training/iso-9001-lead-implementer-course/

    There is information about certification on that page and you can also have a look at Advisera’s Certification FAQs at https://advisera.com/training/eu-gdpr-courses/

  • Risk Assessment

    All the products you mention are templates in MS Excel - therefore, you can adapt them (or merge them) as you see fit, and you can copy and paste the data from one document to another. 

    On the landing page of each of those documents you can see a free preview and download a free demo of each document:
Page 456-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +