Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Adoption of ITIL

    Selling the idea of implementing ITIL should emphasize the high-level as well as „low-level“ benefits.

    Here are a few articles that could give you an idea of how to explain potential benefits (please note, some are ISO 20000 related, but the content fits perfectly with ITIL implementation):

    • How to translate ITIL/ISO 20000 language into business language understandable by your management https://advisera.com/20000academy/blog/2016/03/01/how-to-translate-itiliso-20000-language-into-business-language-understandable-by-your-management/
    • How to make your investment in ISO 20000/ITIL profitable https://advisera.com/20000academy/blog/2017/05/18/how-to-make-your-investment-in-iso-20000-itil-profitable/
    • 4 Crucial Techniques for Convincing your top Management to Implement ISO 20000 https://advisera.com/20000academy/blog/2017/10/31/4-crucial-techniques-for-convincing-your-top-management-to-implement-iso-20000/
    • ITIL Incident Management benefits – Simple explanation for your top management https://advisera.com/20000academy/blog/2015/11/24/itil-incident-management-benefits-simple-explanation-for-your-top-management/
    • 5 benefits of ITIL Change Management implementation https://advisera.com/20000academy/blog/2016/06/21/5-benefits-of-itil-change-management-implementation/

    • Using HLS to combine 27001 with other standards

      I'm assuming that by HLS you mean High-Level Structure.

      Considering that, please note that all ISO management systems reviewed/released since 2012 have the same basic structure:

      • organizational context
      • leadership 
      • planning 
      • support
      • operation 
      • performance evaluation 
      • improvement 

      This allows the standards they make use of similar requirements, which makes requirements mapping integration easier.

      For further information, see:

    • If 27001 was fully implemented and certified, would you pass a SOC 2 type 2 attestation?

      Being certified against ISO 27001 does not ensure full compliance with SOC 2 type 2.

      Please note that ISO 27001 can help implement some SOC 2 requirements, but SOC 2 has requirements of its own that are not covered by ISO 27001.

      For further information, see:

    • ISO 27001 certification needed

      From your question I'm assuming you are referring to the following training: foundations, internal audit, lead auditor, and implementer.Considering that, you should consider at least the Foundations course, to have an understanding of the standard's requirements, and internal audit, to know how to audit the standard.

      The lead auditor and implementer courses are more related to those who want to have a career in ISO 27001.  

      For further information, see:

    • Could your toolkit be applied to public second-floor bank?

      Yes, the EU GDPR Documentation Toolkit can also be applied to a bank. The EU GDPR Documentation Toolkit was designed to help any organization become GDPR-compliant by following a step-by-step approach, filling in the templates in each directory. The toolkit contains all the documents needed for GDPR compliance, what is really important is to follow the steps indicated in the project template document, to map all the personal data processing operations in the organization, identify all the risks related to personal data processing, perform DPIAs and address all the risks with technical and organizational measures. We also have articles and courses that can help you better understand GDPR requirements.

      Please also visit these links:

    • ISO 27001 change process: 2013 to 2022

      ISO 27001 does not prescribe how to format documentation, so organizations are free to format them as best fit their needs.

      Considering that, there is no need to change the structure of your documentation. You only need to make sure references to specific controls are updated accordingly (e.g., a reference to control A.11.1.1 Physical security perimeter should be updated to A.7.1 Physical security perimeters). Regarding new controls, you can incorporate them into our existing documentation as it is.

      For further information, see:

    • Confidentiality Level & the ISO 27001 Standard

      1 - Should all documents have a confidentiality level?

      First is important to note that defining confidentiality level for documents is necessary only if control A.5.12 Classification of information is identified as applicable in the Statement of Applicability.

      Considering that, only documents with information considered relevant to the Information Security Management System scope must have a confidentiality level.

      For example, in case financial information is not included in the ISMS scope, then documents with financial information do not need to have a confidentiality level.

      This article will provide you with a further explanation of information classification:

      2 - Also in the standard Annex A there is a table of 'A' numbers, example A.12.1.3 how do I link these to the clauses in the standard? Example 9 Performance evaluation?

      Please note that there is no connection between individual clauses to particular controls.

      This is so because the purpose of the main part of the standard (clauses 4 to 10) is to manage security (e.g., risk management, internal audit, etc.), whereas the purpose of Annex A is to decrease risks with controls. 

      For further information, see:

    • MSA for multi measurement function equipment

      I would like to higlike for this topic, If the mesaurement equipment has been associated in control plan(s) and CPs specified mutliple measurement function unit you have to undertake MSA study for each functinal unit.

    • Trying to map additions

      1 - I have the new Advisera ISO 27001 2022 Toolkit. I am trying to map additions caused by the new version of the ISO 27001 2022 standard’s main part (clauses 4 to 10) from the Toolkit, e.g., 6.3 and 8.1 among others, but cannot seem to find them.

      Are the standard’s changes such in nature that they can be seemed already included to the old version of the document templates? or why I cannot find them? 

      Answer:  Your first assumption is correct. Please note that changes in the main clauses of the standard are minor and require no changes in the templates like ISMS Scope, top-level Information Security Policy, Risk assessment methodology, etc. 

      2 - Can ISO 27001 2013 certified company make all the changes required for the new ISO 27001 2022 version, and if compliant, certify against 2022 version in the middle of the 3 year validity period in one of the surveillance audits?

      Answer: Yes, you can make the transition to the 2022 revision during a surveillance audit, but latest by October 2025.

      For further information, see:
      - ISO 27001 2013 vs. 2022 revision – What has changed? https://advisera.com/27001academy/blog/2022/02/09/iso-27001-iso-27002/

      3 - It probably is required to have internal audit done against 2022 version before certification?

      Answer:  Your assumption is correct. You will need to perform an internal audit against the 2022 version before certification.  

    • Procedure for document and record control

      Please note that in the text you presented, the fields represent the way you use to record external documents used by the organization, considering physical and electronic forms (details about how to fill in the document can be found in its document wizard).

      For example, for physical media, you can use a register of external correspondence, and for electronic documents, you can use Customer Relationship Management software.

      In case you have a small number of external documents to manage, you can use Conformio to make such control.
Page 48-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +