Search results

ISO 27001 toolkit - which standard is it compliant with?

Advisera's ISO 27001 toolkits are compliant with ISO 27001:2013 - this standard was reviewed in 2019 by ISO and was confirmed as the current standard, which means that no changes have been made to the initial 2013 revision. For more information, please see the official ISO 27001 page: https://www.iso.org/standard/54534.html

Please be aware that standardization bodies of some countries have re-published ISO 27001 in a different year (e.g. ISO 27001:2016, ISO 27001:2017, etc.), however, the text of the standard has remained identical in all those standards. See more here: European 2017 Revision of ISO/IEC 27001: What has changed? https://advisera.com/27001academy/blog/2017/10/25/european-2017-revision-of-isoiec-27001-what-has-changed/

ISO/IEC 27701 Privacy information management standard

ISO 27701 is not mandatory, and it doesn't change nor influence the implementation of ISO 27001 and GDPR . Therefore, by using our toolkits you will be fully compliant with ISO 27001 and/or EU GDPR. 

As with any new standard, it remains to be seen if ISO 27701 will become popular, i.e. useful. Of course, we're considering it, and will most probably publish some articles and free webinars on this topic. 

Action plan for non-conformity

To prepare a corrective action to treat a non-conformity you need to:

• Define the problem
• Define the scope
• Containment Actions
• Find the Root Cause
• Plan a Corrective Action (steps needed to eliminate the root cause of the problem)
• Implement the Corrective Action
• Follow up to make sure the Plan worked

This article will provide you further explanation about corrective actions:
- Seven Steps for Corrective and Preventive Actions to support Continual Improvement https://advisera.com/9001academy/blog/2013/10/27/seven-steps-corrective-preventive-actions-support-continual-improvement/ (although this article is about ISO 9001, the same concept applies to ISO 27001)
 
This material will also help you regarding corrective actions:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/

ISO 13485 vs. ISO 9001

No, you can not relay completely to ISO 9001:2015 because ISO 13485 does not have the same structure as ISO 9001 (ISO 9001:2015 has 10 sections, while ISO 13485 still have 8). Also, ISO 13485 has some specific requirements (like requirements for sterilization, implantable medical devices, service or installation). So, you need to get acquainted in details with ISO 13485:2016.

For more information please read the following articles:

ISO 9001 vs. ISO 13485 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/

What are the ISO 13485 structure and requirements https://advisera.com/13485academy/what-is-iso-13485/

What are the requirements for Production and service provision process in ISO 13485 https://advisera.com/13485academy/blog/2017/12/13/production-and-service-provision-process-in-iso-13485/

E-mail use

ISO 27001 does not prescribe specific rules on email security, only that related unacceptable risks are treated. Considered that, it is possible to create exclusions for the use of email service to fulfill this specific need, provided that unacceptable risks related to e-mail forwarding/relay are treated.

Condominium administrator

I really don't think it is necessary for the owner and tenants to attend this course as the GDPR is not applicable to household processing of personal data.

I think that the only interested party should be the representatives of the company administering the property.

However, if you want to find out more about the EU GDPR check out this free EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).

Document signatures requirement

Please check ISO 9001:2015 clause 7.5.2 c).

There are no requirements about how many signatures are needed. So, it is up to your organization to decide.

As a minimum, one signature by document can evidence check and approval simultaneously. Or, your organization can decide to have two signatures by document, one for check and another for approval. Or, your organization can decide to have three signatures by document, one for writing, other for checking and another for approval.

The following material will provide you more information about document control:

- Article - New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Enroll for free in this course -  ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
 

AS9100 Revision C vs Revision D

The biggest change in the AS9100 standard from Rev C to Rev D is the incorporation of ISO 9001:2015, which brings in some necessary processes like identifying the context of the organization, identifying the needs and expectations of interested parties, as well as risk-based thinking at the top level. Additionally, they have brought in aerospace requirements for controlling counterfeit parts and product safety.

For more detail please see the articles: AS9100 Rev D vs. Rev C: What has changed?, https://advisera.com/9100academy/knowledgebase/as9100-rev-d-vs-rev-c-what-has-changed/  and 12 Steps to transition from AS9100 Rev C to Rev D, https://advisera.com/9100academy/knowledgebase/12-steps-to-transition-from-as9100-rev-c-to-rev-d/

Exemption for design clause 8.3

I believe it is a common situation among manufacturers that work for brands. The customer (the brand) designs and specifies the product, the manufacturer because of any of several motifs can suggest changes. Changes have to be validated by the customers. So, the final word on the product and the final responsibility is always on the customer side. In these cases, exemption for design clause 8.3 is applicable.

The following material will provide you more information about scope and clause applicability:

- Article - What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- Free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Enroll for free in this course -  ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Vendor risk management career

Considering ISO standards, you should focus on courses related to ISO 27036, which covers information security for supplier relationships: https://www.iso27001security.com/html/27036.html 

This standard provides guidance on the evaluation and treatment of risks involved in the acquisition of goods and services from suppliers.

For additional information about supplier security, see:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/