Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Toolkit choice

    1. What package should we buy, if only one of our customers is asking us to be certified in ISO 27000, because they have access to an IBM SaaS that we sell them

    Answer: Considering your stated context, the proper toolkit would be the ISO 27001 Documentation Toolkit, which you can see a demo of its templates at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

    Many of our clients for that toolkit are SaaS companies.

    2. Once purchased, on how much time according to your experience, we can obtain certification for this purpose

    The duration of implementation project varies according many variables (e.g., available resources, experience with standard's requirements, top management involvement, etc.), but for small and medium-size organizations the implementation generally varies from 3 to 12 months.

    To get an insight about the time duration for you organization, please access our ISO 27001/ISO 22301 Implementation Duration Calculator at this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/

    This article will provide you further explanation about implementation process:

  • Valuating criteria through formula for BIA

    Hello, I would like to know the following: can you explain the obtaining of the values of the different criteria: Financial, regulatory, at. customer, through a formula.

    This must be considered under context of ISO 22301

    I'm assuming you are referring to valuation of these criteria in the Business Impact Analysis.

    Considering that, there is no definitive formula to value them, because each organization context may consider different variables. For example:

    - Financial: cost of raw materials + cost of final products + cost of equipment, etc.

    - Regulatory: fines + lawyers cost + costs of court proceedings, etc.

    - Customers: contractual fines + loss of revenue, etc.

    For further information, please read:

    - How to implement business impact analysis (B IA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

  • Verify an ISO 9001 certificate

    You can ask them their certificate or get a copy. Check the name of the certification body and verify if its name is in any list of an accreditation body recognized by the International Accreditation Forum (IAF). If that certification body is working with an accreditation body recognized by the IAF you can contact them,and confirm if their certificate is valid or not.

    The following material will provide you more information about solving doubts around a certificate validity:

  • Creating risks list

    Thak you Rhand Leal,  now,

    How can I cross or related  the assets identified in the SOA with the Risk Treatment Plan?  The order in which I should write each activity in the plan is the order in which they are in the SOA?  Should I  just write the asset name or rather the activity name to be done to decrease the risk ?  and specify what, who, when, how, timing, status, etc.  

  • Documentos requeridos por la cláusula 4

    Los documentos que requiere la norma ISO 9001:2015 en la cláusula 4 son los siguientes:

    • Cláusula 4.3 – Documento del alcance del sistema de gestión de calidad
    • Cláusula 4.4.2 a) – En la medida necesaria documentos para apoyar la operación de los procesos de la organización.
    • Cláusula 4.4.2 b) – En la medida necesaria registros que aseguren que los procesos se llevan a cabo según lo planificado por la organización.

    La diferencia entre los documentos y los registros, es que los documentos necesitan ser revisados, e incluyen por ejemplo, procedimientos, instrucciones de trabajo, manuales, checklists, etc. Sin embargo, los registros muestran el resultado de algo que ya se ha realizado, y son por ejemplo actas de reunión, formularios de datos, evidencias de auditorías, etc.

    Para más información sobre los documento requeridos por la cláusula 4 vea los siguientes materiales:

  • Accumulation of pollutants

    The atmosphere accumulates pollutants whenever the input rate is superior to the output rate.

    The output rate is basically due to two reasons: chemical and biological. If you look into a carbon cycle diagram for example, you can see carbon removed from the atmosphere through photosynthesis (biological) and you can see carbon removed from the atmosphere through ocean uptake, a slow process that ends with the deposition of limestone on the ocean floor.

    The following material will provide you more information about aspects and impacts:

  • Prepare a re-certification audit

    After the initial two-stage certification audit, organizations have surveillance audits. Surveillance audits have a smaller scope and are more focused on record checking to confirm that the implementation is working.

    Normally, a re-certification audit, the first audit after a full three-year certification cycle, means changing the audit team completely. So, a new audit team will look with new pairs of eyes into your management system. The audit scope will again include all parts of the QMS.

    For organizations there is no need to prepare the recertification differently than for the surveillance audits. Be sure documents are updated, processes are implemented, and records generated and stored.

    The following material will provide you more information about certification versus surveillance audits:

  • Controlled and uncontrolled copies

    They need to be controlled copies in compliance with clause 7.5.2 that talks about the control of documented information of the QMS, and it includes documents of external origin such as supplier product specifications, standards, legislation , etc.. A controlled copy is the latest version of the document and when a change is made the document needs to be retreived and replaced. An uncontrolled copy, is a non controlled copy, meaning that is not replaced when a new version is issued. Usually uncontrolled copies are printed copies,.

    To learn more about control of documents in ISO 9001:2015, see this article – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

  • Internal audit questions

    I will make my first consultations as part of the purchase of the ISO 271001 implementation package, and my consultations are as follows:

    In an ISO 27001 Internal Audit report is it possible to detail the conformities as Major and Minor or only as Non-Conformities? Since if I take the ISO 19001 Guideline, it does not divide it as major and minor, simply as Nonconformity only

    ISO 27001 does not prescribe that Non-Conformities must be graded, so you can treat all of them only as Non-Conformities. The use of minor and major Non-Conformities are more used for certification bodies as a best practice.

    While an Internal Audit Report is true, it details the Findings (Non-Conformities) and observations, what would happen if the audited organization is all CONFORMITY? Is it possible that in the Internal Audit Report it mentions how many CONFORMITIES did I find?

    It is very unusual for an internal audit to be concluded with no non conformities identified, but in such cases the best course of action for the internal auditor is to highlight the good points identified in the internal audit and the observations, which could be considered for opportunities of improvement. Reporting the number of conformities normally won't add value to organization.
Page 510-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +