Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Mandatory documents in ISO 45001


    Answer:
    The use of the word “shall” in the requirement is indicating that you need to perform this function or activity, but this does not indicate that the ISO 45001:2018 standard requires you to document anything. Many processes which are required do not need to be documented, or have documented records. It is the use of the term “documented information” which indicates that there is a mandatory documentation requirement from the standard. Where the standard does not use the term “documented information”, but many companies include this in their OHSMS, we have included this in the document about mandatory documents of ISO 45001.
    There is no one best way to document what is requi red in the OHSMS, so the best advice is to determine what will work best for you to be able to locate the information when needed. For larger companies, there is a good documentation structure discussed in the link below.
    For more on structuring documentation in the ISO 45001:2018 OHSMS, see the article: How to structure ISO 45001 documentation, https://advisera.com/45001academy/blog/2018/11/08/how-to-structure-iso-45001-documentation/

  • Audit questions

    GRR acceptance crriteria is 10%. In case of GRR for attributes Kappa value acceptance criteria is 0.75. That means in simple comparison method we have min. 90% acceptance. So why Kappa value of 0.75 is accepted and it means 25% rejection is accepted. No able to understand the statistical acceptance in case of attribute study.

  • ISO 27001 benefits


    Answer:

    The most common topics you can consider regarding lowering expenses are related to the impact of information security incidents: the decreasing of their quantity, of their effective impact, or on the resources involved in their handling.

    Additionally, you can consider the decrease on fines related to non compliance with legal requirements.

  • Measurable quality objectives


    Answer
    If you write a quality objective that can be countable you ensure that it is measurable. For example:

    * Our organization want to increase the number of corporate clients by 5% by the end of the year;
    * Our organization want to reduce the number of clients lost to the competition by 7% by the end of the year;
    * Our organization wants to reduce by 10% the customer wait time in line by the end of next quarter.
    * Our organization wants to reduce employee turnover by 10% by the end of the year.

    For each example you can count the number of corporate clients, the number of clients lost, …"

    The following material will provide you more information about quality objectives:
    How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
    - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - Enroll for free course - ISO 9001:2015 Lead Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Surveillance audit and auditors


    Answer
    Surveillance audits are performed by certification bodies. Certification bodies use the same criteria that they have for certification audits. Normally, certification bodies try to keep one or more auditors from the certification audit in the following surveillance audits.

    The following material will provide you more information surveillance audits:
    What is an ISO 9001 surveillance audit? - https://advisera.com/9001academy/blog/2016/10/18/what-is-an-iso-9001-surveillance-audit/
    [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Course and cerification bodies


    Answer:
    Your question is not complete because we do not know your purpose, what aim you want to meet by enrolling in the course.
    If you want to become an internal auditor, it is enough (and very expensive).
    If you want to become an external lead auditor doing internal audits, it is enough (and very expensive).
    If you want to become a lead auditor for a certification body, after the course when you get the certificate, you have to contact the certification body to know what their particular requirements are. They may want evidence of your experience as auditor, what your professional experience is because of the economic sectors that you can audit. Each certification body will have different requirements and different contract requirements.

    The following material will provide you more information about audit courses whe re you can enroll for free at your own pace and time and recognized by Exemplar Global:
    - ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/

  • Risk Assessment and Risk Treatment template


    Answer: The main difference between these three documents are:
    - Risk Assessment and Risk Treatment Methodology Cloud covers not only requirements for ISO 27001, but also specific requirements applicable for cloud environments defined by ISO 27017 and for Personal Identifiable Information PII) defined by ISO 27018.
    - Risk Assessment and Risk Treatment Methodology Premium covers not only requirements for ISO 27001, but also specific requirements applicable for business continuity defined by ISO 22301.
    - Risk Assessment and Risk Treatment Methodology Integrated covers not only requirements for ISO 27001, but also specific requirements applicable for protection of personal data defined EU GDPR.

    You can see the specific requirements covered in each document in its own section 2 - Reference Documents.

    2 - Also, based on security practices risk is calculated by multiplying likelihood with im pact. However in this methodology you are adding them.

    Answer: ISO 27001 does not prescribe how risk is calculated, and the most used practices are multiplying or adding likelihood with impact, and we chose for our template the last mentioned approach. However you can adjust the template approach for multiplying likelihood with impact if you wish so. This is perfectly acceptable by ISO 27001 requirements ( both methods are suggested in ISO 27005).

    For further information, see:
    - How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

    3 - Please let me know if Advisera has any documentation on how to perform risk assessments on third parties and cloud providers .

    Answer: You can use the same risk assessment approach adopted by your organization to perform risk assessments on third parties and cloud providers. Please note that to assess risks on cloud providers you should consider the Risk Assessment and Risk Treatment Methodology Cloud.

  • Training on business continuity


    I need an advice as to which Certification course can I first start to enroll with the academy.

    I have looked at your prices compared to BCI, I have found them cheaper as I have to pay it myself

    Answer: Since you mentioned BCI (Business Continuity Institute), I'm assuming you are looking for business continuity training. Considering that, unfortunately at this time we do not have available courses related to this topic. If you want to consider the ISO 22301, the ISO standard for business continuity, I'd suggest you first to take a foundations course to understand the standard and its requirements.

    This article will provide you further explanation about ISO 22301:
    - What is ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/

    These materials will also help you regarding ISO 22301 BCMS:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
    - ISO 22301: An overview of the BCM implementation process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-22301-overview-bcm-implementation-process-free-webinar-demand/
    - Implementing Business Impact Analysis according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/
    - Writing a business continuity plan according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/

  • Design and development applicability


    Answer
    Changing parameters of an established product is not necessarily the outcome of design and development. If the company does not launch new products design and development is not applicable. But in our days it is difficult to stay in the market without periodically launch new products.

    The following material will provide you more information about applicable clauses:
    What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
    - Free webinar - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
    - Enroll for free course - ISO 9001:2015 Foundations Course - https://community.advisera.com/topic/design-and-development-applicability/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Certification options for persons


    Answer:

    The best pathway will depend on your professional objectives. If you plan to work on an Information Security Management System certification process, then you should consider the Lead Implementer certification. If you plan to ensure the operation of an ISMS, then you should consider the Lead Auditor certification. Considering your current work, Lead Implementer certification seems more appropriated.

    These articles will provide you further explanation about ISO 27001 certifications:
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - What does ISO 27001 Lead Auditor training look l ike? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    This material will also help you regarding ISO 27001 certifications:
    - ISO 27001:2013 Lead auditor course https://advisera.com/training/iso-27001-lead-auditor-course/
    - ISO 27001:2013 Lead implementer course https://advisera.com/training/iso-27001-lead-implementer-course/
Page 519-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +