Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • CMMI and ISMS


    Answer:

    Unfortunately we do not have such material consolidated, but from these links you can build an understanding about their relation:
    - Mapping from ISO 9001:2008 to CMMi v1.2: https://cmmiinstitute.zendesk.com/hc/en-us/articles/115004587567-Do-ISO-standards-and-CMMI-work-together-
    - Mapping from ISO 9001:2008 to ISO 9001:2015 https://committee.iso.org/files/live/sites/tc176sc2/files/documents/ISO%209001%202015%20-%20Implementation%20guidance%20docs/ISO9001_2015_Correlation_Matrices.docx
    - ISO 27001 vs. ISO 9001 matrix https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix

  • ISO 27001 in designing projects

    (I would like to better understand how ISO27001 can help me in designing projects for physical security - hardware - I am a manufacturer.)

    Answer:

    Como uma norma voltada para segurança da informação, a ISO 27001 pode auxiliar na elaboração de projetos para segurança física de hardware ao:
    - prover uma sistemática para a identificação de requisitos e seleção de controles a serem implementados para proteger as informações que este hardware irá tratar. Por exemplo, se as informações que serão armazenadas ou transferidas através deste hardware requerem alto nível de proteção, um possível requisito de hardware seria a implementação de funcionalidades que permitissem a identificação de tentativas de violação do hardware (um bom exemplo são leitoras de cartão de crédito).
    - ao prover controles específicos para a implementação de segurança física (controles da seção A.11), incluindo proteção específica para eq uipamentos (controles da seção A.11.2)
    - auxiliar na identificação e implementação de controles para a proteção das informação do projeto (por exemplo, controle de acesso às especificações de tecnologias a serem implementadas no hardware, definição de responsabilidades, etc.).

    (As an information security standard, ISO 27001 can assist in designing projects for physical hardware security by:
    - provide a system for identifying requirements and selecting controls to be implemented to protect the information that this hardware will handle. For example, if the information that will be stored or transferred through this hardware requires a high level of protection, a possible hardware requirement would be the implementation of features that allow identification of attempts to breach the hardware (a good example is credit card readers. ).
    - by providing specific controls for the implementation of physical security (section A.11 controls), including equipment-specific protection (section A.11.2 controls)
    - assist in the identification and implementation of controls for the protection of project information (e.g., access control to technology specifications to be implemented in hardware, definition of responsibilities, etc.).)

    Estes artigos podem prover informaçao adicional sobre a ISO 27001 em projetos:
    (These articles can provide additional information about ISO 27001 in project: )

    - How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1 https://advisera.com/27001academy/blog/2016/04/18/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-1/
    - How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 2 https://advisera.com/27001academy/blog/2016/04/26/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-2/
    - How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/
    - How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/

  • New company logo and controlled documents


    Answer
    If your logo is part of the documents’ identification and if your logo was changed, your organization will have to update documentation. Since your next surveillance audit will take place in less than a month perhaps that update should be planned to take place not in a moment but along a period of time. So, easier documents to update can be updated right away, for other documents you can develop a plan start to implement it and show it during next surveillance audit. For example, auto companies sometimes make changes in their component drawings and allow suppliers to use previous versions until stock of those versions goes to zero.

    The following material will provide you more information about ISO 9001 and document control:
    New approach to document and reco rd control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - Enroll for free course - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • ISO 9001 and shipping companies


    Answer
    Just googling “shipping iso 9001” I found a set of ISO registered shipping companies. Perhaps the big ones are so well known that they do not need certification to improve their credibility.

    The following material will provide you more information about ISO 9001 and shipping companies:
    Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
    How ISO 9001 improves shipping procedures - https://advisera.com/9001academy/blog/2019/07/09/how-iso-9001-improves-shipping-procedures/
    - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book – ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Use of encryption and ISO 27001


    Answer:

    According to ISO 27001, you only have to implement any kind of encryption, as well as other types of controls, in the following situations:
    - There are unacceptable risks that justify the application of the control (i.e., based on the risk assessment results)
    - There are legal requirements (e.g., laws or contract clauses) to which the organization must comply with, that demands the application of the control
    - There is a management decision to implement the control, by considering it as good practice.

    If none of the above conditions happen, there is no need to implement a control.

    This article will provide you further explanation about selecting controls:
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

  • Identificar riesgos en ISO 14001


    Respuesta

    La organización debe prepararse y responder ante situaciones potenciales de emergencia que están relacionadas con los riesgos identificados en el apartado 6.1.1.

    Estos riesgos y oportunidades pueden estar relacionados con:

    – aspectos ambientales (cláusula 6.1.2) -
    – requisitos legales y otros requisitos (cláusula 6.1.3);
    – otras cuestiones y requisitos identificados en los apartados 4.1 y 4.2

    En cuanto a los riesgos asociados a los aspectos ambientales debe de identificar cada uno de los procesos del ciclo de vida del producto o servicio, e identificar sus entradas y salidas para poder posteriormente identificar de manera apropiada sus impactos y evaluar mediante una serie de criterios establecidos por la organización los aspectos ambientales significativos.

    Para más información sobre cómo identificar los aspectos ambientales y sus riesgos puede ver los siguientes artículos:
    - 4 pasos en la identificación y evaluación de aspectos ambientales: https://advisera.com/14001academy/es/knowledgebase/4-pasos-en-la-identificacion-y-evaluacion-de-aspectos-ambientales/
    - Catalogue of environmental aspects: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
    - ISO 14001:2015 how to set the criteria for environmentas aspects evaluation: https://advisera.com/14001academy/blog/2016/10/31/iso-140012015-how-to-set-criteria-for-environmental-aspects-evaluation/

    Por otro lado, los riesgos pueden aparecer como consecuencia de requerimientos legales o de los cambios en ellos, por lo que debe establecer un sistema de identificación de esos requisitos y sus posibles cambios para llevar a determinar los riesgos asociados.

    Y por último los riesgos asociados al contexto de la organización, ara los cuales le recomiendo que lleve a cabo un análisis DOFA, en el que identifique las debilidades, oportunidades, fortalezas y amenazas que derivan de las cuestiones internas y externas de su compañía. Para ello puede organizar una reunión en la que se lleve a cabo este análisis con la gente relevante de su organización, como los gerentes, CEO, etc.

    Para más información sobre riesgos y oportunidades en ISO 14001 puede ver los siguientes artículos:
    - Gestión de riesgos en ISO 14001:2015: qué por qué y cómo: https://advisera.com/14001academy/es/knowledgebase/gestion-de-riesgos-en-iso-140012015-que-por-que-y-como/
    - ISO 14001 risks and opportunities vs environmentak aspects: https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/

    Estos materiales pueden también ayudarle con la identificación de riesgos y oportunidades en ISO 14001:
    - Libro - The IsO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
    - Curso gratuito en línea - Fundamentos ISO 14001: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

  • Making an effective audit


    Answer
    Effective means successful in producing a desired or intended result. What is the desired or intended result for your audit? What are the audit objectives? What have your client told you about the purpose of the audit? If the objective is mainly about conformity you should collect findings that will help you answer in your report if the company is conforming with performance targets and procedures or work instructions. I think you will need to check if:
    inputs into production are identified, traceable and controlled;
    people are competent;
    production process is under control;
    quality is under control;
    production performance is under control;
    non-conformities are identified and treated;
    corrective actions are developed and effective;

    And at the same time, you have to look into significant environmental aspects and impacts and check if they are under control, monitored and decisions made and implemented. Same for health and safety.

    The following material will provide you more information about internal audits:
    ISO 9001 – How to prepare for an internal audit - https://advisera.com/9001academy/blog/2017/09/26/iso-9001-how-to-prepare-for-an-internal-audit/
    Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
    Free webinar on demand – How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
    - Enroll for free course - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - book – ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Overcoming the language barrier


    Answer
    If top management is interested in the implementation of a quality management system (QMS), it is because there are some kind of benefits for the organization.

    My advice is translating those benefits into practical positive consequences for middle management persons like:

    Implementing a QMS -Certifying the QMS -More international credibility -More orders -More production -Higher wages

    Implementing a QMS -Less quality problems -More efficiency -Less costs -More production and competitiveness -Higher wages -Higher status

    If language is a barrier use simple messages, tell them a story, make them play a game, something that pass the message.

    The following material will provide you more information about QMS benefits:
    Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
    Benefits of ISO 9001 implementation for small businesses - https://advisera.com/9001academy/blog/2018/09/17/benefits-of-iso-9001-implementation-for-small-businesses/
    - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • What lies under the hood of design and development


    Answer
    I must confess that before reading your question at the end I was already thinking about how strange: a company is dealing with personalized solutions being exempt of design and development.

    The process for design and development is how your company design a develop a new solution fo r a customer:
    First you have to consider the inputs: client requirements; legal and regulatory requirements; your own manufacturing requirements; your expertise and past experience requirements. This will help your design and development team decide if and when is the project terminated (what is called verification activities in ISO 9001:2015 – to check if the output of the project is according to the inputs);
    Then you have to develop the project activities to turn inputs into outputs (for example, choosing materials, choosing software, making prototypes and test them – those tests are what is called review activities in ISO 9001:2015)
    After a successful verification it is wise to get client approval, for example after simulation tests (those tests are what is called validation activities in ISO 9001:2015)
    A successful design and development do not end with a validated output. It also answers to questions like: What are the specifications of the output (product and/or service)? What are the specifications for process and quality control during production? What are the specifications for buying raw materials or subcontracting? What are the requirements for monitoring resources? (This is what ISO 9001:2015 calls design and development outputs)
    Once your company develops the previous activities in a planned and systematic way, to meet deadlines, to focus design and development team’s attention it is useful to start each project with a plan. (This is what ISO 9001:2015 calls design and development planning)
    The client validated the product and production started. Changes always happen, because of a complaint, because of a change of materials or suppliers, because of a change of production process. Changes must be treated, tested, validated and documentation and practices altered in a controlled way to avoid chaos. (This is what ISO 9001:2015 calls design and development changes)


    The following material will provide you more information about design and development:
    The ISO 9001 Design Process Explained - https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
    ISO 9001 document template: Procedure for Design and Development - https://advisera.com/9001academy/documentation/procedure-design-development/
    - Free webinar on demand (you can see here information about non-applicable clauses- ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
    - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Legal provisions of the BDSG and DSGV


    Answer:

    Neither the BDSG or the GDPR establish specific retention periods for student or any other category of data subjects, this is usually established to specific pieces of legislation such and the laws on archiving. As regards to the transmission, this depends on the role of the receiving party. If the receiving party acts as a data processor for the sending party then the provisions of article 28 of the EU GDPR will apply.

    If you want to get some basic information about the EU GDPR, check out this EU GDPR Foundation Course https://advisera.com/training/eu-gdpr-foundations-course//
Page 524-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +