Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11272 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

AS9100 Certification process summary

Answer:
The AS9100 implementation process goes through a few simple steps. First get management support, identify your requirements and scope and define and implement all your processes. Next rain everyone to the level needed and choose a certification body that will benefit your company. Operate your system to collect records, perform internal audit and management review to identify and corrections or improvements needed, and put in place corrective actions. Finally, the certification auditors will conduct a stage 1 documentation audit and a stage 2 certification audit where they will review all your processes against the AS9100 standard and your internal and customer requirements.
For a graphical representation of the AS9100 Rev D implementation process, see the free download: AS9100 Rev D implementation diagram, https://info.advisera.com/9100academy/free-download/as9100-rev-d-implementation-diagram]
27001 certification audit
Thank you very much Rhand.
Wiki as document repository

Given that the wiki is only accessible to the company staff, maybe a copy paste and an indication to revise the procedure in the wiki, which is the one that will be updated, would suffice?

Answer: ISO 27001 does not prescribe how to handle documented information, only that they must be handled properly, so you can use your wiki as long as you can fulfill the requirements for documented information management from clauses 7.5.2 and 7.5.3 (e.g., approval flow, records, preservation, etc.)

This material will also help you regarding documented information:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

By the way, by your answer it seems that you have redundancy - i.e., the same documents in wiki + in another format you use to upload information to wiki. If this is the case, be sure to avoid this redundancy, because it will only increase you administrative work. Keep only one format as your official repository for documented information.
How to implement ISO in a Bank?

Answer:

The implementation of ISO 27001 is quite similar regardless the industry and size (what differs is the quantity of resources and complexity of deliverables), and the general steps are:
1) getting management buy-in for the project;
2) defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational and requirements of interested parties;
3) development of risk assessment and treatment methodology;
4) perform risk assessment and define risk tent plan;
5) controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
6) people training and awareness;
7) controls operation;
8 performance monitoring and measurement;
9) perform internal audit;
10) perform management critical review; and
11) address nonconformities, corrective actions and opportunities for improvement.

This article will provide you further explanation about ISMS implementation:
- ISO 27 001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Regarding implementation approaches, the most common are:
- Use your own staff to implement the ISMS
- Use a consultant to perform most of the effort to implement the ISMS
- Use a consultant only to support the staff on specific issues, leaving the organization's staff with most of the implementation effort.

Each one of them have their advantages and disadvantages. For more information, I suggest you the following materials:
- 3 strategic options to implement any ISO https://advisera.com/blog/2016/04/11/3-strategic-options-to-implement-any-iso-standard/
- Implementing ISO 27001 with a consultant vs. DIY approach https://info.advisera.com/27001academy/free-download/implementing-iso-27001-with-a-consultant-vs-diy-approach

These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- Diagram of ISO 27001:2013 Implementation https://info.advisera.com/27001academy/free-download/diagram-of-iso-27001-implementation-process
- ISO 27001 Documentation Toolkit https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Risk management for email service

Answer: The process is similar, in this case:
- Asset: Email service
- Threat: Disruption of service / inability to send and receive emails
- Vulnerability: No alternative provider
- Control: Open account with other email service provider(s) as a backup

- Asset: Email service
- Threat: Disruption of service / inability to access existing emails
- Vulnerability: The data is not backed up
- Control: Use local email client to archive all emails
Project Manager as internal auditor

Answer:

The project manager is involved in most of the activities related to the implementation of the ISO 27001, and since one requirement to be observed for an auditor is impartiality (an auditor cannot audit his own work), this person will not be able to perform the auditor role. The same applies to CISO, since he is responsible for reporting the ISM performance.

The best course of action would be to train an employee to perform internal auditor or hire an external auditor.

These articles will provide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
GDPR question

Answer:

I don`t see a problem with this as long as there is no sensitive information disclosed about the student.
ISO 27001 and ISO 27002

Answer:

The main differences are:
- ISO 27001 is a certifiable standard that defines the requirements for an Information Security Management System (ISMS), as well as provide, on its Annex A, suggested security controls to be implemented, according to results of risk assessment or legal obligations.
- ISO 27002 is a non certifiable standard that provides details and guidance on the implementation of the controls from ISO 27001 Annex A.
- ISO 27002 is not mandatory to be certified against ISO 27001.

These articles will provide you further explanation about ISO 27001 and ISO 27002:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
Mandatory list of processes

Answer
No, there are no mandatory processes in ISO 9001:2015. Each organization should design a model about how it works based on the process-approach.

The following material will provide you information about the ISO 9001 and ISO 13485:
- Article – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
- Free Course ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Process vs procedure
- Training procedures.
- Procedures for customer satisfaction.
- Procedures for review by management.
I don't know whether I should distinguish between process and procedures. What would be ur answer if we substitute the word "Procedure" with "Process".

Answer
First – ISO 9001 has no mandatory requirement for any procedure – please consider the first link below.

Second – Attention! Process and procedure are two different things don’t use the words interchangeably. Please check the second link and the webinar on demand.

The following material will provide you information about process vs procedure:
- Article – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- ISO 9001:2015 process vs. procedure – Some practical exemples - https://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/
- Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11272 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

AS9100 Certification process summary

27001 certification audit

Wiki as document repository

How to implement ISO in a Bank?

Risk management for email service

Project Manager as internal auditor

GDPR question

ISO 27001 and ISO 27002

Mandatory list of processes

Process vs procedure

Didn’t find an answer?