Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Obtaining engagement


    Answer: The most effective ways to get engagement of existing customers and their users are:
    - to show them how your actions can benefit them, help them achieve their business results
    - always take their opinion into account on project decisions
    - be transparent with them about what you are going to do and why
    - help them to resolve conflicts of interest with other areas, searching mutual beneficial solutions

    These articles will provide you further explanation about consultancy:
    - How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/
    - 5 criteria for choosing an ISO 22301 / ISO 27001 consultant https://advisera.com/27001academy/blog/2013/03/25/5-criteria-for-choosing-a-iso-22301-iso-27001-consultant/ (if you know what customers are looking for you can be better prepared)

    To obtain engagement of new customers you should work on your skills to present in a quick and effective way the benefits of information security and ISO 27001

    For further information, see:
    - 4 crucial techniques for convincing your top management about ISO 27001 implementation https://advisera.com/27001academy/blog/2016/09/12/4-crucial-techniques-for-convincing-your-top-management-about-iso27001-implementation/
    - Free webinar – How to sell ISO consulting services https://advisera.com/27001academy/webinar/how-to-sell-iso-consulting-services-free-webinar-on-demand/

  • Evidences for audit


    Answer: ISO 27001 does not prescribe the need to evidence what did not happen (i.e., if there was no incident or no change), but it could make sense during the measurement and monitoring process to create a record that says that none of these things have happened.

    2. As a part of implementation process we have installed firewall in our organization for log generation. Can we conduct internal audit based on logs of 10 days?

    Answer: A good reference you can use to define the time you need a process or control to be operating to have enough data to be audited is to ensure it has already completed at l east three cycles of operation. For example, if a full backup process is performed once a week, then you should wait at least three weeks to audit this process.

  • ISO 45001: Defining the scope


    Answer:
    Clause 4.3 of ISO 45001:2018 includes a lot of requirements describing what to consider when determining the scope of your OHSMS, stating that the scope is the boundaries and applicability of your OHSMS. This can be confusing, but it is helpful to think of the scope of your management system as “where the rules of the management system apply”. So, for your company where will the rules, policies, processes and procedure that you put in place to promote occupational health & safety apply.
    If everything you do is in one building, then this one building will encapsulate the scope of your OHSMS. If you have employees who travel to other locations for business, then these locations will be part of your scope since the OH&S rules apply to them as well. So, you need to look at all of your activities as a telecom provider and determine where your OHSMS information needs to be used.
    For more information on the scope for the OHSMS, see the ar ticle: How to determine scope of the OH&SMS, https://advisera.com/45001academy/blog/2015/12/09/how-to-determine-scope-of-the-ohsms/

  • AS9100 Transfer of work procedure

    Answer:
    The requirements for work transfer are included at the end of clause 8.1, operational planning and control, and include some very simple requirements. Basically, when you need to transfer work (either permanently or temporarily), have a process to plan this transfer so that you continue to have product and service conformity. When doing this make sure you manage the impacts and risks or the transfer. The note then forwards you to clause 8.4 if you are transferring work to an outside provider such as a supplier, or to clause 8.5 when you are transferring work into your organization.
    It is important to note, that the standard doesn’t require you to have a procedure specifically for work transfers. If you are transferring work to a supplier then this is the same as any other purchase for a supplier where you assess the risks of the supplier and decide what controls you need for that supplier so that you get the right product or service. For this I would simply add information into the purchasing procedure about following these assessments for work transfer to supplier.
    Likewise, work transfer into your facility is the same as any work you are going to accept into your product and service provision process, you will assess the risks and controls before you start. In this case I would *** some statements into the procedures for the production department about work transfers following the same assessment route. In both cases, why confuse people by having a separate procedure that is almost never used when the information could be in a clause of their standard procedure.
    If you are looking for specific template for these procedures, or any others, you can see samples in our AS9100 Documentation Toolkit, https://advisera.com/9100academy/as9100-documentation-toolkit/

  • Document signing


    Answer
    There is no rule for that. With the signature you want to evidence that someone with authority approved the document. That someone has a position. For example, Mary approves document A not because she is Mary but because she occupies the Quality Manager position. Adding the printed name is a possibility but sometimes occupies much needed space.

    The following material will provide you information about documents:
    - Article – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
    - - Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • To be or not to be part of the overall process map


    Answer
    There is no straight answer without further information. Being part or not of the process map is a function of the importance of the IT department in serving the relevant interested parties. For many organizations what I see is that IT is more a background process and the use of Standard Operating Procedures (Work Instructions) is enough. For other organizations IT is fundamental and they appear in the process map. Also, please do not consider a department as the same as a process. In what flow of activities does the IT department appear? For example, there might be their participation in 1 or 2 steps in the integration of a new employee.

    The following material will provide you information about processes:
    - Article – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
    - Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it -https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
    - Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/

  • People as asset


    Answer:

    ISO 27001 does not prescribe who should be the asset owner, but in general, if by people you refer to an employees hired by an organization, then the asset owner is their superior in the organization. On the other hand, if by people you refer to a hired freelancer, consultant or similar, that will work for the organization only for a defined time, and for a specific work, then the asset owner should be the person with whom the contract is signed.

    This article will provide you further explanation about inventory of assets:
    - How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

  • Service Desk user satisfaction survey


    Answer:
    First of all, you need to have in mind that questionnaire you'll send to your customers need to have follow-up. That means - from the answers you'll receive there must be a clear conclusion and plan what to do with it (especially when the answer implies something that is not OK).
    I would suggest to divide questions in two groups:
    1. Communication related - that would give you the answer regarding communication capabilities of your staff. So, questions could be: Do Service Desk (SD) staff communicates in clear and unambiguous way? Are they calm and patient when talking to you? Are their explanations and/or reasoning understandable for you?
    2. Competence related - here you'll get feedback about the quality of your SD staff work. So, here are few examples: Do you get your issues resolved while calling our SD? What is the quality of provided solutions? Are the issues resolved in timely manner (be careful while interpreting the answer - users need to be familiar with SLA)?
    This article can help you further: "
    Service Desk staff – a window to the IT organization" https://advisera.com/20000academy/blog/2014/02/18/service-desk-staff-window-organization/

  • Gap analysis questionnaire


    Answer:

    For a quick and initial diagnosis of your company readiness for ISO 27001, I suggest you our ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

    It has a simple question-and-answer format that allows you to visualize which specific elements of an information security management system you’ve already implemented, and what you still need to do.

    For a more complete view of what an auditor would look for, I suggest you to take a look at the free demo of our Internal Audit Checklist: https://advisera.com/27001academy/documentation/internal-audit-checklist/

    For each clause or control from the standard the checklist provides one or more questions which should be asked during the audit in order to verify the implementation.

    Regarding in-depth questions, they are most related to technical competencies and daily operational practices, and to have an insight for them I suggest you our security awareness program: https://advisera.com/training/awareness-session/security-awareness-training/
    It has a set of short videos to educate your employees about simple techniques for protecting company information

  • Metodologías para abordar riesgos


    Respuesta:

    Para empezar siempre recomiendo llevar a cabo una metodología simple como es por ejemplo llevar a cabo una reunión con los cargos más relevantes de la organización (ej. jefes de departamento, alta dirección, etc.) en la que se realice un análisis DOFA. En este análisis de identificarán debilidades, oportunidades, fortalezas y amenazas de la organización y el contexto en el que se encuentra. Por lo tanto, no sólo va a ayudar a identificar los riesgos y oportunidades de la compañía sino que va a ayudar a determinar las cuestiones internas y externas del contexto, dando cumplimiento a la cláusula 4.1.

    También pueden ser empleadas otras metodologías más complejas, como es el caso del Análisis de Modo y Efecto de Fallo (AMEF). Este método se utiliza cuando se realiza el diseño de un proceso o un producto y su objetivo es la identificación de todos los posibles problemas que pueden surgir, clasificar la criticidad del riesgo y determinar qué acciones tomar al respecto.

    P ara saber más sobre cómo abordar riesgos y oportunidades en la organización, puede ver los siguientes materiales:
    - Artículo - How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - Artículo - How to identify risk significance in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
    - Libro - Discover Iso 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Curso Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
Page 567-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +