Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Use of ISO 27001 standard


    Answer:

    ISO 27001 is an intellectual property of ISO, and it is necessary to buy the standard to use it, otherwise you would incur on intellectual property infringement. Depending on buying conditions you may share a limited number of copies of the standard you bought.

  • Retraining requirements


    Answer
    There is no ISO 9001 requirement making that mandatory. Unless there is some important client, or contract, or legislation/regulation making that a requirement it is not mandatory.

    The following material will provide you information about competence:
    - Article – How to ensure competence and awareness in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/
    - Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Data processing and transferring


    Answer:

    The personal data can be provided to another third party located in the EU provided that there is a Data Processing Agreement in place.

    If you want to find out more about the transfer of Personal Data check out this free EU GDPR Foundation Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Obtaining engagement


    Answer: The most effective ways to get engagement of existing customers and their users are:
    - to show them how your actions can benefit them, help them achieve their business results
    - always take their opinion into account on project decisions
    - be transparent with them about what you are going to do and why
    - help them to resolve conflicts of interest with other areas, searching mutual beneficial solutions

    These articles will provide you further explanation about consultancy:
    - How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/
    - 5 criteria for choosing an ISO 22301 / ISO 27001 consultant https://advisera.com/27001academy/blog/2013/03/25/5-criteria-for-choosing-a-iso-22301-iso-27001-consultant/ (if you know what customers are looking for you can be better prepared)

    To obtain engagement of new customers you should work on your skills to present in a quick and effective way the benefits of information security and ISO 27001

    For further information, see:
    - 4 crucial techniques for convincing your top management about ISO 27001 implementation https://advisera.com/27001academy/blog/2016/09/12/4-crucial-techniques-for-convincing-your-top-management-about-iso27001-implementation/
    - Free webinar – How to sell ISO consulting services https://advisera.com/27001academy/webinar/how-to-sell-iso-consulting-services-free-webinar-on-demand/

  • Evidences for audit


    Answer: ISO 27001 does not prescribe the need to evidence what did not happen (i.e., if there was no incident or no change), but it could make sense during the measurement and monitoring process to create a record that says that none of these things have happened.

    2. As a part of implementation process we have installed firewall in our organization for log generation. Can we conduct internal audit based on logs of 10 days?

    Answer: A good reference you can use to define the time you need a process or control to be operating to have enough data to be audited is to ensure it has already completed at l east three cycles of operation. For example, if a full backup process is performed once a week, then you should wait at least three weeks to audit this process.

  • ISO 45001: Defining the scope


    Answer:
    Clause 4.3 of ISO 45001:2018 includes a lot of requirements describing what to consider when determining the scope of your OHSMS, stating that the scope is the boundaries and applicability of your OHSMS. This can be confusing, but it is helpful to think of the scope of your management system as “where the rules of the management system apply”. So, for your company where will the rules, policies, processes and procedure that you put in place to promote occupational health & safety apply.
    If everything you do is in one building, then this one building will encapsulate the scope of your OHSMS. If you have employees who travel to other locations for business, then these locations will be part of your scope since the OH&S rules apply to them as well. So, you need to look at all of your activities as a telecom provider and determine where your OHSMS information needs to be used.
    For more information on the scope for the OHSMS, see the ar ticle: How to determine scope of the OH&SMS, https://advisera.com/45001academy/blog/2015/12/09/how-to-determine-scope-of-the-ohsms/

  • AS9100 Transfer of work procedure

    Answer:
    The requirements for work transfer are included at the end of clause 8.1, operational planning and control, and include some very simple requirements. Basically, when you need to transfer work (either permanently or temporarily), have a process to plan this transfer so that you continue to have product and service conformity. When doing this make sure you manage the impacts and risks or the transfer. The note then forwards you to clause 8.4 if you are transferring work to an outside provider such as a supplier, or to clause 8.5 when you are transferring work into your organization.
    It is important to note, that the standard doesn’t require you to have a procedure specifically for work transfers. If you are transferring work to a supplier then this is the same as any other purchase for a supplier where you assess the risks of the supplier and decide what controls you need for that supplier so that you get the right product or service. For this I would simply add information into the purchasing procedure about following these assessments for work transfer to supplier.
    Likewise, work transfer into your facility is the same as any work you are going to accept into your product and service provision process, you will assess the risks and controls before you start. In this case I would *** some statements into the procedures for the production department about work transfers following the same assessment route. In both cases, why confuse people by having a separate procedure that is almost never used when the information could be in a clause of their standard procedure.
    If you are looking for specific template for these procedures, or any others, you can see samples in our AS9100 Documentation Toolkit, https://advisera.com/9100academy/as9100-documentation-toolkit/

  • Document signing


    Answer
    There is no rule for that. With the signature you want to evidence that someone with authority approved the document. That someone has a position. For example, Mary approves document A not because she is Mary but because she occupies the Quality Manager position. Adding the printed name is a possibility but sometimes occupies much needed space.

    The following material will provide you information about documents:
    - Article – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
    - - Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • To be or not to be part of the overall process map


    Answer
    There is no straight answer without further information. Being part or not of the process map is a function of the importance of the IT department in serving the relevant interested parties. For many organizations what I see is that IT is more a background process and the use of Standard Operating Procedures (Work Instructions) is enough. For other organizations IT is fundamental and they appear in the process map. Also, please do not consider a department as the same as a process. In what flow of activities does the IT department appear? For example, there might be their participation in 1 or 2 steps in the integration of a new employee.

    The following material will provide you information about processes:
    - Article – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
    - Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it -https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
    - Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/

  • People as asset


    Answer:

    ISO 27001 does not prescribe who should be the asset owner, but in general, if by people you refer to an employees hired by an organization, then the asset owner is their superior in the organization. On the other hand, if by people you refer to a hired freelancer, consultant or similar, that will work for the organization only for a defined time, and for a specific work, then the asset owner should be the person with whom the contract is signed.

    This article will provide you further explanation about inventory of assets:
    - How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Page 567-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +