Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Cultura organizacional
Respuesta:
La cultura organizacional se refiere al conjunto de creencias, hábitos, valores y actitudes de una empresa. Esta cultura va a determinar la forma de funcional de una empresa y que se refleja en sus estrategias, su estructura y su sistema de trabajo.
Cambios en la cultura organizacional podrían incluir:
- Creación de equipos multidisciplinares que ayudan a la toma de decisiones con varios puntos de vista
- Introducción de beneficios sociales para los empleados como viajes, acceso a comida gratuita, gimnasio, etc.
- Introducción de las últimas tecnologías en los procesos de la empresa
Efectivamente el ingreso de personal de menor edad podría tener una repercusión en el cambio cultural organizacional de la empresa.
Para conocer más sobre la cultura organizacional, puede ver:
- Cómo identificar el contexto de la organizavción en ISO 9001:2015: https ://advisera.com/9001academy/es/knowledgebase/como-identificar-el-contexto-de-la-organizacion-en-iso-90012015/
- Curso gratuito en línea de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro - Discover ISO 9001:2015 thorugh practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
How to fill in "Requirement" column
Answer:
A "requirement" is what a specific document requires you to perform - e.g. GDPR article 32 requires companies to use (where appropriate) pseudonymisation and encryption of personal data.
This article will help you more: How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/ -
How to fill Statement of Applicability
For example this has for (6)
A.6.1.1 Information security roles and responsibilities
A.6.1.2 Segregation of duties
A.6.1.3 Contact with authorities
A.6.1.4 Contact with special interest groups
A.6.1.5 Information security in project management
Yet document "A.6.1_Bring_Your_Own_Device_BYOD_Policy_Cloud_EN.docxx" has the following in the table of contents. How are they linked ?
Table of contents
1. PURPOSE, SCOPE AND USERS 3
2. REFERENCE DOCUMENTS 3
3. SECURITY RULES FOR USING BYOD 3
3.1. COMPANY POLICY 3
3.2. WHO IS ALLOWED TO USE BYOD, AND FOR WHAT 3
3.3. WHICH DEVICES ARE ALLOWED 3
3.4. ACCEPTABLE USE 3
3.5. SPECIAL RIGHTS 4
3.6. REIMBURSEMENT 4
3.7. SECURITY BREACHES 5
3.8. TRAINING AND AWARENESS 5
4. MANAGING RECORDS KEPT ON THE BASIS OF THIS DOCUMENT 5
5. VALIDITY AND DOCUMENT MANAGEMENT 5
Plus I do not see: 08_Annex_A_Security_Controls in the download yet it asks for them in 6_Statement_of_Applicability_Cloud
A.5, A.5.1, A.5.1., A.5.1.2
Answer:
To fill out Statement of Applicability (SoA) you have to:
1) Complete the List of legal, regulatory and other requirements, and the Risk treatment table - those two documents will be your main inputs for writing the SoA.
2) Based on those two inputs you decide whether a particular control is applicable or not, i.e. whether you need that control to satisfy a requirement, or to decrease a risk.
3) If a control is applicable, you simply have to look for a document that covers this control - in the "List of documents" (based in the root folder of the toolkit) you will find a cross reference on which controls are covered in which document. In the SoA template there are already suggested documents for most of the controls.
By the way, together with the toolkit you have received the access to the video tutorial which explains how to fill out the Statement of Applicability - there you will see lots of examples on how this is done. -
Is vendor agreement mandatory for ISO 13485?
We received another question:
>Purchase order mailed to supplier prior to purchase, can Purchase order be considered as an agreement. We are into manufacturing of class 1 medical devices , hence Purchase order can be considered as an agreement of ISO 13485 clause 7.4.2. As Some suppliers are unwilling for sign agreements
Answer:
If the purchase order contains the purchasing information of the products or services that you are sourcing from the supplier, it is valid. However, there should also be some email communication between your company and the supplier to ensure that the supplier will notify you of any changes made to the purchased product or service which could have an impact on the quality and performance of the medical device that you are dealing with. -
Privacy Laws outside EU
Answer:
You can find out more about privacy legislation around the world here: https://www.dlapiperdataprotection.com/ -
List of Legal, Regulatory, Contractual and Other Requirements
Answer:
In the List of legal, contractual and other requirements first you need to identify an external document where a requirement is specified - therefore “Intellectual property rights” is not precise enough - instead you should find out which law in your country regulates the intellectual property rights, and then copy from this law the requirements applicable to your business.
The rules you have specified in your message are much more appropriate for the IT Security Policy (you can f ind the template in our toolkit) - there you can formulate your own rules (based on the requirements you first identified in the List of legal, contractual and other requirements). -
ISO documents for IT
Answer: ISO 27001 does not prescribe a standardized reporting procedure or any other similar document, however it does list mandatory and suggested documents you might use - here is an article that might help you:
List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
2. On the other hand, may you guide us which ISO documents best suites us a IT .
Answer: If your question is about which standards might be the most suitable for IT, here are the 3 most popular:
- ISO 27001 (information security) https://advisera.com/27001academy/what-is-iso-27001/
- ISO 22301 (business continuity) https://advisera.com/27001academy/what-is-iso-22301/
- ISO 20000 (IT service management) https://advisera.com/20000academy/what-is-iso-20000/
If your question is about which IT documents to use for ISO 27001, here’s an article that can help you: How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/ -
Implementation of ISO 27001
Answer:
Here’s a short article that will explain you the basics: ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
But the best way to learn about the implementation is this free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
"Shall be documented" phrase
Answer:
Any time when you see a phrase “shall be documented” in a standard this means you have to write a document to be compliant.
These articles will help you:
- Mandatory documents required by ISO 22301 https://advisera.com/27001academy/knowledgebase/mandatory-documents-required-by-iso-22301/
- Explanation of the basic terminology in ISO standards https://advisera.com/27001academy/blog/2015/01/12/explanation-of-the-basic-terminology-in-iso-standards/ -
ISO 27001 clauses
Answer:
ISO 27001 is a standard published by the ISO organization, you can purchase the standard here: https://www.iso.org/standard/54534.html
You can also download this free material Clause-by-clause explanation of ISO 27001: https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001