Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Dates in ISO certificates
1. Which one is important?
Answer: Both are important.
2. What is the meaning of these dates?
Answer: Certificate expires date is the last day the certificate is valid. So, if you look to a certificate beyond the expire date you know it is no longer valid. Certification is valid for a cycle of three years. To avoid breaking the chain of certification, before a cycle ends an organization should recertify its management system. The recertification date is the last date to do it.
3. In an ISO Certificate Which date is mandatory to see? I mean if certification due date is lapped and Re-certification date is not lapped then Is certificate is valid?”
Answer: Certificate Expiry
The following material will provide you information about certification audits:
- ISO 9001 – How to know whether ISO 9001 certificate is valid? - https://advisera.com//9001academy/blog/2018/05/23/how-to-know-whether-iso-9001-certificate-is-valid/
- Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Smartphones in an ISMS environment
Answer:
First of all, you have to perform a risk assessment to identify which risks related to smartphones you have to treat, and which legal requirements (e.g. clauses of contracts, laws or regulations) you have to fulfill. After that you have to identify proper controls to be implemented. In general, to protect smartphones and other mobile devices you have to consider the following controls:
- A.6.2.1 Mobile device policy
- A.6.2.2 Teleworking
- A.13.2.1 Information transfer policies and procedures
- A.13.2.3 Electronic messaging
Normally these are implemented through a BYOD policy, which you can see how it looks like at this link: https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/
This article will provide you further explanation abou t BYOD policy:
- How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/ -
Template content
https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Answer:
Although the name of the document refers to Information Technology (IT), its content also covers controls for protection of communication technologies. The terms Information and Communication Technology (ICT) and Information Technology (IT) are often used interchangeably. -
Mandatory documents
Answer:
It is possible to exclude documents that are not mandatory for IATF 16949 certification totally from the scope. That means you don’t need to write documents you have excluded from the scope.
My suggestion is for you to perform a risk analysis that can show you whether you need the procedure or work instruction or not. Basically, if after performing the risk analysis you determine that the procedure or work instruction is not necessary for you and also not mandatory by the standard itself, you can exclude it.
For more information, please take a look at some of our articles and materials:
- List of mandatory documents required by IATF 16949:2016: https://advisera.com/16949academy/knowledgebase/list-of-mandatory-documents-required-by-iatf-16949-2016/
- How to structure IATF 16949:2016 d ocumentation: https://advisera.com/16949academy/knowledgebase/how-to-structure-iatf-16949-2016-documentation/
- IATF 16949 document template: Procedure for FMEA Risk Assessment
https://advisera.com/16949academy/documentation/procedure-for-fmea-risk-assessment/ -
Change authority
Answer:
If we stick to ITIL or ISO 20000 - there is no Change control board. ITIL defines only Change Advisory Board as an authority to authorize changes. But, you will need to define what kind and what levels of changes you have and who authorizes them.
Here are the articles that can help you:
Change Advisory Board in ITIL – advise, approve or what? https://advisera.com/20000academy/knowledgebase/change-advisory-board-itil-advise-approve/
ITIL V3 Change Management – at the heart of Service Management https://advisera.com/20000academy/knowledgebase/itil-v3-change-management-at-the-heart-of-service-management/
Also, our free webinar can help you as well: An overview of the ITIL Change Management Process https://advisera.com/20000academy/webinar/an-overview-of-the-itil-change-management-process-free-webinar/ -
Difference between IATF 16949 and ISO 9001
Answer:
IATF 16949:2016 is a standard specialized in the automotive industry, we may say it is the ISO 9001:2015 for automotive.
Requirements of IATF 16949 are more detailed than ISO 9001 and it is harder to comply compared to ISO 9001.
Please look at following checklists of both standards so that you can compare mandatory documentation:
Checklist of Mandatory Documentation Required by ISO 9001:2015- https://info.advisera.com/9001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-90012015
Checklist of Mandatory Documentation Required by IATF 16949:2016- https://info.advisera.com/16949academy/free-download/checklist-of-mandatory-documentation-required-by-iatf-16949 -
Make the transition
Answer:
A registered ISO 9001 Lead Assessor Training course seems to be too much if you only need to document that you have taken a transition course.
The following material will provide you information about the risk-based approach:
- ISO 9001 – ISO 9001 Training - https://advisera.com/9001academy/knowledgebase/iso-9001-training/
- ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 27001 update
Answer: On December 4th ISO started the review for the next version of ISO 27001 (see more information here: https://www.iso.org/standard/54534.html). New revision of ISO 27001 will probably be published in 2020 or in 2021 - of course, we will publish many articles on this new revision once we know how it will look like.
2. Wondering as why the Annex A controls start with numbering A.5 and not A.1.
Answer: Annex A sections numbering start on A.5 to be aligned with the numbering on the supporting standard ISO 27002, which provides detailed guidance on implementing controls, so the cross reference makes easier to use both standards together.
For more information, please read:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
3 . Lastly, I am looking for some organisation with which I can become a approved PECB instructor, wondering if advisera can support if you are linkedin with them?
Answer: To become a PECB instructor, please access this link and follow PECB instructions: https://pecb.com/help/index.php/knowledgebase/becoming-a-pecb-certified-trainer/ -
Filling template
Answer:
The impact refers to the expected losses in case of an incident occurs. In the "impact" column you have to include the value defined on your Risk Assessment and Treatment Methodology that best represents the expected loss (e.g., High-Medium-Low, 1-2-3, etc.) for the asset you are considering.
By the way, included in your toolkit you have access to a video tutorial that can help you fill in the risk assessment table, using example with real data.