Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Performing BIA
Answer:
Considering your need for a DIY BIA, I recommend you to take a look at these articles:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Five Tips for Successful Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/
I also recommend you to take a look at the free demo of our ISO 22301 Business Impact Analysis Toolkit at this link: https://advisera.com/27001academy/iso22301-business-impact-analysis-documentation-toolkit/
In this toolkit you have templates for Business Impact Analysis Methodology, and Business Impac t Analysis Questionnaire, which can help you perform a business impact analysis according ISO 22301, the ISO standard for business continuity.
With this toolkit you also have access to business impact analysis video tutorials that will help you fill the documents and perform the BIA.
This material will also help you regarding business impact analysis:
- Implementing Business Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/ -
Supplier security
Answer:
If this software that serves your prime customer is part of the ISMS scope, then probably these partners of yours will have to fulfill security requirements related to ISO 27001 Annex A, as result of risk assessment, or by means of security clauses included in contracts or service agreements.
These articles will provide you further explanation about supplier security:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/ -
Templates content
1. User Registration and De-registration Policy
2. User Registration and De-registration Register
Privileged access rights and user access rights
3. Encryption Policy
Encryption to be implemented across the assets of the organization including personal devices. New employees are to be provided with company assets that will ensure consistency of security.
Encryption Policy to be developed that will outline Capen’s approach to use and the lifecycle of Encryption keys across all assets of the business.
4. Information Backup Policy
Outlining the procedures, frequency of backups, logging of backups
5. Event Logging Policy
Outlining the procedures, logging of events subject to the risk to the business and escalation to the Risk Management procedures being adopted by the business.
Answer:
To fulfill your needs, I suggest you to look at the following documents:
1. User Registration and De-registration Policy - Look at the Access C ontrol Policy template: https://advisera.com/27001academy/documentation/access-control-policy/
2. User Registration and De-registration Register - There is no specific template for this register.
3. Encryption Policy - Look at the Policy on the Use of Cryptographic Controls template: https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/
4. Information Backup Policy - Look at the Backup Policy template: https://advisera.com/27001academy/documentation/backup-policy/
5. Event Logging Policy - Look at the Operating Procedures for Information and Communication Technology template: https://advisera.com/27001academy/documentation/security-procedures-for-it-department/ -
Is it possible to integrate ISO 9001 with other standards?
Answer:
I understand that you want to mean ISO 9001 which is a standard within the ISO 9000 family. ISO 9000 is a series, or family of quality management standards. You can implement ISO 9001 alone or integrate it with other standards, the most common are ISO 14001, ISO 45001 and ISO 27001.
To learn more about integrating ISO 9001 with other standards see the following materials:
- Article - How to integrate ISO 14001 and ISO 9001: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/
- Article - How to integrate ISO 9001 and ISO 27001: https://advisera.com/9001academy/blog/2016/09/27/how-to-integrate-iso-9001-and-iso-27001/
- Article - How to integrate ISO 45001 with ISO 9001 and ISO 14001: https://advisera.com/45001academy/blog/2018/09/12/how-to-integrate-iso-45001-with-iso-9001-and-iso-14001/
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training - ISO 9001 Foundations course: https://advisera.com/training/iso-9001-foundations-course/ -
Información sobre la gestión de riesgos
Respuesta:
Los siguientes artículos pueden serle de ayuda para ampliar información sobre la gestión de riesgos en su organización:
- El enfoque basado en riesgos reemplazando las acciones preventivas en la ISO 9001:2015: los beneficios: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/el-enfoque-basado-en-riesgos-reemplazando-las-acciones-preventivas-en-la-iso-90012015-los-beneficios/
- How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Does ISO 9001 require a procedure for addressing riks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
- How to identify risk significance in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
Además puede asistir de forma gratuita a este webinar que será impartido en mayo o descargar el último desde la página web - Cómo implementar la gestión de riesgos en ISO 9001:2015:
https://advisera.com/9001academy/es/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
También están disponibles los siguientes materiales que pueden interesarle:
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Curso de Fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
Por otro lado puede descargar una versión gratuita del paquete de documentos para la gestión de riesgos en ISO 9001:2015: https://advisera.com/9001academy/es/paquete-de-gestion-de-riesgos-iso-9001/ -
ISO 27001 Toolkit content
Answer:
First of all, sorry for this confusion.
The documents from sections A.5 and A.18 are not missing from the toolkit – you can find them here:
- A.5 – all the documents from folder “08 AnnexA” cover the requirements about information security policies (A.5.1.1 and A.5.1.2)
- A.18 – these documents are covered in the toolkit in folder "02 Procedure for identification of requirements”
Included in the toolkit there is a List of Documents file that shows which documents cover which clauses of the standard. -
Tratamiento de un producto no conforme
Respuesta:
Con la información que me facilita entiendo que se trata de una no conformidad que ha sido detectada durante el proceso de fabricación del producto u otro proceso. En tal caso es una forma de tratar una salida (producto realizado) no conforme mediante el método de aceptación bajo concesión. Para ello necesita obtener la autorización de una autoridad relevante, por ejemplo un laboratorio que realice el análisis técnico de su producto, y si fuera necesario la aceptación del cliente. Esta concesión debe ser recogida en el registro de no-conformidades.
Puede echar un vistazo a estos materiales que le ayudarán a entender cómo tratar un producto no-conforme:
- Artículo - Understanding dispositions for ISO 9001 non-conforming product: https://advisera.com/9001academy/blog/2014/11/18/understanding-dispositions-iso-9001-nonconforming-product/
- Libro - Discover ISO 9001 :2015 though practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Procedure for performance evaluation
Answer:
In order to comply with clause 9, performance evaluation, Advisera has available 3 different procedures which can be completed with other relevant documents and records. Check the following links to download a free preview of this documentation:
- Procedure for measuring customer satisfaction: https://advisera.com/9001academy/documentation/procedure-measuring-customer-satisfaction/
- Procedure for internal audit: https://advisera.com/9001academy/documentation/procedure-internal-audit/
- Procedure for management review: https://advisera.com/9001academy/documentation/procedure-management-review/
- Matrix of key performance indicators: https://advisera.com/9001academy/documentation/matrix-key-performance-indicators/
When performing evaluation i ISO 9001:2015 you basically need to determine first what need to be measured, then how and where to measure those aspects and finally when to analyze and evaluate the measurements.
These materials can help you to create procedures for performance evaluation:
- Article - How to implement the check phase (performance evaluation) in the QMS according to ISO 9001:2015: https://advisera.com/9001academy/blog/2015/11/17/how-to-implement-the-check-phase-performance-evaluation-in-the-qms-according-to-iso-90012015/
- Article - Monitoring and measuring: the basis for evidence-based decisions: https://advisera.com/9001academy/blog/2020/09/21/how-to-perform-monitoring-and-measurement-according-to-iso-9001/
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training - ISO 9001:2015 Foundations Course : https://advisera.com/training/iso-9001-foundations-course/ -
Audit follow up steps
Answer:
After an audit, in the follow up phase, for each nonconformity found, the manager of the area where the nonconformity was found, and the environmental manager should first correct the situation. That means, eliminate the nonconformity. For example, sort different types of wastes that should not be mixed, and train employees in sorting those different types of wastes. Then, evaluate the need for a corrective action, an action to target the cause behind the nonconformity. For example, what is wrong in our environmental management system that allows that employees without the necessary training are put to work in an area with significative environmental impacts? Imagine that the corrective action includes updating requirements for initial training of employees in certain functions.
Then, someone should be responsible to check if correction and corrective action were implemented. And later, at a moment determined during the definition of the corrective action someone should check if the corrective action is effective. For example, after new employees enter the area, do wastes continue to be sorted correctly?
So, the steps are:
* determine a correction and implement it as soon as possible;
* check correction implementation;
* determine the cause and a corrective action and implement it;
* check corrective action implementation;
* check corrective action effectiveness;
* close the nonconformity.
The following material will provide you information about following up and audit:
- ISO 14001 – Internal Audits in the EMS: Five Main Steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/
- Dealing with nonconformities from the ISO 14001:2015 certification audit - https://advisera.com/14001academy/blog/2015/11/02/dealing-with-nonconformities-from-the-iso-140012015-certification-audit/
- free online training ISO 14001:2015 Internal audit Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Gaining buy-in for ISO 9001 implementation
Answer:
Many years ago, I learned and adopted a maxim: people do not change because of what is said to them, they do not change because of the rational side, but they are more open to change when they are shown the consequences of what is wrong with the present situation. So, I recommend you gather and show to people evidences of organizational pain that can be removed or reduced with ISO 9001 implementation. Put yourself in their shoes: What do they know about ISO 9001? What can they gain from ISO 9001 implementation? How can ISO 9001 help them in their daily work?
Can you answer those questions?
The following material will provide you information about employee buy-in in ISO 9001 implementation:
- ISO 9001 – Gaining employee buy-in for your ISO 9001:2015 implementation - https://advisera.com/9001academy/blog/2015/12/15/gaining-employee-buy-in-for-your-iso-90012015-implementation/
- How to Align Company Culture with ISO 9001 - https://advisera.com/9001academy/blog/2014/10/14/align-company-culture-iso-9001/
- free online training ISO 9001:2015 Lead implementer Course
– https://advisera.com/training/iso-9001-lead-implementer-course/
- book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/