Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Statement of Applicability content


    Answer:

    Advisera's Statement of Applicability template covers all controls defined in the ISO 27001 Annex A standard. These controls cover administrative, technical and physical areas in a general manner, but this list is not definitive or absolute, so you are free to add any controls you feel are needed.

    The following controls are related to to the practices you mentioned:
    - A.13.1.1 Network controls can cover Wan Traffic Flow
    - A.13.1.3 Segregation in networks can cover Network Segregation
    - A.14.2.4 Restrictions on changes to software packages, A.12.5.1 Installation of software on operational systems, and A.12.6.1 Management of technical vulnerabilities can cover Pacht Mgmt process

    These articles will provide you further explanation about controls related to the mentioned practices:
    - How to manage network security according to ISO 27001 A.13.1 https:/ /advisera.com/27001academy/blog/2016/06/27/how-to-manage-network-security-according-to-iso-27001-a-13-1/
    - Requirements to implement network segregation according to ISO 27001 control A.13.1.3 https://advisera.com/27001academy/blog/2015/11/02/requirements-to-implement-network-segregation-according-to-iso-27001-control-a-13-1-3/
    - How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

  • Process approach - Why and How


    Answer:
    Activities are what people do in organizations and a process is a set of activities, and an organization can be seen as a set of interrelated processes. Modeling organizations as sets of interrelated processes is a way of having a base to both understand performance decide where to act to improve performance. The process approach focuses attention not on roles and hierarchic positions or departmental borders but on facilitating the flow of activities from inputs to outputs. The process approach became famous in the 90's after the word reengineering. An approach to remove non-value-added activities in organizations, to make them more lean and efficient and run away from the “we have always done it this way” mindset.

    “I also want to ask how I can draw up a purchasing process for a business”

    Answer:

    When I draw a process, I always start by its purpose. Purpose works as a guiding light fo r the rest of the job. Then, I write what starts the process and what will be the main output, what we will have in the end.

    The process occurs between those two borders. Gather a group of people that know the process because they work there, because they are internal suppliers or because they are internal customers. With sticky notes do a brainstorming and list what is done inside the process, the activities. I use as a rule: each sticky note must have a verb (a process is action, action is verb, a process is a flow of verbs) + and a noun. Examples: check inventory; or receive request).

    Then, organize in chronological order the activities. You identified the flow, the process. Now, you can add each function that participates in the process.

    The following material will provide you information about the process approach:
    - ISO 9001 – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
    - free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • ISO 45001 process map requirements




    Answer:

    There are no requirements in ISO 45001 that specifically ask for process maps, however, when you are identifying your hazards and risks as per clause 6.1.2 you need to take into account how work is organized, including routine and non-routine activities. For this it is necessary to know how your processes work so that you can determine the hazards associated with them, and a process map can help with this.

    For more on information on what is required to be documented by ISO 45001 you can see this whitepaper titled “Checklist of mandatory documentation required by ISO 45001”, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001

  • Uso marca ISO 27001


    Respuesta: Disculpa, pero no estoy seguro a qué te refieres con lo de las cláusulas, en cualquier caso, Advisera no es parte de la marca ISO, porque ISO es una entidad independiente, y no podemos decidir sobre el uso de sus recursos. Puedes encontrar más información sobre ISO en su sitio oficial: iso.org

    Con respecto al uso de la palabra "ISO 27001", si te refieres a incluir esta palabra en un documento que estás utilizando para la im plementación de políticas de seguridad basadas en la ISO 27001, puedes hacerlo, por supuesto. El problema podría ser que uses algo de ISO con derechos de autor, por ejemplo, un logotipo, pero creo que este no es tu caso, porque sólo quieres emplear una palabra, y esta palabra no tiene copyright.

    Con respecto a la implementación de la ISO 27001, este artículo te puede resultar interesante “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

  • Quality Plan in ISO 9001:2015


    Answer:

    First of all, a quality plan is a document,that states quality standards, practices, resources, specifications, and the sequence of activities relevant to a particular product, service, project, or contract.

    Quality plans should include:
    - Objectives to be achieved (for example, characteristics or specifications)
    - Steps in the processes
    - Allocation of responsibilities, authority, and resources
    - Specific documented standards, practices, procedures, and instructions
    - Suitable testing, inspection, examination, and audit programs
    - A documented procedure for changes and modifications to a quality plan
    - A method for measuring the achievement of the quality objectives
    - Other actions necessary to meet the objectives

    You can find more infor mation about the Quality Plan in these materials:
    - Article - Making the best out fof ISO 9001 quality plan: https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
    - Book - Discover ISo 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - ISO 9001 Lead Implementer Course: https://advisera.com/training/iso-9001-lead-implementer-course/

  • Different Audits in ISO 14001


    Answer:

    In order to effectively implement ISO 14001:2015 you need to conduct an internal audit to look for any non conformity and apply the necessary corrective actions. Also if you want to be certified in ISO 14001:2015 you will have to successfully pass the certification audit by an external certification body. Once you get the certification you´ll need to maintain your different processes to keep updated your QMS which is demonstrated during the surveillance audits, usually conducted once every year during the following years until the recertification audit.

    These materials can help you to better understand audits:

    - Article -Certification audits vs surveillance audits in ISO 14001: https://advisera.com/14001academy/blog/2016/07/11/certification-audits-vs-surveillance-audits-in-iso-14001/
    - Article - 5 Tips to help you prepare for your ISO 14001 surveillance audit: https://advisera.com/14001academy/blog/2015/11/23/5-tips-to-help-you-prepare-for-your-iso-14001-surveillance-audit/
    - Article - ISO 14001 certification: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/iso-14001-certification/
    - Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
    - ISO 14001 Lead Implementer Course: https://advisera.com/training/iso-14001-lead-implementer-course/

  • FAI requirements in AS9100 Rev D


    Answer:
    The requirements in AS9100 Rev D around first article inspection are found in clause 8.5.1.3 “Production process verification” which requires you to verify that production processes meet requirements, and use a representative item from the first production run of a new part to verify that everything involved produces a part that meets standards. It then notes that this activity can be referred to as FAI. This includes no requirements for what needs to be in a report for this activity.
    The AS9100 Rev D standard also give reference to AS9102 in annex C which is a standard for first article inspection. This standard does include how to do this including reference dimensions, but unless this is a requirement of the customer it is not something that is needed per AS9100. What is included in the FAI report comes down to what customer requirements have been placed on you.
    One other thing that may help you is this whitepaper titled “Clause-by-clause explanation of AS9100 Rev D”, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d

  • Auditing in AS9100 Rev D

    Answer:
    There are a number of past blog articles that can help you to work on auditing a QMS such as “6 main steps in the internal audit process according to AS9100 Rev D” (https://advisera.com/9100academy/knowledgebase/6-main-steps-in-the-internal-audit-according-to-as9100-rev-d/) and “developing an internal audit checklist for AS9100 Rev D” (https://advisera.com/9100academy/knowledgebase/developing-an-internal-audit-checklist-for-as9100-rev-d/). For a more detailed look at using the ISO 19011 standard for management system auditing the article from 9001Academy titled “13 steps for ISO 9001 internal audit using ISO 19011” (https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/) may also be helpful.
    One other tool tha t can help is this whitepaper titled “Clause-by-clause explanation of AS9100 Rev D”, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d

  • Inventory list


    Answer:

    If you have identified that control A.8.1.1 Inventory of assets is applicable, you have to include only assets that are related to the information your ISMS is intended to protect. Most probably IT assets will be included, as well as cabinets where physical documents are stored. Besides those assets that are used to store, process and transmit information, you can keep other organizations assets out of the inventory.

    This article will provide you further explanation about asset inventory:
    - How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

    If you want to see how an asset inventory looks like, a nd see examples of assets for this inventory, I suggest you to take a look at the free demo of our Inventory of Assets at this link: https://advisera.com/27001academy/documentation/inventory-of-assets/

  • Certification scope


    Answer:

    You can limit your certification scope according to your needs, but you have to evaluate if the administrative effort to have a separated scope is worthy. In most cases, for small and medium business, or in cases where keeping a separated scope is too complex, the best approach is to certify all the services or the organization as a whole.

    These articles will provide you further explanation about defining scope:
    - How to define the I SMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
    - Problems with defining the scope in ISO 27
Page 653-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +