Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Background check


    Answer: Considering ISO 27001, the need for background check is only required when:
    - you have legal requirements (e.g., laws, contracts, or regulations) demanding such action;
    - there are unacceptable risks which only can be handle by performing background checks;
    - there is a top management decision defining that background checks must be performed.

    If none of these situations apply, there is no need to implement background check., and even if background check is applicable, most probably it will not be necessary to cover all employees, but only the most critical roles in your organization.

    2 . If we do not want to go for BGC for all employees and have letter from management for the same is it recommended or it will be a NC.

    Answer: As explained before, if there is a letter from management requiring background checks, not performing them would be NC. An approach you may try is to show management that performing background checks on all employees wouldn't be efficient (or maybe even be against law), and that the background scope should be reduced only to those roles regarded as critical according the results of risk assessment.

    This article will provide you further explanation about background checks:
    - How to perform background checks according to ISO 27001 https://advisera.com/27001academy/blog/2018/03/26/how-to-perform-background-checks-according-to-iso-27001/

  • Temporary change of process controls


    Answer:
    IATF 16949 brings new requirements for an organization to comply. One of them is 8.5.6.1.1. Temporary change of process controls.
    The main reason behind this requirement is a need for a temporary change of documented process controls that organization has used, due various of reason, it is important that organization can control process with alternative methods and get back to regular once as soon as a normal operations resume.
    This process must be documented with the list of manufacturing control actions that contains both the planned methods and the approved alternative methods of process control. Alternative process control must be reviewed at least once a day and all products must be traceable.
    If Plex system assures all mention requirements, and some obviously do, it can be used for fulfilling this requirement.
    For more information please look at:

    - How to Develop a Control Plan According to IATF 16949 https://advisera.com/16949academy/blog/2017/09/27/how-to-develop-a-control-plan-according-to-iatf-16949/
    - Procedure for Document and Record Control https://advisera.com/16949academy/documentation/procedure-for-document-and-record-control/
    -Control Plan https://advisera.com/16949academy/documentation/control-plan/

  • BCP sample


    Answer:

    Specifics of security requirements for BCPs will vary according to disruptive scenarios considered, as well as the continuity levels derived by an organization, but as general examples of security requirements to consider in a BCP you my have contractual clauses defining that access control to information, assets or premises must be ensured all time, even during disruptive events (so you have to consider redundant access controls), or that the results of risk assessment have identified as unacceptable a situation where you have a single point of failure (e.g., single communication link or database server).

    For more information I suggest you these materials:
    - Writing a business continuity plan according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
    - ISO 22301 Case study in the travel industry: Business continuity as a necessity in customer care https://advisera.com/27001academy/blog/2016/11/07/iso-22301-case-study-in-the-travel-industry-business-continuity-as-a-necessity-in-customer-care/
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • Regarding the clause 6.3

    Answer:
    Adding or removing suppliers, is not related with clause 6.3
    “2. When the format of a particular ISO format changes, organizational changes, equipment changes or facility change we use the change request form. Is this the correct explanation?”
    Answer:
    Changing forms is not related with clause 6.3. Clause 6.3 is about planning how to handle changes without breaking the quality management system. For example, when an organization moves to a new location, or introduces a set of new production equipment it is necessary to plan the introduction of these changes in a controlled way. Last year I worked with an injection molding company that duplicated the number of machines and changed location to another site, with a lot of new workers recruited – that was a great change in planning, operating and controlling production. 6.3 is about changes like this.

    Some years ago, I worked with a machine manufacturin g company. One of their operations was painting parts of the machines. Then, due to stricter environmental legislation they decided to subcontract that operation to a painting services specialist. They had to change their production planning and quality control to consider the new flow of production. 6.3 is about changes like this.

    The following material will provide you information about planning and controlling changes:

    - ISO 9001 – QMS Change Management in 7 steps – https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/

    – free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • How important is IATF for an organization


    Answer:
    IATF 16949:2018 is the successor of TS 16949. For companies that are in the automotive industry, this standard is required for Tier 1, Tier 2 and Tier 3 suppliers of OEM producers. It is, also, very popular and requested for suppliers of those companies. If you are in the automotive business than IATF 16949 is a must.

    The following article will give you more information:
    -Why is IATF good idea for organization and more about it please find out on https://advisera.com/16949academy/what-is-iatf-16949/

    2. How it helps in improving the current status?

    Answer:

    IATF 16949 gives structure and former best practice that can improve significantly process and system of an organization.

    Please find out more about how to write Quality Manual: https://advisera.com/16949academy/blog/2017/05/31/how-to-write-the-iatf-16949-quality-manual/
    Also, it is important to know Core Tools for IATF: https://advisera.com/16949academy/blog/2017/08/23/what-are-the-five-core-tools-of-iatf-16949/

    3 . What are the clauses and how they are different from TS 16949?

    Answer:

    The new structure of standard in accordance with Annex SL and requirements are from clause 4 to clause 10, following the ISO 9001:2015 structure, as it was a technical specification for it.

    They differ from TS 16949, also, in new requirements that set higher demand for an organization that wants to comply.

    Please find out more on https://advisera.com/16949academy/blog/

  • A.12.5.1 concepts


    Answer:

    "... software on operational systems.", as part of the description of control A.12.5.1 (Installation of software on operational systems) of ISO 27001 Annex A, refers to any software that is used in normal daily operations of an organization. This includes either software used on datacenters (e.g., database management systems, corporate backup software, etc.), as well as software used on employees workstations (e.g., e-mail clients, word processors, etc.).

    For examples of implementation to support this control I suggest these materials:
    - How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
    - How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
    - Implementing restrictions on software installation using ISO 27001 control A.12.6.2 https://advisera.com/27001academy/blog/2016/02/08/implementing-restrictions-on-software-installation-using-iso-27001-control-a-12-6-2/

  • Integrating management systems


    Answer:

    ISO 27001 and ISO 22301 share many requirements (e.g., control of documents, internal audit, management review, etc.), so the best efficient approach would be to produce integrated documents related to these common requirements, keeping apart only the specific requirements of these standards.

    Included in your toolkit there is a List of documents file where you can see which document cover both standards, and which documents are related to one standard only. You only have to follow the toolkit, and this will be enough to ensure systems integration.

  • Certification of the EU GDPR consultant


    Answer:

    The EU GDPR does not require such certifications, it only requires that whoever is acting as a Data Protection Officer to be knowledgeable of the regulation as well as other privacy related pieces of legislation.

    We have developed a specific course meant to enhance the knowledge of the Data Protection Officer, you can find it here: https://advisera.com/training/eu-gdpr-data-protection-officer-course/

  • EU GDPR representative


    Answer:

    Where the extra-territorial provisions of the EU GDPR apply, the controller or processor must appoint a representative in the EU. That representative must be based in a Member State in which the relevant individuals are based. There is a limited exemption to the obligation to appoint a representative where the processing is occasional, it's unlikely to be a risk to individuals and does not involve large scale processing of sensitive personal data. So, you need to appoint such a representative. The representative will have to face off to the relevant supervisory authorities and accept liability for breach of the Regulation, which could now be substantial.

    If you want to learn more about the EU GD PR check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//)

  • Internal auditor and ISO 20000 certification costs


    Answer:
    There are various parameters on which mentioned costs depend so it's hard to talk about numbers. I would suggest you to check with local training organizations and certification bodies.
    You can also check our online ISO 27001 training "ISO 27001:2013 INTERNAL AUDITOR COURSE" https://advisera.com/training/iso-27001-internal-auditor-course/
    This article will help you understand implementation costs "How much does ISO 20000 implementation cost?" https://advisera.com/20000academy/blog/2016/08/23/how-much-does-iso20000-implementation-cost/
Page 658-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +