Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Filling the Business Impact Analysis questionnaires
Answer: There is no need to figure out different values of working capital for each time frame. In this part of the questionnaire you only have to identify for how much time you will need the working capital available to resume operations. For example, for a just in time operation which needs US$ 500K of working capital, you my decide to mark that this capital is needed immediately or up to 1h after the disruptive event. For an activity that keeps a significant a stock of products, you may mark that this capital is needed up to 1 week.
2. Under ‘External services’ should the top 10 suppliers be named if the list consists of thousands?
Answer: Under ‘External services’ you have to list the most critical suppliers to ensure the cont inuity under the minimum service levels agreed. These can vary from one to several, depending on the scenario you define.
Included in the toolkit you bought, there is a video tutorial that can help you fill in the Business Impact Analysis, using real data so facilitate the understanding. -
Information security standards for medical devices
Answer:
For the protection of personal health information and compliance with medical-related regulations, I suggest you to consider ISO 27001 together with ISO 27299 and ISO 13485.
ISO 27799 has the objective to provide security controls to protect personal health information, presenting guidance for this specific sector.
ISO 13485 has the objective to specify requirements for a Quality Management System where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.
These articles will provide you further explanation about these standards:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/
- What is ISO 13485? https://advisera.com/13485academy/what-is-iso-13485/ -
Performance against management system objectives
Answer:
If I understand correctly the subject, I, as an assessor, would like to see the performance of the organization (the organization is the client of LRQA) against the management system objectives. What are the trends? What is the evolution of the results? Were the action plans implemented? Were the action plans effective?
The following materials will provide you more information about monitoring and analysis:
- Article - How to implement the Check phase (performance evaluation) in the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/17/how-to-implement-the-check-phase-performance-evaluation-in-the-qms-according-to-iso-90012015/
- How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- [free course ] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Competencies for ISMS implementation
Answer:
The foundation course will give you a good basis for understanding the ISO 27001 requirements and how to fulfill them, but to increase the chances of success, I'd recommend you to add competencies related to project management, so you can manage the requirements, deadlines, activities, costs, and personnel involved in the implementation.
These articles will provide you further explanation about implementing ISO 27001:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
This material will also hel p you regarding implementing ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001:2013 FOUNDATIONS COURSE https://advisera.com/training/iso-27001-foundations-course/
- ISO 27001:2013 LEAD IMPLEMENTER COURSE https://advisera.com/training/iso-27001-lead-implementer-course/ -
Service management and information security
Answer:
By learning about security standards/certification, service management professional can benefit from a better understanding of information security clauses included in service level agreements (which are increasing with the increase on privacy protection laws and customer awareness on the matter), and how to fulfill them in a better cost-effective way, while avoiding problems related to non compliance and regulations/laws breaches.
This article will provide you further explanation about information security benefits:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/ -
Information security strategy
Answer:
In fact, the information security strategy must be a part of the efforts to achieve business objectives and organizational strategies. For example, for the business objective of increase revenues, a business strategy may be to increase revenues through e-commerce, and an information security strategy may be to adopt a more robust platform to support the increase in the access and transactions and reduce unplanned downtime, or to decrease the number of data leakages, which directly supports an increase in trust in the organization. By implementing these information security strategies probably the strategic business objective may also be achieved.
This article will provide you further explanation about strategic alignment:
- Aligning information security with the strategic direction of a company according to ISO 27001 https://advisera.com/27001academy/blog/2017/02/20/strategic-direction-of-a-company-according-to-iso-27001/ -
ISMS and ERP
Answer:
An ISMS can help identify information security requirements that must be considered on the ERP Internal Projects to better protect information and the ERP performance, such as which controls to implement, and how to test them.
This article will provide you further explanation about including security requiements:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/ -
Standards correlation
Answer:
Regarding the standards you've mentioned, we have available the following matrices as free downloadable material:
- ISO 27001 vs. ISO 22301 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-22301-matrix
- ISO 27001 vs. ISO 20000 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix
- ISO 27001 vs. ISO 9001 matrix https://info.advisera.com/9001academy/free-download/iso-9001-vs-iso-27001-matrix
- ISO 14001:2015 vs. ISO 9001:2015 matrix https://info.advisera.com/14001academy/free-download/iso-4001-2015-vs-iso-9001-2015-matrix -
Relationship between ISO 20000 and ISO 270011
I suggest you to take a look a these materials: - ISO 27001 vs. ISO 20000 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix - How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/ - How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/ -
ISO 27001 implementation issues
Answer: Some interesting KPIs for ISO 27001 are:
- Percent of business initiatives supported by the ISMS
- Incident resolution time
- Percent of controls assessment performed
- Number of improvement initiatives
This article will provide you more information regarding ISO 27001 KPIs:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
2) what are the main structural causes of non-compliance during audits for ISO27001?
Answer: Generally, non conformities are related to mandatory requirements of the standard not being fulfilled, people not knowing something, either because they are not aware about the issue, or because they do not know how to do it, and the lack of evidences that an action was performed or a result was achieved.
This article will provide you more information regarding non conformities:
- Major vs. minor nonconformitie s in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
3) What are, among the documented mandated information, those that really allow to demonstrate full awareness of the importance of adopting ISO 27001 best practices?
Answer: The main documents that give awareness of the importance of adopting ISO 27001 best practices are the Information security policy and objectives (covering clauses 5.2 and 6.2) and the Records of training, skills, experience and qualifications (covering clause 7.2).
These article will provide you further explanation:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/