Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Competencies for ISMS implementation
Answer:
The foundation course will give you a good basis for understanding the ISO 27001 requirements and how to fulfill them, but to increase the chances of success, I'd recommend you to add competencies related to project management, so you can manage the requirements, deadlines, activities, costs, and personnel involved in the implementation.
These articles will provide you further explanation about implementing ISO 27001:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
This material will also hel p you regarding implementing ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001:2013 FOUNDATIONS COURSE https://advisera.com/training/iso-27001-foundations-course/
- ISO 27001:2013 LEAD IMPLEMENTER COURSE https://advisera.com/training/iso-27001-lead-implementer-course/ -
Service management and information security
Answer:
By learning about security standards/certification, service management professional can benefit from a better understanding of information security clauses included in service level agreements (which are increasing with the increase on privacy protection laws and customer awareness on the matter), and how to fulfill them in a better cost-effective way, while avoiding problems related to non compliance and regulations/laws breaches.
This article will provide you further explanation about information security benefits:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/ -
Information security strategy
Answer:
In fact, the information security strategy must be a part of the efforts to achieve business objectives and organizational strategies. For example, for the business objective of increase revenues, a business strategy may be to increase revenues through e-commerce, and an information security strategy may be to adopt a more robust platform to support the increase in the access and transactions and reduce unplanned downtime, or to decrease the number of data leakages, which directly supports an increase in trust in the organization. By implementing these information security strategies probably the strategic business objective may also be achieved.
This article will provide you further explanation about strategic alignment:
- Aligning information security with the strategic direction of a company according to ISO 27001 https://advisera.com/27001academy/blog/2017/02/20/strategic-direction-of-a-company-according-to-iso-27001/ -
ISMS and ERP
Answer:
An ISMS can help identify information security requirements that must be considered on the ERP Internal Projects to better protect information and the ERP performance, such as which controls to implement, and how to test them.
This article will provide you further explanation about including security requiements:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/ -
Standards correlation
Answer:
Regarding the standards you've mentioned, we have available the following matrices as free downloadable material:
- ISO 27001 vs. ISO 22301 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-22301-matrix
- ISO 27001 vs. ISO 20000 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix
- ISO 27001 vs. ISO 9001 matrix https://info.advisera.com/9001academy/free-download/iso-9001-vs-iso-27001-matrix
- ISO 14001:2015 vs. ISO 9001:2015 matrix https://info.advisera.com/14001academy/free-download/iso-4001-2015-vs-iso-9001-2015-matrix -
Relationship between ISO 20000 and ISO 270011
I suggest you to take a look a these materials: - ISO 27001 vs. ISO 20000 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix - How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/ - How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/ -
ISO 27001 implementation issues
Answer: Some interesting KPIs for ISO 27001 are:
- Percent of business initiatives supported by the ISMS
- Incident resolution time
- Percent of controls assessment performed
- Number of improvement initiatives
This article will provide you more information regarding ISO 27001 KPIs:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
2) what are the main structural causes of non-compliance during audits for ISO27001?
Answer: Generally, non conformities are related to mandatory requirements of the standard not being fulfilled, people not knowing something, either because they are not aware about the issue, or because they do not know how to do it, and the lack of evidences that an action was performed or a result was achieved.
This article will provide you more information regarding non conformities:
- Major vs. minor nonconformitie s in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
3) What are, among the documented mandated information, those that really allow to demonstrate full awareness of the importance of adopting ISO 27001 best practices?
Answer: The main documents that give awareness of the importance of adopting ISO 27001 best practices are the Information security policy and objectives (covering clauses 5.2 and 6.2) and the Records of training, skills, experience and qualifications (covering clause 7.2).
These article will provide you further explanation:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/ -
Excluding the Finance Department
Also, our current set up is Finance are under HR Department, is it allowed that Finance are exempted on internal audit?”
Answer:
Yes, it is allowed to exclude your Finance Department from your management system and you don’t need to do a risk assessment about your Finance Team.
The following material will provide you information about implementing an ISO 9001 management system:
- ISO 9001 - What is an acceptable exclusion in Clause 7 of ISO 9001? - https://advisera.com/9001academy/blog/2015/03/24/what-is-an-acceptable-exclusion-in-clause-7-of-iso-9001/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Determining risks and opportunities
Answer:
I don’t have any examples for risks and opportunities in the line of paint industries. If I was working with you I would follow two approaches about determining risks and opportunities: what overall objectives does your organization want to meet with a quality management system? Then, list the relevant topics that can help or hinder the possibilities of meeting them; and repeat the same exercise for your organization’s processes. Each process has a purpose, has a mission, what can help or hinder meeting those demands?
The following material will provide you information about implementing the risk based approach:
- ISO 9001 - Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
- How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
AS9100: Where to find government regulators
Answer:
Unfortunately, as there are so many different government regulators around the world it would be extremely difficult for us to have a listing that is applicable for any specific company or area. I would suggest two possible places to look for information; with your customers as they would likely have the same regulators, or with your certification body as they will have experience in your geographical area.
If you have not yet chosen your certification body I suggest looking at this whitepaper from ISO 9001 which includes some relevant “Questions to ask your certification body” to ensure you get the best value: https://info.advisera.com/9001academy/free-download/list-of-questions-to-ask-an-iso-9001-certification-body