Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Supplier development process
Distributors are considered as sales partners, so requirements for suppliers in 8.4.2.3 are not related to them. There is no specific requirement for distributor development process. -
Priority calculation
Answer:
Priority is calculated as "Impact + Urgency -1"
See this webinar to learn more: "ITIL Incident Management Process Demystified" https://advisera.com/20000academy/webinar/itil-incident-management-process-demystified-free-webinar-on-demand/ -
Incident Management template
Answer:
Yes, this is general template for managing incidents and is not (only) security related.
I suggest you to check this free webinar recording on Incident Management "ITIL Incident Management Process Demystified" https://advisera.com/20000academy/webinar/itil-incident-management-process-demystified-free-webinar-on-demand/ -
Use of customer logos in AS9100 records
Is there are area of AS9100 that would cover this issue? Using customer logos might cause mistake or confusion about the source of the record.
Answer:
As with all the ISO management system standard the requirements give you a description of what needs to be done, but do not give you a prescriptive way of doing it. As such there is no mention of this sort of specific example in the standard, only giving you the requirements for having systems to maintain documented information. However, I do agree that this usage could be confusing on records and may also infringe on legal requirements if the usage was not pre-approved, but I am not a legal expert for this.
For more information on what AS9100 Rev D includes see this Clause-by-clause explanation of AS9100 Rev D: https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d -
Recertification activities
Answer: If you defined that control A.12.6.1 (Management of technical vulnerabilities) is applicable, then only a technical vulnerability assessment process is required by ISO 27001, but there is no requirement to have it documented.
Considering a general vulnerability assessment, this is a good practice to support the identification of risks, but not a ISO 27001 requirement.
2. The consultant recommends ISO 27001 compliant forms. Is there such a thing as an ISO 27001 form?
Answer: ISO 27001 defines information to be included in documentation, such as policies procedures and records, but it does not define forms, so the organization is free to define the documentation lay-out according its needs. The templates included in the toolkit you bough are already compliant with ISO 27001 and they describe which information can be changed or excluded, and those that must be kept.
These articles will provide you further explanation about vulnerability assessment and documentation:
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/ -
Marketing for Lead Implementer and Lead Auditor
Answer:
Since implementation is something you often perform only one time, and after that you have a continuous maintenance effort, the demand for auditors is greater than for implementers. Also, to work for certification bodies is necessary to be approved in a Lead Auditor course, while for implementation the certification is not mandatory.
This article will provide you further explanation about these courses:
- Lead Auditor Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/ -
Consulting services in ISO 9001:2015
Where you specify work to be done on-site and mandays offsite.
Let me know if you have such template of your charge sheet and plan of action towards completion of ISO 9001:2015 Certification process.
Answer:
Rates of your consultancy work will depend on various factors, mainly where you are delivering your services (country, state, region...) and your experience working as a consultant. Usually you will need to estimate the hours that you will spend for every phase in the implementation depending on the size of the company, locations, complexity of the products/services, etc. For instance, phases could be divided as follows:
1. Initiation, planning and assessment
2. Implementation of the QMS
3. Consolidation
Of course you will also need to include in your proposal ho w many hours you will need to work on-site and offsite, considering that remotely hours often cost less than the on-site ones.
These materials can help you to understand more about the consulting services in ISO 9001:2015
- White paper - Project proposal for ISO 9001:2015: https://info.advisera.com/9001academy/free-download/project-proposal-for-iso-90012015-implementation-ms-word
- Article - How to sell your ISO 9001 consulting services: https://advisera.com/9001academy/blog/2017/06/20/how-to-sell-your-iso-9001-consulting-services/
- Article - How to become an ISO 9001 consultant: https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/ -
Becoming ISO 9001 Lead Auditor
Answer:
The lead auditor course is the first step to become a certification auditor. The process to become an ISO 9001 Lead Auditor and get a job , whether permanent, temporary, or as a freelancer, will take you some time because first you need to have practical experience in auditing methodologies and techniques. In this article you will find some information on how to become an ISO 9001 Lead Auditor - Benefits and ptential problems becoming an ISO 9001 lead auditor: https://advisera.com/9001academy/blog/2020/04/10/how-to-become-an-iso-9001-lead-auditor/
Once you have become a lead auditor you may look for a job opportunity in order to become a full-time employed auditor or to work as a subcontractor with some of the certification bodies.
These materials can help you to understand how to become a lead auditor in ISO 9001:2015:
- Articl e -What does ISO 9001 Lead Auditor training look like?: https://advisera.com/9001academy/blog/2020/04/10/how-to-become-an-iso-9001-lead-auditor/
- ISO 9001 Lead auditor course: https://advisera.com/training/iso-9001-lead-auditor-course/
- Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Mandatory records and Customer Relationship Management
Answer:
Just considering ISO 9001:2015 requirements the answer is no. Please check clause 8.2.3.2 – the only mandatory records are about product/service specifications and about reviewing customer’s orders. There are no required records about visiting customers.
After saying this, I must add that as a consultant I recommend companies to keep records about the relationship with its customers (CRM is about this) in order to find, to detect trends.
The following material will provide you information about mandatory records:
- List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/ -90012015-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISMS Policy
Answer:
Responsibilities for communication of information related to information security, the adoption and implementation of the Training and Awareness Plan can be designated to the Chief Information Security Officer (CISO), if the organization decides to implement such a role, or to an existent role with access to TopManagement.
These articles will provide you further explanation about CISO role:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/