Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
VDA ISA TISAX and ISO 27001
Plan to address this, e.g.
- in a specially tailored Documentation Toolkit or
- in a "Delta package" to the "general ISO 27000 standard"?
Or what would you recommend at the "Target TISAX Certification" regarding the use of your toolkit? Do you already have customer companies or experience here?
Answer: TISAX is based on ISO 27001, so my recommendation is to use the ISO 27001 documentation toolkit the same way you would use for an ISMS implementation.
Unfortunately, we do not have a toolkit that is adapted for TISAX, but we are considering to start developing it.
These articles will provide you further explanation about ISMS implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding ISMS implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Integrating ISO 9001 and ISO 27001 documentation
In case the QMS is not certified, you still can use the shared documentation for your ISMS, since during the ISMS certification audit they also will be audited as if they were developed exclusively for the ISMS.
This article will provide you further explanation about certification audit:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
For information about ISO 27001 and ISO 9001 integration, I suggest you to see these materials:
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
- ISO 27001 implementation: How to make it easier using ISO 9001 https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/ -
ISO certification
Answer: I'm assuming you are referring to ISO 27001 certification. Considering that, first it is important to understand that the Lead Auditor course does not certify an organization. It only recognizes that people approved on its exam have the required competences to audit an ISMS according ISO 27001 requirements. Internal auditors can attend the Lead Auditor course without restrictions. For more information on ISO certifications, see this article: - ISO 27001 certification for persons vs. organizations https://advisera.com/27001academy/knowledgebase/iso-27001-certification-for-persons-vs-organizations/ 2. What is the process to getting certification once audits are complete? Answer: To have an overview of the ISMS implementation and certification process, please see these materials: - ISO 27001 implementation checklist https://advis era.com/27001academy/knowledgebase/iso-27001-implementation-checklist/ - ISO 27001: An overview of the ISMS implementation process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/ - ISO 27001/ISO 22301: The certification process [free webinar] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/ - Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/ -
Certified providers
Answer: According to Google information (https://gsuite.google.com/learn-more/security/security-whitepaper/page-5.html), Google GSuite is ISO 27001 certified by Ernst & Young CertifyPoint, an ISO certification body accredited by the Dutch Accreditation Council. A copy of the certificate can be accessed through this link: https://services.google.com/fh/files/misc/eycp_2018_gsuite_iso_27001.pdf
2. In Office 365 hosted solution will we clear all the ISO 27001 controls?
Answer: According to Microsoft information (https://aka.ms/o365iso27001cert), Office 365 solution is ISO 27001 certified and all ISO 27001 controls from Annex A are applicable to its scope (https://aka.ms/o365isosoa)
3. Can we pass the ISO 270001 audit with Office 365 cloud based solution?
Answer: Probably yes, but you have to evaluate carefully the SoA for Office 365 to verify if the way the controls are implemented will fulfill your needs.
It is important to note that for the certification audit it is much m ore important how an organization controls their service providers than which certificates do service providers have.
These articles will provide you further explanation about security with suppliers:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
- How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/ -
Customers, confidentiality and ISO 9001
Answer:
If your organization considers some information as confidential and does not want to share it with a customer or a potential customer there is no clause in ISO 9001 that makes it mandatory. For example, you may have all reasons to not showing your organization’s prices with customer A if their competitor, customer B, request it.
Customers are, naturally, one of the most relevant interested parties. Please check the last phrase of Annex A.3 of ISO 9001:2015
The following material will provide you information about ISO 9001 customer satisfaction:
- ISO 9001 – Main elements of handling customer satisfaction in ISO 9001 - https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/
- How to determine interested parties and their requirem ents according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ITIL V1
Answer:
ITIL V1 dates back in 1980's. This article will gve you overview of the ITIL development: "
ITIL and ISO/IEC 20000 History: Parallel Worlds" https://advisera.com/20000academy/blog/2013/05/01/itil-isoiec-20000-history-parallel-worlds/?icn=free-blog-20000&ici=bottom-itil-and-iso-iec-20000-history-parallel-worlds-txt -
Mandatory documents according to ISO 9001:2015
Answer:
ISO 9001:2015 no longer requires the existence of procedures, different from forbidding procedures, mandates the existence of some documents and records. Whenever ISO 9001:2015 refers to “retain documented information” it is referring what was known before as record. Whenever ISO 9001:2015 refers to “maintain documented information” it is referring what was known before as document.
The following material will provide you information about documentation for an ISO 9001:2015 quality management system:
- ISO 9001 – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- free online training ISO 9001:2015 Foundations Course - https://train ing.advisera.com/course/iso-90012015-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
KPIs calculation
Awesome! Its truly awesome paragraph, I have got much clear idea concerning from this article. -
Legal data transfer
Answer:
The clients' data, in this case, is one of the assets of the company that will be transferred to the new entity together with the other assets and the transfer is subject to the commercial law. What the new entity needs to do is to inform the customers that via a Privacy Notice about the data it holds about them, this is consistent with the transparency obligation set up in art.13 of the EU GDPR - Information to be provided where personal data has not been obtained from the data subject (https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-have-not-been-obtained-from-the-data-subject/).
You c an get a full set of documents to ensure compliance with the EU GDPR from our EU GDPR Documentation Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/). -
How to carry out internal audits
Answer:
To successfully carry out an internal audit I recommend you to follow these steps (non mandatory):
1 - Initiate the Audit
2 - Review the Documents
3 - Develop Audit Plan
4 - Assign Work to Auditors per Plan
5 - Prepare Working Papers
6 - Determine the Audit Sequence
7 - Conduct Opening Meeting
8 - Review Documents and Communicate
9 - Carry out the Audit
10 - Generate Audit Findings
11 - Present Findings and Conclusions
12 - Formally Distribute Audit Report
13 - Follow Up on Actions / Corrective Actions
You can see these materials to learn more about internal audits
- Article - 13 steps for ISO 9001 internal auditing using ISO 19011https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/
- Article - What is the ISO 9001 audit program and how does it work: https://advisera.com/9001academy/blog/2017/01/24/what-is-the-iso-9001-audit-program-and-how-does-it-work/
- Book - ISO Internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free on-line Course - ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/