Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Statutory, regulatory, and contractual requirements (clause A.18.1.1)

    I’m assuming you are referring to the article “List of mandatory documents required by ISO 27001 (2013 revision)”.

    Considering that, the item “Statutory, regulatory, and contractual requirements (clause A.18.1.1)” refers to the document “List of Legal, Regulatory, Contractual and Other Requirements” included in the List of documents file. It is located in the folder “Identification of Requirements”.

  • ISMS and BCMS

    1. In the document "PROCEDURE FOR THE CONTROL OF DOCUMENTS AND RECORDS", I have to choose between ISMS and SMCA.

    When filling out the "PROJECT PLAN", I read one of your comments "Delete this text and the table if business continuity management is not part of the project."

    Can we do both with your kit? Does choosing the ISMS automatically include the SMCA?

    I’m assuming that by SMCA you mean Système de Management de la Continuité des Activités

    Considering that, the FR ISO 27001 Documentation Toolkit you bought can be used only to implement ISO 27001. What happens is that some templates in the ISO 27001 Documentation Toolkit are also used for ISO 22301 implementation, but your toolkit does not have all templates for implementing ISO 22301 (this is not an automatic choice, you need to choose the toolkit according to your specific needs).

    For implementing both ISO 27001 and ISO 22301 you will need the ISO 27001 & ISO 22301 Premium Documentation Toolkit (this toolkit contains all templates designed for both ISO 27001 and ISO 22301): https://advisera.com/27001academy/fr/boite-a-outils-iso-27001-iso-22301-premium/

    2.In the document "PROCEDURE FOR THE CONTROL OF DOCUMENTS AND RECORDS", we must define the Title of a post ensuring the conformity of the documents.

    We are 5 in the company. I am the founder and I took charge of the file. Should I put my name, my post of "President" or other.

    Can I put my role in this "Quality Manager" project?

    ISO 27001 does not specify how to identify responsibilities in documents, but common practice is to use job titles, so in case a person is replaced you do not need to update the document.

    Considering your case, if the "Quality Manager" role will be used after the project is concluded then you can use it. If not you should use the “President” role.

  • Control plan

    I assume your question is with a finding written in the IATF audit. The control plan describes what the process and product controls should be, the frequency of control, and the recording location. The responsible person should make these checks and write the actual values in the relevant form. If these controls are missing. Since the control plan is not complied with, a finding can be written from item 8.5.1.1 of IATF 16949 standard, or the production monitoring item can be found in 9.1.1.1 of IATF 16949 standard. If this issue appeared during the set-up controls. Findings can also be written from article 8.5.1.3 of the IATF 16949 standard. 

  • ISO 27001 certification question

    An ISO 27001 certification means that an organization complies only with the requirements of the ISO 27001 standard. It does not mean compliance with other regulations or boards.

    For further information, see:

    • How to get ISO 27001 certified https://advisera.com/27001academy/iso-27001-certification/

    • Change in ISMS

      ISO 27001 does not prescribe the contents of change records, so organizations can develop them as they see fit.

      To see an example, I suggest you take a look at the free demo of our Request for Change and Change Record at this link: https://advisera.com/20000academy/documentation/request-for-change-and-change-record/, but remember that such a form is not really needed for ISO 27001 compliance.

      For further information see:

      • How to manage changes in an ISMS according to ISO 27001 A.12.1.2 https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/

      • ISO stand out

        I’m assuming that by KSA you mean the Kingdom of Saudi Arabia and that NCA ECC are the Cyber Security Controls from the National Cyber Security Authority.

        Considering that, please note that NAC ECC focuses on cybersecurity domains, while ISO 27001 is more comprehensive (you can use it in non-technological based environments for example). 

        Additionally, in a closer look, you can identify that all controls from ISO 27001 Annex A are covered by NAC ECC, but applied with a cybersecurity orientation.

        So, the main difference between NAC ECC is not related to controls, but to their applicability (ISO 27001 is more comprehensive), and that a company can get ISO 27001 certified, and the ISO 27001 standard is recognized worldwide.

      • Third party requirement

        A third-party working for an ISO 27001 company does not need to be ISO 27001 certified unless the company defines the certification as a requirement for the third party

        This article will provide you with further explanation about requirements identification:

Page 68-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +