Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Internal audit scope


    Answer:

    There is no universal answer. In the past, I advised some companies to do precisely that, to have a particular internal audit with EMS documentation as the scope of the audit. Can be useful, particularly during the implementation phase or afyer several problems with documentation control.

    The following material will provide you information about internal audits:

    - ISO 14001 - Internal Audits in the EMS: Five Main Steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/
    - free online training – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • What part takes the most time


    Answer: From my point of view, the part that takes most time is the risk assessment & treatment, because it is also the most complex and most important part. Remember that the main objective of ISO 27001 is the protection of information, identifying risks and treating them.

    By the way, this checklist can help you to know what are the steps that you need to implement the ISO 27001 “ISO 27001 implementation checklist” https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

    This course about ISO 27001 can be also interesting for you "ISO 27001:2013 Foundations Course" https://advisera.com/training/iso-27001-foundations-course/

  • Cryptographic controls

    thank you for your response, I agree with your comments; however, I am of the opinion that before deciding on the encryption key length whether 128, 512 or etc an assessment should be performed

  • Is ISO 27002 mandatory?


    Answer:

    I think there are a couple of thigs that need to be clarified here:

    1) The controls from ISO 27001 Annex A and from ISO 27002 are the same; what is different is that ISO 27002 provides detailed guidelines on how to implement controls, and ISO 27001 does not have those guidelines.

    2) ISO 27002 is not a mandatory standard if you want to get certified against ISO 27001. Or to be more precise, ISO 27001 does not mention that the control guidelines from ISO 27002 are mandatory. Therefore, the certification auditor cannot ask you to implement particular control in a way that is described in ISO 27002.

    3) However, you need to implement each control that you consider is applicable, so unless you have a very good idea on how to implement that control you can use ISO 27002 as a guideline.

    See also: ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

    These materials will also help you regarding ISO 27001 implementation:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
    Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course
    https://advisera.com/training/iso-27001-foundations-course/

  • Information security management policy vs information security policy


    Answer:

    Yes, in the context of ISO 27001 this is the same document - such a document defines top-level management intent regarding information security and general roles and responsibilities.

    Detailed security rules are usually written through detailed policies, for example in our toolkit you will see IT Security Policy that describes detailed general rules for all employees.

  • Risk likelihood


    Answer:

    First of all, you should record an incident in the Incident log, not in the Risk register - the purpose of Incident log is to record all the incidents from the past, while Risk register tries to anticipate the incidents from the future.

    If an incident has already happened in the bust, then it has a much higher chance of happening in the future.

    See also this article: How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

    These materials will also help you regarding risk assessment:
    - book ISO 27001 Risk Management in Plain English https://advise ra.com/books/iso-27001-risk-management-in-plain-english/
    - Free online training ISO 27001 Foundations Course
    https://advisera.com/training/iso-27001-foundations-course/

  • Approach for the document management

    1. Context – Read each template document to understand the context of each document.
    2. Content – Replace the placeholder tags in the template documents with the relevant information as per the context of the document. Some of these information will be available in the current BCM document.
    3. Compile – go through each document to check whether the document has no formatting issues.

    What additional steps do we need to follow in addition to the approach described above?

    Answer: Basically you are in the right way, but additionally, you can also define a method for the review and approval of documents. So, when you finish the documentation, some person can review each document (probably can identify some errors), and after a person can approval each document (if everything is ok). If after the review a change is necessary, you can also add this change in the change history.

    It is also important to follow the sequence of folders for the implementation, because these are the optimal steps to implement the standard.

    By the way, our solution Conformio can help you for these things, so this can be interesting for you “What kind of Document Management System (DMS) do you need for handling ISO documents?” : https://advisera.com/conformio/blog/2020/08/11/what-kind-of-dms-you-need-for-handling-iso-27001-documents/

  • Regulatory body audit as third-party audit


    Answer:

    A third-party audit is performed by an audit organization independent of the customer-supplier relationship and is free of any conflict of interest. An audit by a regulator is independent of customer supplier relationship, and the audit organization is independent of the audited organization. So, an audit by a regulatory body can be considered a third-party audit.

    The following material will provide you information about audits:

    - ISO 9001 – First-, Second- & Third-Party Audits, what are the differences? - https://advisera.com/9001academy/blog/2015/02/24/first-second-third-party-audits-differences/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Checking the EU citizenship on a website


    Answer:

    Usually controllers need to establish the identity of a data subject before answering any requests in order to ensure that they are dealing with the right person. However, asking you to provide a copy of your ID might be excessive especially because the EU GDPR does not apply exclusively to EU citizens.

    To learn more about data subject right check our webinar “Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).

  • Cerificación asociación sin ánimo de lucro


    Respuesta:

    La certificación e implantación de las norma ISO 9001 e ISO 14001 es igual para todos los sectores, incluyendo asociaciones sin ánimo de lucro, teniendo que dar cumplimiento a cada uno de los requisitos de las normas, como ocurre en el caso de una empresa.

    Para más información, estos materiales pueden serle de utilidad:
    - How to integrate ISO 14001 and ISO 9001 (disponible sólo en inglés): https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/
    - Libro - Discover ISO 9001 through practical examples (disponible sólo en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Libro - The ISO 14001:2015 companion (disponible sólo en inglés): https://advisera.com/books/the-iso-14001-2015-companion/
    - Curso de Fundamentos ISO 9001: https://advisera.com/es/formacion/curso-auditor-interno-iso-9001/
    - Curso de Fundamentos ISO 14001: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
Page 684-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +