Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Defining scope


    Answer:

    Considering the scenario you presented, we could point out two main concerns of your customers: the protection of their information that are under your responsibility (e.g., company data, project's requirements, etc.), and that your IT projects solutions are capable to protect their information in their operational environment.

    With these concerns, you may consider three options:
    - if your company has less than 50 employees, the best approach would be to implement the ISMS in the whole organization, since the effort to implement and manage an ISMS only for a part of such smal l organization wouldn't pay off.
    - if your company has 250 to 500 employees, you should consider defining your project scope to implement an ISMS to protect the process you use to develop your IT solution (you can not certify a product or service, only the processes, locations and information related to them).
    - if your organization number of employees is between 50 to 250, then you should evaluate your context to see what approach would be best for you.

    These articles will provide you further explanation about defining scope:
    - How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
    - Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
    - How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/

    These materials will also help you regarding defining scope:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Training provider

    For having competency, it is not mendacity to have accredited certificate. If you have good skill and required knowledge, your competency will be endorsed by your trainees. Now standard and/or guideline has any such requirements to have accredited certificate for delivering training and acquiring knowledge. It is all about branding and IRCA help them to make  the training and certification costlier. 

  • Information classification policy

    To decide what level of detail you need for your information management process , you have to evaluate your organization context considering factor like the number of employees, identified risks, importance of the process, etc. Once you have this evaluation you can decide if a high level process description will fulfill your needs, or if you need to develop a detailed process.

    This article will provide you more information: How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/

  • Implementation chalanges


    Answer: I'm assuming you are referring to references to an ISMS implementation process. Considering that, our toolkits are designed to be easy to use, listing folders and files in the order they must be implemented. Additionally, you can count with many resources in our site to help you implement the ISMS, like the free download content you already know, blog articles, at Expert Advisory Community you can sent your questions, and scheduled meetings with our experts (sessions included in the toolkit). As examples of articles and similar material I can mention:
    - ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    - ISO 27001: An overview of the ISMS implementation process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/
    - How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webina r on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/
    - Seven key problems to avoid in ISO 27001 implementation [free webinar on demand] https://advisera.com/27001academy/webinar/seven-key-problems-to-avoid-in-iso-27001-implementation-free-webinar-on-demand/

    2 - What are the challenges during rollout?

    Answer: The main challenges during an ISMS implementation are obtaining top management support and convincing organizations employees about the importance of information security.

    This article will provide you more information:
    - The 3 key challenges of ISO 27001 implementation for SMEs https://advisera.com/27001academy/blog/2017/04/17/the-3-key-challenges-of-iso-27001-implementation-for-smes/
    3 - Lastly, how would ISMS be rolled out to an OT?

    Answer: I'm assuming that by OT you are referring to Operational Technology, a set of processes, hardware and software that direct and/or control physical devices, processes and events in the enterprise. Considering that, the ISMS implementation process based on ISO 27001 is generic enough to be used by organizations of any kind or size, so you shouldn't have to make significant alterations considering our proposed implementation process which you can see at this link: Diagram of ISO 27001:2013 Implementation - https://info.advisera.com/27001academy/free-download/diagram-of-iso-27001-implementation-process

  • QMS and certification


    Answer:

    Organizations can develop and implement a QMS without considering the need for certification. So, your organization can use or indicate its QMS in its Procedure Policy even before being certified.

    The following material will provide you information about documentation structure:

    - ISO 9001 – How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Outside the EU


    Answer:

    The mere accessibility of your website by individuals in the Union, sporadic emails, or use of the languages of one of the Member States in the Union (if the same as the language of your home state) should not by itself make you subject to the GDPR. However, the following factors are a strong indication that you are offering goods or services to individuals in the Union and therefore you are subject to the Regulation:

    Language - You are using the language of a Member State and that language is not relevant to customers in your home state (e.g. the use of Hungarian by a US website).
    Currency - You are using the currency of a Member State, and that currency is not generally used in your home state (e.g. showing prices in Euros).
    Domain name - Your website has a top level domain name of a Member State (e.g. use of the .de top level domain).
    Delivery to the Union - You will deliver your physical goods to a Member State (e.g. sending products to a postal address in Spain).
    Reference to citizens - You use references to individuals in a Member State to promote your goods and services (e.g. if your website talks about Swedish customers who use your products).
    Customer base - You have a large proportion of customers based in the Union.
    Targeted advertising - You are targeting advertising at individuals in a Member State (e.g. paying for adverts in a newspaper).

    So I would guess, based on your description, that you don’t have a large proportion of your data base contained details of individuals in the EU nor will you specifically target them, so the GDPR should not be a concern at least for now.

    To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//).

  • GDPR and voice recording message


    Answer:

    The message you are referring to would be actually a Privacy Notice meant to provide the caller with information of how his/her personal data are being processed by you as a data controller. The information that needs to be provided is described in Article 13 – Information to be provided where personal data are collected from the data subject of the EU GDPR ( https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/ ). You can also find a template in our EU GDPR Documentation Tookit ( https://advisera.com/eugdpracademy/documentation/privacy-notice/ ).

    Because you need to provide the information in a short time frame I would suggest to use the so called “layered notices”. To learn more about layered not ices check out our webinar “Privacy Notices under the EU GDPR” ( https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/ ).

  • 8.3 Tratamiento de los riesgos de seguridad de información

    Thanks a lot Rhand Leal!

  • EMS Manual


    Answer:

    The EMS Manual is no longer mandatory in the new version of the standard, however, a good Quality Manual facilitates the job of the auditor, and gives him the opportunity to better audit the system but also it is a document where the organization presents itself, its environmental management system, and even its way of thinking and approach to its environmental system. In adition, it is also a common practice to include some requirements that are easier to document through a Manual.

    To learn more about the Environmental Manual, you can see these materials:

    - Article - What is an environmental management system manual: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/what-is-an-environmental-management-system-ems/ anagement-system-manual/
    - Book - ISO 14001:2015 Companion: https://advisera.com/books/the-iso-14001-2015-companion/
    - ISO 14001:2015 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/

  • GDPR advice for a Surf Camp

    I am sorry to hear about that, but to be honest I am not surprised. Consent renewal campaigns are not very successful. But consent is only one ground to base your marketing activities on.

    You can also use legitimate interest under certain circumstances especially if you are targeting former clients. When deciding to use legitimate interest as lawful grounds of processing you need to perform a legitimate interest balancing test to asses if the rights and freedoms of the data subjects are no t affected by your marketing activities.

    To find out about marketing and the EU GDPR check out our webinar “How GDPR Affects Marketing Practices” (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/).
Page 686-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +