Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Filling templates


    Answer: Included with your toolkit you have access to video tutorials that will help you filling the most critical documents, with real data examples.

    If after the tutorials you still think you need more help, you can schedule a meeting with one of our experts, so he can help you solve your issues. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/

    2. Is it possible to have the document "ISO / IEC 27001 standard" with all the measures to be respected?

    In the documents to be completed from the toolkit, it is very often mentioned standard ISO / IEC 27001 clause xxx as above:

    This document is not present in the toolkit that we have purchased and it seems essential to understand and be able to better complete the documents.

    Answer: ISO 27001 standard is an intellectual property of ISO, and we do not have the license to sell it.

    You can buy this standard at this link: https://www.iso.org/standard/54534.html

    3. In the file related to the ISMS area of application, there is a table to be completed "applicability of measures".

    3.1. Do we have to complete the "Justification" column even when the measure is selected?

    Answer: I'm assuming this document you are referring to is the Statement of Applicability. Considering that, you have to complete the justification for when a control is selected.

    3.2. Do we have to complete the column "Objectives of the measures"?

    Answer: Although objectives of the measures are not mandatory to be in the SoA, we recommend you to use this column for all controls identified as applicable, because ISO 27001 required the documentation of objectives for controls or groups of controls, and this way you will have one less document to handle.

    3.3 If so, can you provide us with a typical example to complete this table?

    Answer: Included with your toolkit you have the access to a video tutorial that will help you fill the Statement of Applicability, with real data examples.

  • Data Processing Agreement


    Answer:

    From the example you have provided company A is acting as a data controller and company B would act as a data processor. In this instance a Data Processing Addendum/Agreement would need to be signed between company A and company B to ensure that company B processed the data on behalf of company B pursuant to the provisions of EU GDPR article 23 – Processor (https://advisera.com/eugdpracademy/gdpr/processor/).

    To find out more about controllers and processors check out our free “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//).

  • Requisitos de la cláusula 4.4


    Respuesta:

    La cláusula 4.4 incluye requisitos generales para el SGC que están relacionados con cada una de las partes del SGC. Esto significa que en realidad está cumpliendo de forma indirecta con esta cláusula con los procedimientos, políticas y registros documentados necesarios para cada parte del SGC.

    No disponemos de plantillas relacionadas con la cláusula 4.4 porque la norma no requiere ninguna documentación obligatoria para esta cláusula.

    Para obtener más información sobre los documentos y registros obligatorios en ISO 9001: 2015, puede ver este artículo – Lista de documentos obligatorios requeridos por ISO 9001: 2015:
    https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

    Estos materiales también pueden ayudarle con la cláusula 4.4 en ISO 9001: 2015:

    - Libro “Descubra ISO 9001: 2015 a través de ejemplos pr ácticos”: /books/disco ver-iso-9001-2015-through-practical-examples/

    - Curso de Fundamentos ISO 9001: 2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Writing an environmental policy


    Answer:

    The environmental policy should include the following ideas and elements:
    - Appropiate to the purpose and context of the organization
    - Continual improvement
    - Prevention of pollution
    - Compliance with legal obligations and other requirements
    - Framework for objectives and targets
    - Support the strategic direction of the organization.

    To learn more about environmental policy, you can see these articles:

    - How to write and ISO 14001 environmental policy: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-write-an-iso-14001-environmental-policy/
    - How detailed should the EMS policy be: https://advisera.com/14001academy/blog/2017/10/31/how-detailed-should-the-ems-policy-be/

    The following materials can also help you with the environmental policy:
    - Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
    - ISO 14001:2018 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/

  • QMS meeting requirements


    Answer:

    SWOT and PESTLE Analysis are frequently used tools to understand the organization and its context, but they are not mandatory. So, you can avoid its use, unless they are prescribed in your procedures.

    If when you mention QMS meetings, you are mentioning management review or performance reviews, minutes are mandatory – please check last phrases of clauses 9.1.1 and 9.3.3.

    The following material will provide you information about QMS meeting requirements:

    - ISO 9001 – How to implement the Check phase (performance evaluation) in the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/17/how-to-implement-the-check-phase-performance-evaluation-in-the-qms-according-to-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://training .advisera.com/course/iso-90012015-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Risk Management Criteria


    If there is no recorded occurrence of an event occurring but there is also no way of knowing if the event occurred previously then do we score it low or Medium/High?

    For example - If I know the people can download company data onto their home devices through a browser based application. There are no recorded occurrences but there is also no way of knowing if this has happened.

    My concerns with such a case are that whilst I don’t want to commit scant resources to dealing with a risk that is perhaps not significant but also I do not want to leave a security hole for data to leak through in relation to the business’s defences.

    Answer: Besides internal historical data, the likelihood can be also identified by means such as historical data available from organization's industry (e.g., industry reports), statistical models, or by expert opinion.

    This article may provide you more information about identification of likelihood:
    - How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

  • DPO

    What are the DPO's attributions in this situation, besides managing the Processor Personal Data questionnaires?

    Answer:

    1. This is more organizational related question as such things are not mentioned in the GDPR or elsewhere for that matter. Usually the DPO should train the relevant departments on how to recognize when a contract would involve processing of personal data and draft the relevant agreements alone or together with the legal department depending on the qualifications of the DPO.

    2. There are lots of tasks to be performed by the DPO such as:
    - providing and maintaining the necessary documentation to demonstrate compliance with the GDPR including, but not limited to policies, procedures, templates, forms and ensuring that they are kept up to date;
    - informing and providing expert advice to all members of staff regarding their obligation to comply with the provisions of the GDPR and relevant local laws and regulations when processing personal data;
    - monitoring compliance with the GDPR and relevant local laws and regulations, and informing the stakeholders within the Company of any changes in a timely manner.

    To learn more about the role of the DPO check out our webinar “Role of the DPO according to EU GDPR” (https://advisera.com/eugdpracademy/webinar/role-of-the-dpo-according-to-eu-gdpr-free-webinar-on-demand/)

  • ISO 20000 Risk register


    Answer:
    If you have created risk register used for ISO 27001 implementation (and it was appropriate for our company) - try to re-use it. At least as a methodology. But please consider that ISO 20000 has IT services in focus. Same is for risks. Consider risks related to the IT services.
    Gaps and risks - well, that's hard to answer with yes or no. There are some gaps that are risks but some are not.
    Excel sheet - no, we don't provide such documents because this is different case-by-case i.e. it needs to be adapted to the organization.
    Read the article Similarities and differences between ISO 27001 and ISO 20000https://advisera.c om/20000academy/blog/2018/05/09/similarities-and-differences-between-iso-27001-and-iso-20000/ to learn more about similarities and differences between ISO 20000 and ISO 27001.

  • Becoming an ISO auditor with different standards


    Answer:

    I would recommend you attend a course about each ISO standard or perhaps integration of ISO standards. An auditor must be knowledgeable about the audit criteria. Also, I would recommend you attend a course on internal audits. Then, you should start performing internal audits and gain experience.

    The following material will provide you information about internal audits:

    free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    ISO 9001:2015 Lead Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/
    book – Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Scope and exclusions


    Answer:

    As far as I understand your organization can provide a list of coatings for metals from your own design and development or can provide the metal coating service according customer requirements.

    Choosing a certification scope is a management decision. Your organization has three options:

    A – Consider only the coatings according own requirements;

    B – Consider only the coatings according customer requirements;

    C – Consider all coatings

    In case A clause 8.3 is applicable at your QMS.

    In case B clause 8.3 is not applicable at your QMS

    In case C clause 8.3 is applicable at your QMS.

    The following material will provide you information about scope and exclusions:

    - ISO 9001 – What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
    - How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Page 701-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +