Search results

Home / Search

Category:
Select
Select

11278 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • CISA vs ISO 27001 LA


    Answer: There is no experience requirement to attend an ISO 27001 lead auditor course (although previous experience will help you in some aspects). The experience is only required if you want to become a lead auditor working as a certification auditor.

    These materials can provide you more information:
    - How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
    - ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/

    Regarding CISA, th e work experience is required only to apply for certification, not to attend a CISA course. Details about how demonstrate competence for this certification, and verify if your experience is enough, can be found at these links:
    - https://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Apply-for-Certification/Pages/default.aspx
    - https://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/How-to-Become-Certified/Pages/default.aspx

    2 - Which one is in more demand these days?

    Answer: CISA and Lead Auditor cover different fields (information on systems are only a small intersection between them), so does not make much sense to compare demands between them. Your choice between them should be based on the type and depth of the activities you desire to perform. If your want to focus on information security management, you should consider ISO 27001 Lead Auditor. If you want to go beyond the scope of information security, and also consider the strategic relationships between information security and the information systems and business objectives you should consider CISA. Please note that these courses do not exclude each other, they only offer different perspectives about how information interacts with business.

    Another alternative you should consider is the Lead Implementer course.

    For more information, please see these articles:
    - CISA vs. ISO 27001 Lead Auditor certification https://advisera.com/27001academy/blog/2015/05/11/cisa-vs-iso-27001-lead-auditor-certification/
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - Lead Auditor Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

  • ¿Controles obligatorios?


    Respuesta: Disculpa, pero no estoy seguro si he entendido bien tu pregunta, porque la lógica de la ISO 27001 es identificar riesgos, y tratarlos, implementando los controles de seguridad que sean necesarios. Por tanto, básicamente los controles que pueden no ser obligatorios son aquellos que no necesitas para tratar los riesgos identificados, por ejemplo porque no son aplicables. Por ejemplo, si en tu organización no exise el teletrabajo, el control relacionado con el teletrabajo no será aplicable, y por tanto no será obligatorio implementarlo. Este artículo te puede resultar interesante “La lógica básica de ISO 27001: ¿cómo funciona la seguridad de la información?” https://advisera.com/27001academy/es/knowledgebase/la-logica-basica-de-iso-27001-como-funciona-la-seguridad-de-la-informacion/

    Por cierto, en algunos controles es obligatorio tener un documento con información documentada, aquí puedes encontrar una lista completa de los documentos que son obligatorios “Lista de documentos obligatorios exigidos por la norma ISO 27001 (revisión 2013)” https://advisera.com/27001academy/es/knowledgebase/lista-de-documentos-obligatorios-exigidos-por-la-norma-iso-27001-revision-2013/

  • Data transfer

    To what extent should we use Annex 2 of the Cross-Border Data Processing Procedure for:
    - the application of visas for countries such as America, India, China, etc.? Consulates will not be prepared to sign Annex 2.
    - the reservation of hotels, renting cars in e.g. the above-mentioned countries?

    Answer:

    1. If you apply for visas you don`t need to have a data transfer mechanism in place as the transfer of data is regulated via International Agreements between countries.
    2. If the data subject does that directly there is no need for such data transfer agreement. However, if a company in the EEA would be passing personal data to a car rental company outside the EEA a data transfer agreement would be needed between the two entities.

    To learn more about data transfers check out our webinar “How to make personal data transfers to ot her countries compliant with GDPR” (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/)

  • Herramientas para la transición

    Para saber cuál es el nivel de cumplimiento de su documentación con la nueva revisión del estándar, puede realizar un análisis de GAP. Aquí puede acceder a nuestra herramienta de análisis GAP: https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/
    Una vez que sepa dónde está su empresa, puede seguir estos pasos para ayudarle con una transición exitosa a la nueva versión:
    1) Definir el contexto de la organización
    2) Revisar el alcance del SGC
    3) Demostrar liderazgo
    4) Alinear los objetivos SGC con la estrategia de la compañía
    5) Evaluar riesgos y oportunidades
    6) Controlar la información documentada
    7) Control operacional
    8) Revisar el proceso de diseño y desarrollo
    9) Control de proveedores externos
    10) Evaluación de desempeño
    11) Medición e informes
    Estas herramientas también pueden ayudarle con la transición de ISO 9001:
    - Matriz ISO 9001: 2015 frente a ISO 9001: 2008: https://info.advisera.com/9001academy/free-download/iso-90012015-vs-iso-90012008-matrix
    - Informe técnico - Proceso de transición de doce pasos desde ISO 9001: 2008 hasta la revisión de 2015: https://info.advisera.com/9001academy/free-download/twelve-step-transition-process-from-iso-90012008-to-the-2015-revision
    - Lista de verificación de la documentación obligatoria requerida por ISO 9001: 2015: https://advisera.com/9001academy/2015transition/
    - Herramienta de conversión ISO 9001: 2008 vs. 2015: https://advisera.com/9001academy/iso-90012008-vs-2015-conversion-tool/
    - Curso de Fundamentos ISO 9001: 2015: https://advisera.com/es/formacion/?standard=iso-9001

  • ISO 9002 and ISO 9003

    Answer:

    Yes, they were. Before ISO 9001:2000 there were three quality assurance standards: ISO 9001 for a company with design, commercial and production in the scope, ISO 9002 or a company with for a company with commercial and production in the scope, and 9003 basically for a company without neither design nor production, just commercial activity.

    The following material will provide you information about standards history:

    - ISO 9001 – ISO 9002 & ISO 9003 are History - https://advisera.com/9001academy/knowledgebase/iso-9002-iso-9003-are-history/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Expectations for the transition audit

    Answer:

    I recommend you concentrate on the areas with the most important changes in the 14001:2015 version. Particularly risks and opportunities; context of the organization, interested parties and the life cycle consideration during the identification of environmental aspects.

    The following material will provide you information about auditing the transition:
    - ISO 14001 – How to avoid nonconformities during the ISO 14001:2015 transition - https://advisera.com/14001academy/blog/2015/10/26/how-to-avoid-nonconformities-during-the-iso-140012015-transition/
    - 12 steps to make the transition from ISO 14001:2004 to 2015 revision - https://advisera.com/14001academy/blog/2015/09/28/12-steps-to-make-the-transition-from-iso-140012004-to-2015-revision/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-foundations-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • GDPR Application in Case of EU Nationals Living Outside UAE


    Answer:

    My guess is that the EU GDPR is not applicable in your case since you are not offering goods or services to individuals in the EU.

    The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Consequently, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.

    When the data of EU citizens is processed outside of the EU by companies which are also outside the EU, then this is not cons idered to be “in the Union”. For example, the EU GDPR will not be applicable for a school which is based in the United States just because there is a possibility that one or several of its students would be EU citizens. In this case the processing does not take place “in the Union,” nor is the individual “in the Union”.

    To learn more about the EU GDPR check out our “EU GDPR Foundation Course” (https://advisera.com/training/eu-gdpr-foundations-course//)

  • Transferring personal data


    2. What do you mean by “substantially affects” in alternative b) I can’t really see that there is a requirement that our head office located din Norway would need to have a cross border agreement to process data for our employees located on branch offices within EU such as UK, Netherlands, Sweden.

    Answer:

    1. If you are transferring personal data to a third party located outside the EEA than this is consistent with a cross border data transfer and certain safeguards such as Standard Contractual Clauses (SSC) need to be in place in order for the transfer to be consistent with the EU GD PR requirements.

    2. As mentioned above transfers to countries which are within the EEA is not considered a cross border transfers thus, there is no need for the SSCs or other safeguards.

  • Assessing data breaches

    I'm trying to figure out what this means - when we should or shouldn't notify customers.

    The sort of data we typically have is:
    - IP address
    - Full name
    - Email
    - Home address
    - Work address & name of work (sometimes)
    - Purchase history (we sell clothes)
    - Other less interesting things such as what pages have been visited, which marketing emails have been opened, etc.

    Based on my limited understanding, the most sensitive information we have is a customers's size data. If we leaked, say, 100,000 records it may directly or indirectly contain information on someone's size. Can you help clarify this?

    Answer: I think you will find an answer to this if you read our “Assessing the severity of personal data breaches according to GDPR” (https://info.advis era.com/eugdpracademy/free-download/assessing-the-severity-of-personal-data-breaches-according-to-gdpr). This document will provide you with a simple “out of the box” methodology to asses your data breaches.

  • Procedures development


    Answer: To define which documents you need to develop and how to make them useful, you should consider issues such as:
    - regulation or contractual requirements that demands a certain document
    - the organization size and the number of people involved
    - the importance and complexity of the process or activity

    This article will provide you further explanation about documentation development:
    - 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

    These materials will also help you regarding documentation development:
    - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managi ng-iso-documentation-plain-english-guide/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 719-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +