Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • How telecom companies appoint DPO and Data Processor

    1) it is mandatory to appoint a DPO
    2) it is mandatory to appoint a "Data Processor"

    Answer:
    1) Usually telecom companies need to appoint a DPO because they are processing personal and traffic data of their customers. Moreover you may perform network surveillance as well to monitor the traffic and parameters on your network as well as to detect unusual traffic thus you would be monitoring the behavior of your customers.
    2) Not sure what you mean about “appointing a Data Processor”. The EU GDPR defines the processor as “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; “. So processors are not appointed but rated they contracted by controller to process data on their behalf.

    To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//)

  • Document hierarchy

    Answer: Any management system will have several types of documents. The purpose of a document hierarchy is to give a sense, a positioning for each type of document. Please check Figure 1 in this blog post, “How to structure ISO 14001 documentation” (https://advisera.com/14001academy/blog/2016/11/28/how-to-structure-iso-14001-documentation/ ) The number of procedures, their scope and depth will be a function of each organization. Normally, I create a procedure for each process and If any more documented information is needed I use work instruction. The following material will provide you information about the document hierachy: - ISO 9001 – How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/ - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/ - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Definition of a disaster


    Answer:

    A disaster is if the incident lasts longer than what you have set as your RTO (Recovery Time Objective). In other words, this is when an incident disrupts your activities for a time that is longer than what is acceptable for your business.

    In the ISO 22301 Documentation Toolkit you can find this definition in the document "Business Continuity Plan" section "3.4 Plan activation; plan deactivation" (folder 06 in the toolkit).

    Regarding scenarios, you can find most common scenarios in the document "Examples of disruptive incidents scenarios" (folder 05).

  • ISO 27001 Lead Auditor vs CISA


    Answer: This will depend of the type and depth of the activities you desire to perform. If your want to focus on information security management, you should consider ISO 27001 Lead Auditor. If you want to go beyond the scope of information security, and also consider the strategic relationships between information security and the information systems and business objectives you should consider CISA. Please note that these courses do not exclude each other, they only offer different perspectives about how information interacts with business.

    These articles will provide you further explanation about personal certifications:
    - CISA vs. ISO 27001 Lead Auditor certification https://advisera.com/training/iso-27001-lead-auditor-course/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    This material will also help you regarding audit training:
    - ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/

  • Filling the Inventory of assets


    You assistance would be appreciate. I am asking because somewhere in documentation, it was highlighted that the templates are partially filled up to 80%

    Answer: As a first support, these are some examples about how to fill in this template:
    - ID: 001
    - Asset category: People
    - Name of asset: Server administrator
    - Asset owner: IT manager
    - Asset description: Person responsible for the administration of organization's servers
    - Impact: 4 (in a scale from 1 to 5)
    - Notes: Currently there is no backup person for the server administrator

    - ID: 002
    - Asset category: Equipment
    - Name of asset: Notebook
    - Asset owner: Notebook's user
    - Asset description: mobile computer
    - Impact: 3 (in a scale from 1 to 5)
    - Notes: Notebooks may be used outside organization's premises

    The second sheet of the Excel file also has a suggested list of assets you can consult.

    If you understand you still need further assistance, you can schedule a meeting with one of our consultants, so he can help you. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/

    This article will provide you further explanation about inventory of assets:
    - How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

  • Pasos para la implementación de ISO 27001


    Respuesta: Existen muchos métodos para la implementación de un SGSI basado en ISO 27001, y en Advisera tenemos un método propio que está compuesto por 16 fases. Este artículo te puede resultar interesante “Lista de apoyo para implementación de ISO 27001” : https://advisera.com/27001academy/es/knowledgebase/lista-de-apoyo-para-implementacion-de-iso-27001/

    En cualquier caso, en todos los métodos, uno de las fases más importantes, es obtener el apoyo de la dirección, y este artículo también te puede resultar útil “Cuatro beneficios clave de la implementación de la norma ISO 27001” https://advisera.com/27001academy/es/knowledgebase/cuatro-beneficios-clave-de-la-implementacion-de-la-norma-iso-27001/

    También puedes encontrar recursos gratuitos en nuestro web para la implementación de un SGSI https://advisera.com/27001academy/es/descargas-gratuitas/

    Y este li bro también te puede ayudar en el proceso de implementación "Seguro & Simple" https://advisera.com/books/seguro-simple-una-guia-para-la-pequena-empresa-para-la-implementacion-de-la-iso-27001-con-medios-propios/

  • AS9100 Internal Audit Scheduling


    Answer:
    Actually, AS9100 Rev D does not use the word annual when talking about auditing. The requirements of the standard are that you conduct audits at planned intervals to determine if the QMS meets the requirements of the organization and the international standard and assess the performance indicators to judge if the QMS is effectively implemented and maintained. The standard then proceeds to talk about having an audit program based on the importance of the processes, changes affecting the organization and the results of previous audits.
    So, if you are performing process audits there is nothing stating that these audits need to happen annually, and it is up to you to determine what needs to be audited during a given audit year. It could even be argued that a company could skip an extremely stable p rocess and not audit it during a year if they chose, although it is very common for every process to be audited yearly.
    For more about auditing in AS9100 Rev D see these articles: https://advisera.com/9100academy/knowledgebase/6-main-steps-in-the-internal-audit-according-to-as9100-rev-d/ and https://advisera.com/9100academy/knowledgebase/developing-an-internal-audit-checklist-for-as9100-rev-d/

  • Procedure for document and record control template content


    "... the person who receives electronic mail must forward such a document to [job title], who must also record it in the incoming mail register."

    Does this mean that all incomming electronic mail i.e. all e-mail has to be entered into a mail register???

    Answer: This text refers to documents of external origin that are necessary for the planning and operation of the ISMS (e.g., contracts, customer's specifications, industry regulations, change approvals, etc.), so only incoming external emails that contain these kind of information (either in the email body or as an attached document) have to be entered into the mail register.

  • Attending a lead auditor course


    Answer: There is no experience requirement to attend a lead auditor course (although previous experience will help you in some aspects). The experience is only required if you want to become a lead auditor working as a certification auditor.

    These articles will provide you further explanation about lead auditor course:
    - How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    These materials will also help you regarding lead audit or course:
    - ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/

  • Business Continuity coordinator


    Answer: The business continuity coordinator typically is responsible for the development and maintenance of business continuity plans, working closely with critical business units to understand their processes, identify risks, and provide solutions to help manage and minimize those risks.

    Considering that, your BC coordinator can be either the person writing the documents and planning the projects or the facilities manager. For choosing between them you should consider their understanding of the business and how easily they can interact with other business areas. Another alternative can be the organization's security officer, if the organization has such a role.

    These materials will also help you regarding BC coordinator:
    - What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-in formation-security-officer-ciso-in-iso-27001/
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Page 720-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +