Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 certifications


    Answer: Certifications are one of the most common alternatives used by organizations when looking for competent personnel, as well as for professionals to demonstrate their knowledge and, for some certifications, experience. So, getting certified can improve your career opportunities.

    Regarding if there are better certifications than those related to ISO 27001, this will depend of your objectives. There are certifications focused on technical aspects of information security (e.g., CISSP), certifications covering the link between information security and the business (with a wider approach on information security management) (e.g., CISM). ISO 27001 certifications focus on the requirements of the ISO 27001 standard for the implementation of information security management.

    This article will provide you further explanation about personal certifications:
    - How personal certificates can help your company’s ISMS https://advisera.com/27001academy/blog/2014/10/06/how-personal-certificates-can-help-companys-isms/

    2) If yes, then should I go with ISO 27001 Lead Implementer certification first before I approach the Lead Auditor certification?

    Answer: There is no specific order to pursue ISO 27001 certifications. This decision will depend of your career objectives. If you plan to work on an information Security Management System certification process, then you should consider the Lead Implementer certification. If you plan to ensure the operation of an ISMS, then you should consider the Lead Auditor certification.

    These articles will provide you further explanation about ISO 27001 certifications:
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    This material will also help you regarding ISO 27001 certifications:
    - ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/

  • Management review


    However, what is the purpose of conducting a management review and internal audit as part of the initial project when in theory there is nothing yet to review or audit?

    Answer: A BCMS project implementation involves running at least one complete cycle of the management system, which includes the internal audit and management review activities. Without these activities the project cannot ensure the BCMS is properly implemented, operated and improved.

    Regarding issues to be audited, these are some examples:
    - Results of Business Continuity Plans tests
    - Records of operation of implemented controls
    - Level of awareness and competency of personnel

    As for inputs for management review, besides the results of internal audits, other example is the feedback of interested parties.

    These article will provide you further explanation about ISO 22301:
    - What is ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/
    - Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/

  • Evidencing revision

    I believe you are not making a revolution in the quality management system documentation, you are making an evolution. So, it is important to underline that you have made the transition and reviewed the documentation. Changing the revision date and level is very appropriate. Please check clause 7.5.3.2 c).
    The following material will provide you information about the documented information:
    - ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Auditor profile


    Answer: ISO 9001 and ISO 27001 have a lot of requirements in common, so you can either change your profile from ISO 27001 auditor to ISO 9001 auditor or accumulate both profiles.

    To acquire the competencies for ISO 9001 auditor you should attend an auditor course, to learn about ISO 9001 requirements and how these requirements must be covered by audit techniques and methodologies. After that you should seek for opportunities to be a part of an ISO 9001 audit process to practice.

    These materials will also help you regarding becoming an ISO 9001 auditor:
    - ISO 9001 internal auditor training: Is it for me? https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
    - ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/

  • ISMS internal and external parties


    Answer: Internal parties are those under responsibility of the organization to which the ISMS belongs to. Examples are employees and contractors working on behalf of the organization.

    External parties are those outside the control of the organization but interact with it (e.g., customers, stakeholders, providers, etc.) or that can affect the ISMS (e.g., government, regulators, etc.)

    This article will provide you further explanation about interested parties:
    - How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//

    These materials will also help you regarding interested parties:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Audit template content


    Answer: Clauses 4.2.1 and 4.2.2 are from ISO 22301, and the two questions identified for clause 4.2 on the ISO 22301 audit checklist cover the points that must be fulfilled to be complaint with this section, to mention:
    - identification of interested parties relevant to the BCMS
    - documentation of interested parties relevant to the BCMS and their requirements

    So the way these questions are formulated do not affect the standard's implementation.

    2- Also, later in the table, there are parts which are named the letter A in the beginning (for example A.5.1.1) - can you please explain to me what's this about?

    Answer: The questions identified by the letter A in the beginning refer to the controls from ISO 27001 Annex A, and they are applicable only if you im plemented ISO 27001.

    For better understanding of our templates I recommend you to read the comments included on them, because they can provide guidance on issues like this.

  • Managing EAIA


    Answer:

    First you have to make an environmental assessment to determine the environmental aspects of your organization. I use flowcharts, visit facilities, speak with workers, and request figures to the purchasing and account departments in order to get a list of how an organization interacts with the environment. Then, I determine the environmental impacts. To determine which are significative or not, I look for environmental legislation and whenever an organization does not comply, we have a significative environmental aspect and impact. For all aspects, independently of legislation, I perform an evaluation very similar to your “Quantity, Occurrence, Impact, Detection and Control”. I designed a scale of measurement for each topic. For example:

    Occurrence

    1 point – Can occur but never occurred before

    2 points – Occurs less than one time per year

    3 point s – Occurs more than one time per year

    4 points – Occurs every month

    5 points – Occurs whenever the activity is performed

    For each parameter I determine the measure to apply. Then I calculate a general level of significance (GLS) like:

    GLS = Quantity x Occurrence x Impact x Detection x Control

    And I set a number above which all GLS are considered significative. If an aspect is legislated and there is no compliance, there is no need of calculations, it is automatically significative.

    The following material will provide you information about assessment of environmental interactions:

    - ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
    - Environmental aspects in the manufacturing sector - https://advisera.com/14001academy/blog/2015/06/22/environmental-aspects-in-the-manufacturing-sector/
    - ISO 14001:2015 – How to set criteria for environmental aspects evaluation - https://advisera.com/14001academy/blog/2016/10/31/iso-140012015-how-to-set-criteria-for-environmental-aspects-evaluation/
    - List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
    - free preview - Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • Programs and environmental objectives

    My understanding is that , we are arriving the objectives and targets and then we are making a pgm for that.
    The question is pgm arrived should have the same subject of objectives?
    that means pgm is an extension of objectives and target with the detail plan. is it right?
    OR pgm can be different from objectives selected?”

    Answer:

    First of all, ISO 14001:2015 no longer mentions the word program associated with objectives and targets. That does not mean that an organization is prevented from using it.

    1. An organization establishes its environmental objectives and targets (clause 6.2.1 of ISO 14001:2015);

    2. An organization establishes one or more projects for each objective in order to meet the target at due date and within budget of resources (clause 6.2.2 of ISO 14001:2015);

    3. Program is no longer mentioned in ISO 14001:2015 but still can be used as a set of projects coordinated with each other and that aim at common objective.

    For example:

    Objective 1 - Reduce water consumption

    Target 1 – by 8% until the end of 2018

    Project 1.1 – Reduce water consumption in the manufacturing process

    Project 1.2 - Reduce water consumption in the gardening

    Project 1.3 – Reduce water consumption at the canteen

    Managing Program means coordinating Projects 1.1; 1.2 and 1.3 in order to meet the target.

    The following material will provide you information about objectives, targets and programs:

    - ISO 14001 – How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • Procedure/form for the return of data to a controller


    Answer:

    No there is not. Controllers and processors need to commonly establish a formal way of doing that depending of the types and categories of data that are being returned.

    To learn ore about the EU GDPR check out our “EU GDPR Foundation Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • GDPR law


    Answer:

    The mere accessibility of your website by individuals in the Union or use of the languages of one of the Member States in the Union (if the same as the language of your home state) should not by itself make you subject to the EU GDPR. However, the following factors are a strong indication that you are offering goods or services to individuals in the Union and so are subject to the EU GDPR:
    - Language - You are using the language of a Member State and that language is not relevant to customers in your home state (e.g. the use of Hungarian by a US website).
    - Currency - You are using the currency of a Member State, and that currency is not generally used in your home state (e.g. showing prices in Euros).
    - Domain name - Your website has a top level domain name of a Member State (e.g. use of the .de top le vel domain).
    - Delivery to the Union - You will deliver your physical goods to a Member State (e.g. sending products to a postal address in Spain).
    - Reference to citizens - You use references to individuals in a Member State to promote your goods and services (e.g. if your website talks about Swedish customers who use your products).
    - Customer base - You have a large proportion of customers based in the Union.
    - Targeted advertising - You are targeting advertising at individuals in a Member State (e.g. paying for adverts in a newspaper)
Page 729-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +