Search results

Home / Search

Category:
Select
Select

11278 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Demostrar cumplimiento con ISO 22301


    Respuesta: Cualquier compañía puede cumplir con ISO 22301, pero para esto, obviamente la compañía tiene que implementar el estándar, cumplimiento con sus requerimientos. Si yo soy un cliente de tu empresa, y quiero que me demuestres que puedes implementar el estándar, podrías mostrarme un plan de proyecto para la implementación del estándar, con la aprobación de la alta dirección.

    Otra opción es la certificación de la ISO 22301 implementada, y otra opción es una auditoría de segunda parte.

    Esta plantilla gratuita puede ayudarte a desarrollar el plan de proyecto “Project Plan for ISO 27001/ISO 22301 implementation” : https://info.advisera.com/27001academy/free-download/project-plan-for-iso-27001-iso-22301-implementation

    Y este artículo puede ayudarte a conocer cómo implementar el estándar en tu organización “17 steps for implementing ISO 22301” : https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/

  • Alta dirección


    Respuesta: Si esta persona, formalmente, no es parte de la diracción, el problema puede ser que sus decisiones puedan ser ejecutadas informalmente, y esto puede ser un problema para el cumplimiento de la ISO 27001, porque tu organización podría no demostrar el liderazgo y compromiso de la alta dirección con respecto el sistema de gestión de seguridad de la información, lo cual es un importante requerimiento de la ISO 27001 (apartado 5.1.- Leadership and commitment). Por tanto, una recomendación sería que est a persona formalmente forme parte de la alta dirección.

    Este artículo sobre roles y responsabilidades de la alta dirección puede ser interesante para ti “Roles and responsibilities of top management in ISO 27001 and ISO 22301” : https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/

    Y también este artículo sobre los beneficios de la implementación de la ISO 27001, que puede ser interesante para la dirección “Four key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/

  • Purpose of requesting the birth date

    2. For the Data Subject Access Request Procedure. A Data Subject Access Request can be made verbally in Germany. Hence it is necessary to ensure that verbal requests are treated with the same level of care as with written requests.

    Answers:

    1. The birth date is mentioned for two purposes: for establishing that the individual is not a minor and as well as means of making you easy ti identify him/her in your systems. However, you may choose not to ask that information from the data subject.

    2. I cant see any question related to the topic of “Data Subject Access Request Procedure”.

    To learn more about DSARs check out our webinar “Data Subject Rights under the EU GDPR” https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/

  • Language of the Privacy policy


    Answer:

    If your website is targeting Italian users you can have the Privacy Notice/Notices in Italian only.

    To learn more about privacy notices check out our webinar “Privacy Notices Under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/

  • Standards applicability


    Answer: ISO management standards (like ISO 27001 / BS EN ISO 9001) were designed to be implemented in organizations of any industry or size, so they would work the same way for any of them:
    1 - Identification of business context and requirements
    2 - Development and implementation of documents and records required by the standard
    3 - Development and implementation of documents and records required by business operations
    4 - Processes performance measurement, monitoring and review
    5 - Implementation of corrective actions and opportunities of improvement

    The difference would be in the number and complexity of the developed documentation, and the required resources.

    These articles will provide you further explanation about ISO 27001:
    - What is IS 27001 https://advisera.com/27001academy/what-is-iso-27001/
    - ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

    2 - Can this apply and is it useful/necessary in this case or is there any equivalent?

    Answer: As mentioned in answer 1, these standards can be applied in your case, and can be useful in at least four ways:
    - to decrease costs related to information security incidents
    - to provide a competitive edge in your market
    - to help organize operations
    - to help ensure compliance with legal requirements you must fulfil

    Regarding necessity, you should consider your customers and legal requirements you must comply with.

    This article will provide you further explanation about ISO 27001 benefits:
    - Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/

    3 - Also what is the average cost for an "extra" small company ( Web-based Dev - 1 employee )

    Answer: There are a significant number of variables to be considered when estimating an implementation cost, even for such a small organizations, so without more detailed information it's not possible to precise a value. What I can tell you are some cost issues you should consider:
    - Training and literature
    - External assistance
    - Technologies to be updated / implemented
    - Employee's effort and time
    - The certification process

    Regarding knowledge on costs, I suggest you these articles:
    - How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
    - 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/
    - How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project

  • Audit results


    I believe somewhere in your information you recommend against sharing audit results with the customer. If this is true, could you send me a link to that information? It will help to convince Sales that this is not a good idea.

    Answer: The sharing of audit results with customers should be handled carefully. While this can be a good marketing tool to demonstrate good faith and commitment of your organization with customers, it also may reveal situations that can compromise the relationship and your organization image if not handled properly.

    My advice would be for your organization to define, by means of contracts and service agreements, in which situations these results should be shared, what information would be sha red, and what measures should be taken by the customer to protect this information (e.g., those customers that will have the access to the results should sign a non disclosure agreement).

  • Comprehensive consent document


    Answer:

    According to the EU GDPR consent needs to be “freely given, specific, informed and unambiguous indication of the individual’s wishes.” Among other thigs this means that if the relevant processing has multiple purposes, consent must be given for all of them and since we cannot possibly all the instances someone would ask for consent is up to the controller (you) to identify those purposes.

    Also you cannot use the so called “bundled consent”. Where different processing activities are taking place, consent is presumed not valid unless the individual can consent to them separately.

    Having this in mind is impossible to have a readily available consent form to cover all scenarios.

    To learn more about consent pleas check out our article “Is consent needed? Six legal bases to process data according to GDPR” https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/

  • Supervisory Authority

    Could you explain in detail how we can contact to the Supervisory Authority:
    1. Where I can find contacts like email, address, phone number etc. for Supervisory Authority
    2. Should we contact to the Supervisory Authority in a specific country? What does it depend on?

    Answers:

    1. Here is a link to a EU commission's page containing the contact details of Supervisory Authorities in EU countries - https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080 /> 2. If you are the controller under the EU GDPR you need to appoint a representative. That representative must be based in a Member State in wh ich the relevant individuals are based if you can`t determine where most of your EU customers are you can choose any EU Members State. So, in a case of a breach you need to notify the Supervisory Authority in the country where you have appointed a representative.

    To learn more about data breaches check out our article “5 steps to handle a data breach according to GDPR”     https://advisera.com/eugdpracademy/knowledgebase/5-steps-to-handle-a-data-breach-according-to-gdpr/

  • Internal record of processing


    Answer:

    The “Inventory of Processing Activities” is mandatory if (a) the company has more than 250 employees; or (b) the processing the company carries out is likely to result in a risk to the rights and freedoms of data subjects; or (c) the processing is not occasional; or (d) the processing includes special categories of data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation);or (e) the processing includes personal data relating to criminal convictions and offences.

    To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//

  • Quality tools in ITSM


    Answer:
    Tools used for quality control have similarities in how we (in ITSM) control quality of delivered services.
    Some of the tools that are used to control quality in development and delivery of IT services are:
    Testing - to ensure that user's requirements and (quality) expectations are met
    Fishbone (or Ishikava) diagram . in e.g. problem resolution
    Trend analysis - reporting and trend monitoring is one of the ISO 20000 requirements
    Histograms - used to have clear picture of services delivered over longer period of time
    Cause and effect analysis - in incident, problem or change management

    To read more about Quality Management (applicable to IT service delivery), read the article How to use quality control tools to improve your QMS https://advisera.com/9001academy/blog/2017/04/18/how-to-use-quality-control-tools-to-improve-your-qms/
Page 733-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +