Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ITIL and cloud


    Answer:
    If you already have (or are planning to) have implemented ITIL, there shouldn't be problems if you use cloud to support your operations. Read the article "How ITIL can help cloud services" https://advisera.com/20000academy/blog/2015/07/28/how-itil-can-help-cloud-services/
    to learn more about this.

  • Compliance questionnaire


    Você poderia por gentileza, dar uma orientação em como formular esse questionário?

    (I am doing an academic paper (Article) on information security in which I have to prepare a questionnaire with the purpose of analyzing the adherence of information security adopted in companies with ISO 27002.

    Could you please give guidance on how to formulate this questionnaire?)

    Answer: Basically you have to identify for each control what is required (generally an action followed by the word "should") and formulate a question based on it.

    For example, for control 5.1.1 (Policies for information security), the requirement is:

    "A set of policies for information security should be defined, approved by management, published and communicated to employees and relevant external parties."

    So a proper question would be "Are t here policies for information security defined, approved by management, published and communicated to relevant parties?"
    For reference, I suggest you to take a look at our ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

  • ISO 27001 standard course


    Answer: I'm sorry, but I believe there has been a little misunderstanding regarding standard's structure. The term "clause" is used for separate the content of the main part of the standard, and ISO 27001:2013 has 10 clauses. Regarding Annex A, it has 114 controls, and not 111, and it is organized into 14 parts called "sections".

    These articles will provide you further explanation about ISO 27001:
    - What is IS 27001 https://advisera.com/27001academy/what-is-iso-27001/
    - A first look at the new ISO 27001 https://advisera.com/27001academy/blog/2013/01/28/a-first-look-at-the-new-iso-27001-2013-draft-version/
    - Main changes in the new ISO 27002 https://advisera.com/27001academy/blog/2013/02/11/main-changes-in-the-new-iso-27002-2013-draft-version/

    This material will also help you regarding ISO 27001:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On You r Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • Audit and ISO 22301


    Answer: For an audit program first you have to define if you are going to perform one audit or a series of audits throughout the year. After that you have to define criteria to define individual audits and the auditors that will perform them, the procedure that will be used for the audits, and if you are going to use checklists or not.

    For testing plans first you have to define which kind of test you will perform (e.g., Orientation seminar, Desk check, Plan walk-through, Functional testing, etc.), After that you have to define the tests scope, objectives, and timing, and align these decisions with top management and management heads to develop the necessary details for the test plans.

    These materials will provide you further explanation about internal audit and test plans:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - How to prepare for an ISO 27001 internal audit (the general concepts are al so applicable to ISO 22301) https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
    - Dilemmas with ISO 27001 & BS 25999-2 internal auditors https://advisera.com/27001academy/blog/2010/03/22/dilemmas-with-iso-27001-bs-25999-2-internal-auditors/
    - How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
    - How to perform business continuity exercising and testing according to ISO 22301 https://advisera.com/27001academy/blog/2015/02/02/how-to-perform-business-continuity-exercising-and-testing-according-to-iso-22301/

    2 - Also, does ISO 22301 has SoA as in ISO 27001?

    Answer: The statement of applicability is a requirement only for ISO 27001. There is no similar requirement for ISO 22301.

    These materials will provide you further explanation about ISO 22301:
    - What is IS 22301 https://advisera.com/27001academy/what-is-iso-22301/
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • SOA preparation


    Answer: The folders and documents in your toolkit are listed in the exactly order you need to follow in order to implement the ISMS, so you have to prepare the Statement of Applicability after you have finished to fill the Risk Assessment Table and the Risk Treatment Table.

    This article will provide you further explanation about the Statement of Applicability:
    - The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

    These materials will also help you regarding the Statement of Applicability:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Idioma de la documentación del SGSI


    Respuesta: Básicamente sí, porque si tu organización tiene empleados, por ejemplo, en USA, y sólamente hablan inglés, tienes que desarrollar documentación en este lenguaje. Por tanto, el criterio básicamente es desarrollar documentos en el lenguaje de las personas que los tienen que leer. Si todas las personas involucradas en el alcance del SGSI pueden entender el inglés, este puede ser el idioma oficial para toda la documentación, pero si no es así, debes desarrollar los documentos en el lenguaje específico de cada empleado, porque estos son los que los tienen que leer.

    Por cierto, ¿Quieres saber cómo estructurar la documentación de los controles del Anexo A? Este artículo te puede interesar “How to structure the documents for ISO 27001 Annex A controls” : https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

    Aquí también puedes encontrar una lista de los documentos que son obligatorios en la implementación de la ISO 27001 “Lista de documentos obligatorios exigidos por la norma ISO 27001 (revisión 2013)” : https://advisera.com/27001academy/es/knowledgebase/lista-de-documentos-obligatorios-exigidos-por-la-norma-iso-27001-revision-2013/

    Finalmente, aquí también puedes encontrar recursos gratuitos para tu proyecto de implementación de la ISO 27001 https://advisera.com/27001academy/es/descargas-gratuitas/

  • Meeting the requirements of the Regulation


    Answer:

    Where consent has been given under the Data Protection Directive, it will continue to be valid under the EU GDPR if it also meets the requirements of the Regulation.

    This may be difficult given the new and stringent requirements for consent. In theory, you should therefore consider approaching your existing customers to obtain a fresh consent that is valid under the EU GDPR. Be aware that opt-out consents are not valid under the EU GDPR.

    Basically you need to benchmark the consents you already have against the requirements of the EU GDPR and if the consent s meet those requirements you need to do nothing if they don`t you need to reach out to the individuals to get new compliant consents.

  • Implementing ISO 9001 - what about duration?


    Answer:

    In the middle of the 80’s, I worked for a couple of years for an artificial leather manufacturing company for the automotive industry with some small production of tarpaulins for trailers (emulsion PVC was the main raw material).

    I believe that the duration of implementation depends primarily on the size of the organization, for example:
    * Smaller organizations (up to 50 employees) usually implement the standard in less than 8 months;
    * Mid-size organizations (up to 500 employees) usually implement the standard in 8 to 12 months;
    * Large organizations (500 employees and more) – implementation usually lasts 12 to 15 months.

    Beware of companies that drag such projects on for too long (e.g., small companies for more than 12 months) usually never finish the project.

    ISO 9001:2015 does not require many documentation and even if there are no written procedures there must be some kind of practices use them as the corner stone of your QMS. For example, this week I visited an organization without QMS but with quality control in place.

    The following material will provide you information about implementing a QMS:
    - ISO 9001 – Five tips to ensure your ISO 9001:2015 implementation is successful – /…/mplementation-is-successful
    - How long does it take to implement an ISO 9001-based QMS? – /…/ement-an-iso-9001-based-qms
    - Gaining employee buy-in for your ISO 9001:2015 implementation – /…/iso-90012015-implementation
    - free online training ISO 9001:2015 Foundations Course – https:…
    - book – Discover ISO 9001:2015 Through Practical Examples – /…/-through-practical-examples

  • Transition to ISO 9001:2015

    Explain how you will change the company ISO 9001:2008 the new ISO 9001:2015 (AT LEAST TEN POINTS)

    These are the 12 steps transition process from ISO 9001:2008 to ISO 9001:2015 that should be followed:
    1. Define the context of the organization
    2. List all interested parties
    3. Determine the scope of the QMS
    4. Demonstrate Leadership
    5. Align QMS objectives with the company´s strategy
    6. Assess risks and opportunities
    7. Control documented information
    8. Operational Control
    9. Review the design and development process
    10. Control of external providers
    11. Performance evaluation
    12. Measuring and reporting
    For more information about every step, you can download the following white paper for free "Twelve-step transition process from ISO 9001:2008 to 2015 revision": https://info.advisera.com/9001academy/free-download/twelve-step-transition-process-from-iso-90012008-to-the-2015-revision You can also see this article "How to make the transition from ISO 9001:2008 revision to the 2015 revision": https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/

    Who will be involved in this transition project?

    Top management will need to be actively involved in the QMS development, implementation and maintenance. Where previously it may have been the quality manager’s responsibility to work with auditors, ISO 9001: 2015 demands that it’s the leaders of the organisation that will need to be involved in the entire process.
    And of course, getting a good team to work in the transition, including process owners, is crucial and they have to commit time to participate.
    To learn more about the new leadership requirements you can see: https://advisera.com/9001academy/knowledgebase/how-to-comply-with-new-leadership-requirements-in-iso-90012015/

    How long will it take to get the NEW Transition?

    The duration for the transition varies from company to company, but company size is often a big predictor of the time it will take to implement ISO 9001:2015. Also, it is necessary to considerate how much time will be spent on the project by internal people.
    To estimate your transition duration you can use the following tool: https://advisera.com/9001academy/iso-9001-duration-calculator/
    Also, you can see this article "How long does it take to implement an ISO 9001 based QMS?": https://advisera.com/9001academy/blog/2016/07/05/how-long-does-it-take-to-implement-an-iso-9001-based-qms/
    Performing a GAP analysis to learn what parts of the ISO 9001 Standard you already are complying with will be also very helpful. You can use this free GAP tool: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

    What is the benefits for the company by introducing this new ISO 9001:2015?

    These are the main benefits of implementing the ew ISO 9001:2015:
    - Effectiveness of the changes to your business
    - Improvement of your reputation
    - Avoiding exposure to potential non-conformities
    - Easy Integration with other systems
    - Overall result: reduced costs, improved bottom line
    For more information, see "ISO 9001:2015 - The benefits of early transition": https://advisera.com/9001academy/blog/2015/09/29/iso-90012015-the-benefits-of-early-implementation/
    These materials can also help you with the transition process:
    - Book "Discover ISO 9001:2015 through practical examples": https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Free online training ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
Page 759-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +