Search results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • ISO 27001 standard


    Answer: I'm sorry, but the ISO 27001 standard is an intellectual property of the International Organization for Standardization (ISO), and like so it cannot be sold as part of our toolkits. You can find and bought this standard at this link: https://www.iso.org/standard/54534.html
  • ISO 27001 Mandatory documentation


    Answer: The text in the Document Management from ISO 27001 Blog refers to the ISO 27001:2005 standard, in which the Procedure for Managing Documents is in fact mandatory. This standard was superseded by ISO 27001:2013, which is now the current standard, and in this version the Procedure for Managing Documents is not mandatory.

    These materials will provide you further explanation about the differences between the versions of the standard:
    - A first look at the new ISO 27001 https://advisera.com/27001academy/blog/2013/01/28/a-first-look-at-the-new-iso-27001-2013-draft-version/
    - Infographic: New ISO 27001 2013 revision – What has changed? https://advisera.com/27001academy/knowledgebase/infographic-new-iso-27001-2013-revision-what-has-changed/

    2 - Also, could you share with me how you came up with the Checklist of Mandatory Documentation? I can’t seem to find the source of the information in the ISO 27001:2013 Standard. Not sure if it is there or in another ISO document.

    Answer: To identify the mandatory documentation in the standard you have to find the requirements that demand "documented information" to be available, to be kept, to be retained, or any other similar verb or expression. For example:
    - The scope shall be available as documented information.
    - The organization shall retain documented information about the information security risk assessment process.

    This article will provide you further explanation about ISO terminology:
    - Explanation of the basic terminology in ISO standards https://advisera.com/27001academy/blog/2015/01/12/explanation-of-the-basic-terminology-in-iso-standards/
  • Un sólo documento o varios


    Respuesta: Sí, podrías tener un único documento incluyendo información sobre el alcance, objetivos, funciones, etc, pero en mi opinión, esta no es la mejor manera, porque estás mezclando conceptos que son diferentes, y si tienes un único documento con mucha información, puede ser difícil e incómodo encontrar algo. Por tanto, lo mejor es que tengas un documento para el alcance, otro para la política de seguridad de la información y objetivos, etc.

    Recuerda que existe una lista de documentos que son obligatorios, que puedes ver aquí “Lista de documentos obligatorios exigidos por la norma ISO 27001 (revisión 2013)” : https://advisera.com/27001academy/es/knowledgebase/lista-de-documentos-obligatorios-exigidos-por-la-norma-iso-27001-revision-2013/

    Y este artículo puede ayudarte a estructurar los documentos para los controles del Anexo A de la ISO 27001 “How to structure the documents for ISO 27001 Annex A controls” : https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
  • ISO 9001


    Respuesta: La última versión de la ISO 9004 es la ISO 9004:2018, y puedes descargarla directamente de la página oficial de iso.org

    Con respecto a la segunda cuestión, disculpa, pero no ofrecemos ese tipo de servicios.

    Finalmente, quizas puedan interesarte estos artículos:

    "ISO 9004" : https://advisera.com/9001academy/knowledgebase/iso-9004/

    “How to make your QMS successful with ISO 9004” https://advisera.com/9001academy/blog/2015/04/28/how-to-make-your-qms-successful-with-iso-9004/#
  • GDPR related question about SPAM email


    Answer:

    What you are describing is commonly referred to as unsolicited marketing. The EU GDPR states that for marketing you need to obtain the consent of the data subject. Also, the ePrivacy Directive imposes additional constraints if you market by telephone, email or fax.

    For example, you can only send direct marketing to someone by email if:
    - they have given you consent; or
    - you have an existing relationship with them and fall within the so-called similar products and services exemption
    Unless one of the two criteria apply I would suggest to file a complaint to your local Supervisory Authority.

    You can find out about how the EU GDPR will affect marketing by checking out our free webinar “How GDPR Affects Marketing Practices” https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/
  • Content of the medical device file


    Answer:

    The medical device file should contain the following information:
    - General description of the medical device, intended purpose and instructions for use (I think you've covered that)
    - specification for the product
    - specifications or procedures for manufacturing, packaging, storage, handling and distribution;
    - procedures for monitoring and measuring;
    - procedure for installation, if appropriate; and
    - procedure for servicing, if appropriate.

    For more information, see: How to meet ISO 13485:2016 requirements for medical device files https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/
  • IATF Certificate suspension


    I am trying to find out what is the process for IATF certification suspension for the corporate scheme.

    The situation is like this: one corporate scheme has few manufacturing sites. What happens if the central functions are claimed by the customer as having an issues? How the manufacturing sites are impacted and where I can find this information? Can the certification body request a special audit at a manufacturing site even if the issues is strictly related to the central functions? The central functions have their own IATF certification audit. In the 5th rules I was not able to find all this details.

    Answer:,

    According to Rules for achieving and maintaining IATF recognition, the certification body can suspend the certificate if the certification body receives a performance complaint against the client from an IATF OEM member, its relevant IATF Oversight office, or any automotive customer of the client.

    The certification body must undertake immediate analysis of the situation to dete rmine the severity of the situation and risk to the customers of the certified client, taking into account, where applicable, IATF OEM customer-specific requirements. This analysis shall be completed within a maximum of twenty (20) calendar days from the start date of the decertification process.

    Since the manufacturing sites are under the same certificate as the central office, they can also be subjected to additional audits.

    For more information, you can take a look at Rules for achieving and maintaining IATF recognition 5th edition, clause 8.0 CERTIFICATE DECERTIFICATION PROCESS
  • Appendix for Inventory of Processing Activities


    Answer:

    EU GDPR art. 30 “Records of processing activities” https://advisera.com/eugdpracademy/gdpr/records-of-processing-activities/ states that you need to provide a “of data subjects and of the categories of personal data” which suggest that a certain amount of granularity is required and sensitive and non-sensitive would not be enough.
  • Information security and ISO 27001 topics

    Contudo, gostaria de saber se existe a possibilidade de me fornecer algum material que me ajude nos seguintes tópicos:

    Grupo 6 - ISO 27001 - Tecnologia da informação
    Iniciar com conceitos e definições do que é “ISO 27001 ”; Quando surgiu, onde surgiu; Atuação das empresas na busca da ISO 27001; Custos de implantação; Concorrência e mercado; Certificação (como é o processo); Quais os requisitos da norma; Exemplos de empresa que aplicam; Por que esta empresa adotou esta norma; Resultados/benefícios desejados; Etc; Desde já grato pela atenção e ao seu dispor.

    (I am a Logistics student at XXXX and I need to prepare an academic paper about ISO 27001 requested by the XXXX professor.
    However, I would like to know if there is a possibility of providing me with some material that will help me in the following topics:

    Group 6 - ISO 27001 - Information technology
    Start with concepts and definitions of what is "I SO 27001"; When it arose, where it arose; Companies acting in the search for ISO 27001; Implementation costs; Competition and market; Certification (how is the process); What are the requirements of the standard? Examples of companies that apply; Why this company adopted this standard; Desired outcomes / benefits; Etc; Thank you in advance for your attention and at your disposal.)

    Answer: For some topics you asked for information, I suggest you these materials:
    - What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
    - ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
    - ISO survey https://www.iso.org/the-iso-survey.html

    These materials will also help you regarding your questions:
    - Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
    - How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project
    - Applicability of ISO 27001 divided by industry https://info.advisera.com/27001academy/free-download/applicability-of-iso-27001
    - Checklist of mandatory documentation required by ISO 27001:2013 https://info.advisera.com/27001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-27001
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
  • Mandatory documents as barriers in ISO 9001


    Answer:

    ISO 9001 is a general standard applicable to any organization. ISO 9001 per se has no mandatory document especially difficult to obtain. What ISO 9001 determines is that any mandatory requirement extra-ISO 9001 text is what any organization already has to submit independently of the standard, due to regulations and legislation.

    The following material will provide you information about statutory and regulatory requirements:

    - ISO 9001 – How to include statutory and regulatory requirements in your QMS - https://advisera.com/9001academy/blog/2017/02/14/how-to-include-statutory-and-regulatory-requirements-in-your-qms/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Page 763-vs-13485 of 1130 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +