Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Users agreement


    Answer:

    You would be able to do that provided you put this information on your website Privacy Notice.

    To find out more about privacy notices you can check out our webinar Privacy Notices under EU GDPR https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/

  • Cross border processing


    Answer:

    If the data is stored outside the EEA the answer is yes. Usually Mirosoft and Google mention in their T&C or similar documentation where the data would be stored. Check this article https://cloud.google.com/security/gdpr/

  • Supervisory authority

    We are based in Australia and are setting up an (Art 27) Representative office service and a DPO service based out of the UK for Australian businesses to use. Happy to answer questions. Mike Pym. Gordian 02 8075 3805. You must choose a rep service in one of the countries where your relevant data subjects are located, but that rep service can be used for all of EU Member States data subjects. The rep services is different to a DPO, and you will need both in this case . Brexit will make a difference, but what difference only time will tell! Hope that helps.

  • Definición de OLA


    Respuesta: Un OLA (Operational Level Agreement) basicamente es un acuerdo interno entre tu organización y una parte de la misma organización (por ejemplo, un acuerdo entre el área de TI, y el área de Marketing), y el contenido de este acuerdo depende del acuerdo específico que se establezca en cada caso (quiero decir, depende del servicio que una parte quiera proporcionar a la otra parte), pero puedes usar esta plantilla para tu proyecto, donde puedes definir el acuerdo del proyecto, relaciones, requerimientos sobre el servicio, planificación/cronograma, duración, etc. “Acuerdo de nivel operacional (OLA)” https://advisera.com/20000academy/es/documentation/acuerdo-de-nivel-operacional-ola/

    Y este artículo también te puede resultar interesante “SLAs, OLAs and UCs in ITIL and ISO 20000” : https://advisera.com/20000academy/knowledgebase/slas-olas-ucs-itil-iso-20000/

  • AS9100 Manual from a consultant

    Answer:
    This is one of the problems with consultants that do not take into account the processes that are currently in the company hen they choose what to document on a QMS, does what is documented actually add value? There are a few things to consider now that you have the manual, even if it was adapted from another template manual:
    - Do we actually do the things that the manual states?
    - Does the manual add a necessary process that we did not have in place before?
    If the answer to these are positive then the manual may be beneficial to you, on the other hand, if the manual:
    - Has written detail that you do not do
    - Has processes that are not required by your company, or AS9100 Rev D
    - Is wordy or complex such that it will confuse your employees
    If these are true then the manual is not only lacking in value , it is actually a problem since you will fail when your employees are audited against the manual. When you have a consultant working for you what you want is to ensure that what they write down is actually what you do so that people follow it.
    For more on dealing with consultants there is a good checklist on 9001Academy that can help with choosing a consultant that is relevant to the AS9100 QMS: https://info.advisera.com/9001academy/free-download/list-of-questions-to-ask-an-iso-9001-consultant

  • ISO 9001 and procurement

    are there powerpoint sample presentation to help communicate to teams on supplier evaluation with respect to ISO9001?

  • Risk with a positive and negative impact


    Answer:

    ISO 9000:2015 defines Risk as the effect of uncertainty. Then, in a note adds that an effect is a deviation from the expected - positive or negative. So, ISO 9000:2015 accepts the use of the general word risk both for negative and positive impact. Although when one use the words risk and opportunity is much more easy to distinguish positive from negative effects – remember that many organizations use different methods to evaluate risks and opportunities. For example, many organizations use probability as a factor to evaluate risks and others use effort as factor to evaluate opportunities.

    The f ollowing material will provide you information about the risk-based approach:

    - ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
    - ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Boundary in ISO 9001 scope


    Answer:

    An organization does not need to apply its quality management system to all of its operations. For example, an organization can manufacture a line of products with its own brand and manufacture generic products to other brands as a subcontracted organization. The organization can decide to implement a QMS and only apply it to the part of the business where it works as subcontracted and not to the part where it manufactures under its brand. So the boundary would be, in that case, working as subcontracted by other organizations.

    The following materials will provide you details about the scope of a management system:

    - ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 – https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/

    - free online training ISO 9001:2015 Foundations Co urse – https://advisera.com/training/iso-9001-foundations-course/

    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Information security policy content


    Answer: According ISO 27001, the Information Security Policy must include:
    - the information security objectives, or how the objectives are proposed, how they are approved, and how they are reviewed
    - a statement of top management about its commitment to fulfill the requirements of all interested parties, and to continually improve the ISMS

    There is no need to include specific controls in the Information Security Policy. If you need to describe details about the application of one or more controls you should consider writing them in a specific policy (e.g., Access control policy, backup policy, etc.).

    These articles will provide you further explanation about Information Security Policy:
    - What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
    - Information security policy – how detailed should it be? https://advi sera.com/27001academy/blog/2010/05/26/information-security-policy-how-detailed-should-it-be/

    These materials will also help you regarding Information Security Policy:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Risk management according to ISO 27001, ISO 27005 and ISO 31000

    I want to prepare for an ISO 27001 certification and decide to use the ISO 27005 risk management methodology. What steps are mandatory, and what is optional?

    First is important to note that ISO 27005 is not a methodology, but a general framework for information security risk management.

    It differs from ISO 27001 in the fact that ISO 27005 provides not only steps for the risk management process (e.g., risk assessment, risk evaluation, risk treatment, etc.), but options regarding on how to perform each step (e.g., qualitative or quantitative approach risk assessment). A specific set of options to perform the steps would be a methodology, so from ISO 27005, you can develop several different methodologies to perform the same steps.

    Considering that, if by steps you talk about parts of the process, then all steps of ISO 27005 are required by ISO 27001. If by steps you refer on how to execute the process, you are free to choose between the approaches provided by ISO 27005 the options that better suits you, because ISO 27001 does not prescribe how to perform them.

    Can I focus on asset impact instead of asset valuation when using ISO 27005 as the basis?

    Considering the previous answer, you can use asset impact instead of asset valuation when performing risk assessment for ISO 27001 using the ISO 27005 framework
Page 768-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +