Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 20000 Design and transition of new or changed services
Answer:
Design and transition of new or changed services is responsible (in scope of the SMS - Service Management System) to manage any changes on existing, or introduction of new services. In your case, I rather see that you'll have changes on existing services. In scope of your change management (e.g. in your policy) you should define which changes are introduced using design and transition process.
If you have Design and transition process in place, evidences that you can show to the auditor could include:
- specification
- service requirements
- test plan
- transition plan
- risk assessment
- service acceptance criteria, etc.
Here are few articles that could help:
ITIL Service Acceptanc e Criteria – keep control in your hands https://advisera.com/20000academy/knowledgebase/itil-service-acceptance-criteria-keep-control-hands/
ITIL/ISO 20000 Service Level Requirements – Ensure you deliver what the customer asked for https://advisera.com/20000academy/blog/2017/03/21/itiliso-20000-service-level-requirements-ensure-you-deliver-what-the-customer-asked-for/
Design and transition of new or changed services in ISO 20000 https://advisera.com/20000academy/blog/2014/07/15/design-transition-new-changed-services-iso-20000/ -
Scope and external facilities
Answer:
1.If those external warehouses belong to your organization and they are relevant to your scope they must be included. 2.Probably, during the certification audit a sample of some of those warehouses will be audited.
The following materials will provide you details about the scope of a management system:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 20000 implementation
Answer:
There are few items on our web portal that can help you:
1. Free webinar "How to use a Documentation Toolkit for the implementation of ITIL / ISO 20000" https://advisera.com/20000academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-itil-iso-20000-free-webinar-on-demand/
2. Whitepaper "How online tools are revolutionizing ITIL and ISO 20000 implementation" https://info.advisera.com/20000academy/free-download/how-online-tools-are-revolutionizing-itil-and-iso-20000-implementation
3. ISO 20000 Gap Analysis Tool https://advisera.com/20000academy/itil-iso-20000-tools/iso-20000-gap-analysis-tool/ -
Linking interested parties, processes, risks/opportunities and corrective action
Answer:
Your organization determines its interested parties and their needs and expectations. How does your organization answers to those needs and expectations? Through its processes. What can help (opportunity) or hinder (risk) each of your organization’s processes in meeting those needs and expectations? Acting on those opportunities and risks can be done through corrective actions. Imagine that an interested party (customer) values delivery speed, your processes of order treatment, production and delivery must be designed to support delivery speed. Risks like supplier delay or production machine breakdown, or opportunities like using pre-order stocks can be determined. Corrective actions can be used to mitigate risks, like reducing production machine breakdown frequency, or take advantage of opportunities.
ss
- ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
- ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
AS9100 Rev D transition date
For AS9100 Rev D the date to transition from an AS9100 Rev C certified QMS to the new standard has always been aligned with the ISO 9001:2015 transition dates. In September 2017 the ISO & IAF group put out a news release stating that this date for transition would be September 15, 2018. After this date no certification for ISO 9001:2008 would be valid, and likewise certifications for AS9100 Rev C would not be in effect any longer.
Of course, there is no last date to certify a new QMS to AS9100 Rev D. This will be the aerospace standard going forward.
For more information on AS9100 Rev D transition see this whitepaper https://info.advisera.com/9100academy/free-download/as9100-twelve-step-transition-process-from-rev-c-to-rev-d -
Opposition to implementation
Answer: The main arguments against ISMS implementation generally are:
- the investment to be done
- lack of clear view of the benefits
- historical data supports the thinking "this will never happen to us"
- the thinking "no one is interested in our information"
These articles will provide you further explanation about ISO 27001 and how gain buy in from management:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
This material will also help you regarding ISO 27001 and how gain buy in from management:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- ISO 27001 benefits: How to obtain manag ement support [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/ -
Suppliers approved by customers and procedure requirement
Answer:
By “been approved by our customers” I imply that they have been selected by your customers. I would recommend keeping a procedure for Purchasing and Evaluation of Suppliers.
Although they have been selected by your customers your organization still needs to order them to deliver the right amount, of the right reference, with the right quality and with the agreed price in a particular date. Also, your organization must verify fulfillment of requirements upon reception of each delivery. Finally, although suppliers are selected by your customers it is wise to keep a record of suppliers’ performance. For example, it can be useful during negotiations with customers, particularly because your organization could be “importing problems” from those suppliers that affect your organization internal performance and even your performance at the eyes of the customers.
The following material will provide you information about the purchasing:
- ISO 9001 – How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- free online training ISO 9001:2015 Internal Auditor Course
– https://advisera.com/training/iso-9001-internal-auditor-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 22301 questionnaires
Answer: To evaluate the compliance situation regarding ISO 22301, I suggest you to take a look at the free demo of our Internal Audit Checklist at this link: https://advisera.com/27001academy/documentation/internal-audit-checklist/
Its list of questions will help you to verify the degree of implementation of the standard you client has achieved and guide you on the definition of the project scope.
This article will provide you further explanation about implementing ISO 22301:
- 17 steps for implementing ISO 22301 https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/
These materials will also help you regarding implementing ISO 22301:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/27001academy/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Diagram of ISO 22301 implementation process https://info.advisera.com/27001academy/free-download/diagram-of-iso-22301-implementation-process -
ISO 22301 implementation
Answer: ISO 22301 was designed to be implemented in organizations of any size or industry, so there is no specific recommendation for financial organizations. In a general manner you should consider:
- Ensure the buy in of you top management for this project
- Make the employees aware of the importance of this implementation
- Identify and involve in the project the right people (the ones with the knowledge, experience and skills to help the implementation).
- Identify the proper implementation strategy
These articles will provide you further explanation about ISO 22301 implementation:
- What is ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/
- 17 steps for implementing ISO 22301 https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/
- 3 strategic options to implement any ISO standard https://advisera.com/blog/2016/04/11/3-strategic-options-to-implement-any-iso-standard/
These materials will also help you regarding ISO 22301 implementation:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/ -
Use of cryptographic controls
Answer: The control A.10.1.1 - Policy on the use of cryptographic controls defines the guidelines for the use of cryptographic technologies in an organization (e.g., which technologies to use, when, by whom, etc.). So, if you have cryptographic technologies in your organization (like the SSL certificate) you have to consider the implementation of this control to treat risks like:
- IT staff implementing SSL in different ways in different places because there is no general rule about the issue,
- Unauthorized people accessing cryptographic technologies, because there is no list defining who can use it
To have an idea about how a cryptographic policy looks like, I suggest you to take a look at the free demo of o ur Policy on the Use of Cryptographic Controls at this link: https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/
This article will provide you further explanation about control A.10.1.1:
- How to use the cryptography according to ISO 27001 control A.10 https://advisera.com/27001academy/how-to-use-the-cryptography-according-to-iso-27001/
These materials will also help you regarding control A.10.1.1:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/