Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11270 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Preguntas sobre el libro Seguro & Simple

Respuesta: El libro está desarrollad o para guiarte en la implementación de la ISO 27001, y la mayoría de tus cuestiones están cubiertas por el libro: alcance del SGSI, definición de roles y responsabilidades para la gestión del equipo, y el tratamiento de la implementación como un proyecto.

Con respecto a los costes, este artículo puede ser interesante para “How much does ISO 27001 implementation cost?” : https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/

Con respecto a los tiempos, esta herramienta gratuita puede resultarte útil “Duración de la implementación de ISO 27001 e ISO 22301” : https://advisera.com/27001academy/es/herramientas/calculador-gratuito-del-tiempo-de-implementacion-para-iso-27001-iso-22301/

Con respecto a la línea base, mi recomendación es definir un plan de proyecto, y seguirlo. El libro proporciona información sobre la definición de un proyecto para la implementación, y puedes ver también este artículo “ISO 27001 project - How to make it work": https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/

Con respecto a las minutas y registros, este artículo te puede interesar “Records management in ISO 27001 and ISO 22301” : https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

Con respecto a la comunicación, generalmente los comunicados internos/externos relacionados con el SGSI se gestionan con un plan de comunicación. Este artículo te puede ayudar “How to create a Communication Plan according to ISO 27001” : https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/

Con respecto a las reuniones, generalmente la frecuencia depende de la empresa, aunque mi recomendación es que sean anuales (como mínimo)

Con respecto a las cuestiones relativas a riesgos del proyecto, puedes cubrir esto con el plan de proyecto, aunque esta cuestión no es de ISO 27001, es una cuestión relacionada con la gestión de proyectos, y tienes otros estándares para este propósito (como PRINCE2, PMP, etc)

Con respecto al control de la calidad, supongo que te quieres referir a "la revisión de la efectividad de los controles de seguridad, y puedes usar métricas/indicadores, por tanto este artículo también te puede interesar “Key performance indicators for an ISO 27001 ISMS” : https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/ . Este artículo también te puede ayudar “How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/ . Por otra parte, las auditorías pueden ser usadas también para verificar la implementación del SGSI, el estado de los controles, etc, y esto es cubierto por el libro, aunque aquí puedes ver más información para realizar la auditoría interna “How to make an Internal Audit checklist for ISO 27001 / ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

Finalmente, si estás pensando sugerir el proyecto a la alta dirección, este artículo sobre los beneficios de la ISO 27001 te puede ayudar “For key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/

Y también este webinar gratuito “Beneficios de ISO 27001: Cómo obtener el apoyo de la Dirección” : https://advisera.com/27001academy/es/webinar/iso-27001-benefits-how-to-obtain-management-support-free-webinar/
Numbering documents
Thank-you Carlos, moving forward into an electronic system, I appreciate your help.
ISO 9001:2015 and confidentiality

Answer:

Confidentiality matters related to relevant stakeholders are treated under clause 8.5.3. Internal confidentiality matters are treated under clause 7.5.3.1 b) and clause 7.5.3.2

The following material will provide you information about documented information:

- ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Transition from ISO 9001:2008

Answer:

You should contact your certification body because they are the ones that can help you more with that question. Some certification bodies stop issuing ISO 9001:2008 certificates after September 2016, and most importantly ,last October the International Accreditation Forum decided that certification bodies will no longer certify QMS according to ISO 9001:2008 after 15 March 2018. After that date, even if your QMS is according to ISO 9001:2008, certification bodies will conduct all ISO 9001 initial, surveillance, and recertification audits to the new version (ISO 9001:2015).

The following material will provide you information about transition:

- ISO 9001 – How to make the transition from ISO 9001:2008 revision to the 2015 revision (be careful some information about dates is no longer valid) - https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
Tools for ISO 9001:2015 transition - https://advisera.com/9001academy/2015transition/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Minimum monitoring and measuring requirements

Answer:

It is hard to determine what is the minimum requirements for monitoring and measuring within ISO 14001 based Environmental Management System simply because it heavily depends on the significant environmental aspects the organization has.

But besides the monitoring and measuring that are part of the operational controls, the organization has to, as a very minimum, conduct monitoring and measuring of the environmental performances, evaluate compliance with relevant environmental legislation and conduct internal audits and management review.

For more information, see: How to measure the effectiveness of your EMS according to ISO 14001:2015 https://advisera.com/14001academy/blog/2016/09/05/how-to-measure-the-effectiveness-of-your-ems-according-to-iso140012015/

These materials will also help you regarding monitoring and measuring in ISO 14001:
- Book THE ISO 14001:2015 COMPANION https://advisera.com/books/the-iso-14001-2015-companion/
- Free online training ISO 14001:2015 Foundations Course https://advisera.com/training/iso-14001-foundations-course/
- Conformio (online tool for ISO 14001) https://advisera.com/conformio/
Lead implementer and lead auditor

a) Should I take ISO 27001 LA or Implementation course ?
b) What's the difference between the two ?

Answer: Let's start with the differences:
- ISO 27001 Lead Implementer – this certification recognizes people who have competency on the ISO 27001 implementation process.
- ISO 27001 Lead Auditor – this certification recognizes people who have competency on auditing an ISMS against ISO 27001 requirements and want to become certification auditor (and with this provides more confidence to an organization for being certified).

So, the decision about which one to take will depend on your professional purposes. If you plan to work on an information Security Management System certification process, then you should consider the Lead Implementer certification. If you plan to ensure the operation of an ISMS, then you should consider the Lead Auditor certification.

These articles will provide you further explanation about ISO 27001 personnel certifications:
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

This material will also help you regarding ISO 27001 personnel certifications:
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/
Information system certification

Não sei como funciona a certificação, gostaria de contratar alguém para me guiar nesse processo.

(I need to develop a system that should be certified, it's a small system, which will save aircraft flight records.

I do not know how certification works, I would hire someone to guide me in this process.)

Answer: ISO 27001 does not certify systems or products, but processes and sites.

Considering this, you can to use ISO 27001 to certify your development process in order to provide confidence that the system's requirements, including security requirements, have been properly identified, implemented and tested.

These articles will provide you further explanation about ISO 27001 and the certification process:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These mate rials will also help you regarding ISO 27001 and the certification process:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] ISO 27001/ISO 22301: The certification process [free webinar on demand]

If you want more information, ask to schedule a conversation with one of our specialists through this link: https://advisera.com/27001academy/consultation/
Document control procedure

Answer: ISO 27001 does not prescribe any specific document formatting, only that format and media must be established, so you have to specify the format your organization will use, and this can be an already defined guideline or any other format the organization wants to use.

2- Is there a requirement that have to notate in each document when it is approved or that it is the current approved document?

Answer: There is no specific requirement to notate in a document when it is approved or that it is the current approved document, but including this information in the document is a good practice, since it can help prevent the use of an unapproved or obsolete version.

These materials will also help you regarding document management:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

These materials will also help you regarding docum ent management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide
Risk management

Answer: For risk management in ISO 27001 you can use ISO 27005.

For risk management for ISO 9001, ISO 14001, ISO 45001 and ISO 22000 you can use ISO 31000 (which covers the risk management process) and ISO 31010 (which covers techniques and methodologies). ISO 27005 is based on ISO 31000, so you can easily integrate both approaches.

These articles will provide you further explanation about risk management:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/ 2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

These materials will also help you regarding risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11270 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Preguntas sobre el libro Seguro & Simple

Numbering documents

ISO 9001:2015 and confidentiality

Transition from ISO 9001:2008

Minimum monitoring and measuring requirements

Lead implementer and lead auditor

Information system certification

Document control procedure

Risk management

Didn’t find an answer?