Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Aplicar ISO 27001 y OWASP
He recibido la siguiente pregunta: En mi empresa el principal problema es que queremos aplicarlo la ISO 27001 con owasp para mejorar el aseguramiento de la seguridad en el proceso de desarrollo de aplicaiones web. no sabemos si es correcto o talvez aplciar otra ISO? Respuesta: Es correcto, puedes aplicar ISO 27001 con OWASP. El principal objetivo de ISO 27001 es la protección de la información, y para esto, el estándar usa la gestión de riesgos, que está compuesta por el análisis de riesgos y el tratamiento de riesgos. Por tanto, básicamente, para la protección de la información, tienes que identificar riesgos, y después tienes que tratarlos. Para el tratamiento de riesgos, ISO 27001 tiene el anexo A con 114 controles de seguridad, y existen controles específicos para el desarrollo software (en el dominio A.14), que pueden ser complementados con OWASP, que básicamente es un marco de trabajo para el desarrollo seguro. Este artículo sobre como integrar ISO 27001 con el ciclo de vida de desarrollo software te puede interesar: https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/ -
Quality vocabulary
Answer:
The actual term “product realization” is no longer used in the new standard. If you use an electronic version and search for the word product it never appears with the other one, “realisation” or “realization”. It’s a phrase that is still very used in the quality vocabulary.
The following material will provide you information about the changes in standard:
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO27001/002/005 and EU GDPR plus PCI-DS
Answer: To be sure our toolkit can help you, you can take a look at its free demo at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Unfortunately we do not have a toolkit specific for PCI-DSS, but most of our templates can be adjusted to fulfill PCI-DSS requirements.
These articles will provide you further explanation about ISO 2700 nd PCI-DSS:
- PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences https://advisera.com/27001academy/knowledgebase/pci-dss/
- PCI-DSS vs. ISO 27001 Part 2 – Implementation and Certification https://advisera.com/27001academy/knowledgebase/pci-dss/ -
Mandatory documents for ISO 27001
Answer: Sure. In the List of Documents file that comes with your toolkit you can find which documents are mandatory only for for ISO 27001.
This article will provide you further explanation about mandatory documents for ISO 27001:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ -
Organizing IT area
Thanx a bunch, i didnt know where to start. Lucky for me i have top management support.. really appreciate your knowledge!! -
Implementación de la ISO 22301
He recibido la siguiente pregunta: Estoy especialmente interesando en el paquete de implementación de ISO 22301. Por favor quisiera saber los tiempos, recursos necesarios y mayores retos para la implementación del mismo. Adicionalmente, en qué momento debería contactar a la certificadora. Respuesta: El tiempo para la implementación de la ISO 22301 depende del tamaño de la organización, en cualquier caso, puedes usar esta herramienta gratuita para conocer una estimación sobre el tiempo que necesitas para implementar ISO 22301 en tu organización: https://advisera.com/27001academy/es/herramientas/calculador-gratuito-del-tiempo-de-implementacion-para-iso-27001-iso-22301/ Generalmente, el principal reto para la implementación es obtener el apoyo de la dirección, y este webinar gratuito te puede resultar útil: https://advisera.com/27001academy/es/webinar/iso-27001-benefits-how-to-obtain-management-support-free-webinar/ Con respecto a los recursos, puedes implementar este estándar por ti mismo, quiero decir, utilizando recursos propios, pero si compras nuestro paquete de doc umentos, tendrás también nuestro soporte para la implementación. Finalmente, puedes contactar con la entidad certificadora para la certificación en el momento que quieras, aunque habitualmente se suele contactar cuenta la implementación está llegando a su conclusión. Este artículo puede ayudarte a seleccionar la entidad certificadora : https://advisera.com/articles/how-to-choose-an-iso-certification-body/ Y aquí te puedes descargar nuestro paquete de documentos: https://advisera.com/27001academy/es/paquete-de-documentos-sobre-iso-22301/ -
External audit
thanks -
Management review
I will be conducting audit checks on all three management systems on a monthly basis across the whole year with a view to recertifying every Jan/Feb/Mar.
As the audit effectively takes place over the course of the whole year, when would you recommend the management review is scheduled? Is it sensible to conduct it only when the internal audit is complete? My concern with this approach is that with 2/3 management systems., the review meetings will stack-up at the end of the year when there is probably less chance of them taking place.
Answer: ISO management standards give organizations freedom to define how they can approach the management review (the standards only require the reviews to be performed at planned intervals and the inputs and outputs to be covered).
Considering your situation, you should consider to perform quarterly or semi-annual meetings, covering in each meeting all topics regarding data after the last meeting, or specific topics considering data from the last meeting where such topics where covered. The main point to consider is that between external audits you must ensure all topics required by the standards are covered.
This approach will make easier for you to schedule the management reviews to dates where they will have more chance to be performed.
This article will provide you further explanation about management review:
- Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/ -
The transition and defining the scope
Is it possible .. And how we have to handle this situation..
Answer:
By implementing IATF 16949 your organization will be compliant with ISO 9001:2015, simply because IATF 16949 contains all requirements from ISO 9001:2015 plus automotive industry specific requirements. For more information on the transition, see: 12 steps to make the transition from ISO/TS 16949:2009 to IATF 16949:2016 https://advisera.com/16949academy/knowledgebase/12-steps-to-make-the-transition-from-isots-16949-2009-to-iatf-16949-2016/
Adding one more location is possible, you only need to document it in your document about the scope of QMS (Quality Management System). For more information, see: How to define scope of the QMS according to IATF 16949:2016 https://advisera.com/16949academy/blog/2017/06/28/how-to-define-scope-of-the-qms-according-to-iatf-16949/ -
Property belonging to customers or external providers
Answer:
Here are some examples:
Auto repair shop receives customer's car to be able to provide service.
Manufacturing company works with raw materials supplied by the customer.
Customer provides mold, packaging material and branded labels for plastic parts injection service provider to produce toys and pack them.
Customer provides supplier with a recipe to produce a product for him.
The following material will provide you information about property belonging to customers or external providers:
- ISO 9001 – ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/
- Managing Production and Service Provision using ISO 9001 - https://advisera.com/9001academy/blog/2017/11/21/managing-production-and-service-provision-using-iso-9001/
- free online training ISO 9001:2015 Found ations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/