Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Mandatory documents for ISO 27001
Answer: Sure. In the List of Documents file that comes with your toolkit you can find which documents are mandatory only for for ISO 27001.
This article will provide you further explanation about mandatory documents for ISO 27001:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ -
Organizing IT area
Thanx a bunch, i didnt know where to start. Lucky for me i have top management support.. really appreciate your knowledge!! -
Implementación de la ISO 22301
He recibido la siguiente pregunta: Estoy especialmente interesando en el paquete de implementación de ISO 22301. Por favor quisiera saber los tiempos, recursos necesarios y mayores retos para la implementación del mismo. Adicionalmente, en qué momento debería contactar a la certificadora. Respuesta: El tiempo para la implementación de la ISO 22301 depende del tamaño de la organización, en cualquier caso, puedes usar esta herramienta gratuita para conocer una estimación sobre el tiempo que necesitas para implementar ISO 22301 en tu organización: https://advisera.com/27001academy/es/herramientas/calculador-gratuito-del-tiempo-de-implementacion-para-iso-27001-iso-22301/ Generalmente, el principal reto para la implementación es obtener el apoyo de la dirección, y este webinar gratuito te puede resultar útil: https://advisera.com/27001academy/es/webinar/iso-27001-benefits-how-to-obtain-management-support-free-webinar/ Con respecto a los recursos, puedes implementar este estándar por ti mismo, quiero decir, utilizando recursos propios, pero si compras nuestro paquete de doc umentos, tendrás también nuestro soporte para la implementación. Finalmente, puedes contactar con la entidad certificadora para la certificación en el momento que quieras, aunque habitualmente se suele contactar cuenta la implementación está llegando a su conclusión. Este artículo puede ayudarte a seleccionar la entidad certificadora : https://advisera.com/articles/how-to-choose-an-iso-certification-body/ Y aquí te puedes descargar nuestro paquete de documentos: https://advisera.com/27001academy/es/paquete-de-documentos-sobre-iso-22301/ -
External audit
thanks -
Management review
I will be conducting audit checks on all three management systems on a monthly basis across the whole year with a view to recertifying every Jan/Feb/Mar.
As the audit effectively takes place over the course of the whole year, when would you recommend the management review is scheduled? Is it sensible to conduct it only when the internal audit is complete? My concern with this approach is that with 2/3 management systems., the review meetings will stack-up at the end of the year when there is probably less chance of them taking place.
Answer: ISO management standards give organizations freedom to define how they can approach the management review (the standards only require the reviews to be performed at planned intervals and the inputs and outputs to be covered).
Considering your situation, you should consider to perform quarterly or semi-annual meetings, covering in each meeting all topics regarding data after the last meeting, or specific topics considering data from the last meeting where such topics where covered. The main point to consider is that between external audits you must ensure all topics required by the standards are covered.
This approach will make easier for you to schedule the management reviews to dates where they will have more chance to be performed.
This article will provide you further explanation about management review:
- Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/ -
The transition and defining the scope
Is it possible .. And how we have to handle this situation..
Answer:
By implementing IATF 16949 your organization will be compliant with ISO 9001:2015, simply because IATF 16949 contains all requirements from ISO 9001:2015 plus automotive industry specific requirements. For more information on the transition, see: 12 steps to make the transition from ISO/TS 16949:2009 to IATF 16949:2016 https://advisera.com/16949academy/knowledgebase/12-steps-to-make-the-transition-from-isots-16949-2009-to-iatf-16949-2016/
Adding one more location is possible, you only need to document it in your document about the scope of QMS (Quality Management System). For more information, see: How to define scope of the QMS according to IATF 16949:2016 https://advisera.com/16949academy/blog/2017/06/28/how-to-define-scope-of-the-qms-according-to-iatf-16949/ -
Property belonging to customers or external providers
Answer:
Here are some examples:
Auto repair shop receives customer's car to be able to provide service.
Manufacturing company works with raw materials supplied by the customer.
Customer provides mold, packaging material and branded labels for plastic parts injection service provider to produce toys and pack them.
Customer provides supplier with a recipe to produce a product for him.
The following material will provide you information about property belonging to customers or external providers:
- ISO 9001 – ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/
- Managing Production and Service Provision using ISO 9001 - https://advisera.com/9001academy/blog/2017/11/21/managing-production-and-service-provision-using-iso-9001/
- free online training ISO 9001:2015 Found ations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Quality Manual content
Answer:
ISO 9001:2015 no longer requires a Quality Manual as a mandatory document of a management system. That gives much more freedom about what to include in a Quality Manual. I always think of a Quality Manual as kind of identity card of an organization. So, I design Quality Manuals that answer to questions like:
Who are we? (picture of organization building and group photo of everybody working in the company)
What do we do? (pictures of products or services being provided, scope of the system and reference to any exclusion)
What are our values and commitments? (quality policy)
To whom do we work? (customers and other relevant interested p arties)
How do we work? (map of interrelated processes)
Table with documents relevant for the management system
The following material will provide you information about Quality Manuals:
ISO 9001 – The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/
Writing a short Quality Manual - https://advisera.com/9001academy/knowledgebase/writing-a-short-quality-manual/
free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Network policy
Answer: From our templates, the following policies cover ISO 27001 network related controls:
- Access control policy (covers control A.9.1.2 Access to networks and network services)
- Bring Your Own Device (BYOD) Policy (covers control A.13.2.1 Information transfer policies and procedures)
- Acceptable Use Policy (covers control A.13.2.3 Electronic messaging)
- Information Classification Policy (covers control A.13.2.3 Electronic messaging)
- Information Transfer Policy (covers controls A.13.2.1 Information transfer policies and procedures and A.13.2.2 Agreements on information transfer) (this one you already bought)
For a more operational approach, you should consider the Operating Procedures for Information and Communication Technology, which covers the controls A.13.1.1 Network controls, A.13.1.2 Security of network services, A.13.2.1 Information transfer policies and procedures and A.13.2.2 Agreements on information transfer.
To see a free demo of these documents and evaluate if anyone of them can fulfill your needs, please access these links:
- https://advisera.com/27001academy/documentation/access-control-policy/
- https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/
- https://advisera.com/27001academy/documentation/it-security-policy/
- https://advisera.com/27001academy/documentation/information-classification-policy/ -
Filling toolkit templates
Answer: The place to include references in our templates is section 2 (Reference documents). Applicable controls to each template are already included in this section, so you should check if the references you want to include are already there, or if you should add the ones you wish.
Also we are currently going through who our interested parties are, other than going through each of the UK legalisation in detail is any other of reviewing this element of the task?
Answer: Besides entities that issue laws your organization must comply with, you also should consider for interested parties employees, customers and suppliers that can affect, or be affected by your ISMS
This article will provide you further explanation about interested parties:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/ knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301/
These materials will also help you regarding interested parties:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/