Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Question about course

    Answer: An ISMS scope can be defined in terms of processes (referred by products or services delivered to the clients) and/or information to be protected and the locations. In the presented question Offices London & Edinburgh are only examples (names from other cities or places could have been used)

    This article will provide you further explanation about scope definition:
    - How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

  • Requirements for additional certifications


    Answer: The need for compliance with ISAE 3402, and with any other standard at all, when an organization already has ISO 27001 and it is compliant with EU GDPR (currently there are no available certification mechanisms pursuant to EU GDPR article 42 requirements - https://advisera.com/eugdpracademy/gdpr/certification/), may be required because of specific laws, contracts, agreements or other legal requirements demanding them.

    Although ISO standards are world wide recognized, and EU GDPR is mandatory on EU territory, there may be situations in specific countries which require compliance with other standards. The positive thing is that ISO standards are comprehensive enough to help fulfil some of these requirements, minimizing the compliance costs and effort.

  • Templates available


    Answer: We provide templates for all mandatory requirements for implementing an ISMS according ISO 27001, and most common used policies and procedures. They can be bought individually or as part of specific toolkits. To take a look at our toolkits, please see this link: https://advisera.com/27001academy/product-tour/

    This article will provide you further explanation about ISO 27001 mandatory documentation:
    - List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

  • Becoming an ISO 27001 expert


    I am in consulting area, mainly for ISMS and BCP.

    My background, in brief, is as below:
    1) I hold Bachelor of Technology degree in Computer Science and Engineering(in India).
    2) I have around 27 years of experience in IT, mainly in software development, project management, delivery management of software and Pre-Sales.
    3) I am also PMP(Project Management Professional) & CISA(Certified Information Systems Auditor) certified.
    4) I have also got certification for implementing ISMS(ISO 27001).

    My objectives are following, in near term:

    1) Become expert in Audit of ISMS(ISO 27001)
    2) Become expert in implementation of ISMS.
    3) Become expert in BCP(ISO 22301).

    How should I approach to gain more knowledge and become expert so that I can do consultancy in these areas very well/successfully?

    I am planning to buy your book " Secure & Simple" for implementing ISMS.

    Answer: Regarding ISO 27001 audit, you should consider attend a ISO 27001 Lead Auditor course and get the Lead Auditor certification, and after that search for opportunities to perform audits.

    Considering you already have a certification for implementing ISO 27001, you should practice your skills, either by conducting small scopes implementation at first, and then going for bigger or more complex ones, or by participating in a team for a big implementation scope.

    For BCP based on ISO 22301, you should consider the lead auditor and lead implementer courses. For improving your skills, search for opportunities to perform audits and implementations must be considered.

    These articles will provide you further explanation about becoming an ISO consultant:
    - How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/
    - How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/

    These materials will also help you regarding becoming an ISO consultant:
    - How to become an ISO 27001 / BS 25999-2 consultant [free webinar on demand] https://advisera.com/27001academy/webinar/become-iso-27001-bs-25999-2-consultant-free-webinar/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
    - ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/

  • Suspicions about false certificates


    Answer:

    ISO 9001 doesn’t mention what to do when you suspect that someone is using a falsified certificate. If you have suspicions you can start by taking note of the Certification Body (an organization cannot self-grant a certificate). Then, look for the name of the Accreditation Body and check to see if it is a member of the International Accreditation Forum (IAF). If there is no stamp from an Accreditation Body on the certificate then you should be suspicious as to whether the Certification Body is competent to audit.

    ISO maintains a page where you can report your suspicions: https://www.iso.org/complaints.html

  • ITIL Foundation certificate


    Answer:
    ITIL Foundation certificate can be achieved by passing certification exam. For Foundation level classroom training is not necessary. That means that you can make certification exam trough web proctoring. However, in that case you must study whole material by yourselves. However, classroom training provides faster learning track and includes (almost always) certification exam opportunity. Also, there are plenty online trainings and some of them include or provide certification exam.
    Since 01.01.2018 Peoplecert is the only exam provider, so please check there for web-proctored exam or training providers.
    These articles can help you understand certification path:
    "ITIL Certification Path – list of all available ITIL trainings, exams and certificates" https://advisera.com/20000academy/knowledgebase/itil-certification-path-list-of-all-available-itil-trainings/
    "H ow personal certificates can help your company’s IT Service Management" https://advisera.com/20000academy/blog/2017/04/18/how-personal-certificates-can-help-your-companys-it-service-management/

  • About the risk-based approach


    Answer:

    Please, consider first ISO 9000:2015 definition of risk: “effect of uncertainty on an expected result”. Because from this definition I always start by the expected results of an organization, and they can be at a general level (for example, the organization’s budget for this year – what can contribute to not achieving it?) or at departmental or process lev el (for example, launching of new products this first semester - what can contribute to not achieving it?). I would work with both approaches that you mention, but considering that a more mature management system should have already built in several mechanisms to handle your second approach, that means that more emphasis could be made on the first one.

    The following material will provide you information about the risk-based approach:

    ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
    ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
    free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Business continuity on ISO 27001 implementation

    Because in the statement of applicability it includes business continuity under A.17. Would I just find all of A.17 to be not applicable? We have a disaster recovery plan already. And from ISO we have the incident management procedure. We also have an RCA (root cause analysis) on incidents we have had in the past and the actions we took. Also, I cannot seem to find the Business Continuity procedure in comformio. Which business continuity document is mandatory if found applicable in the SOA?

    Answer: There is no need to implement business continuity according ISO 22301 if you are doing only ISO 27001. The Information security aspects of business continuity management referred in the statement of applicability under section A.17, if such controls are deemed as necessary to your ISMS implementation, can be fulfilled by the disaster recovery plan included in your toolkit.

    This article will provide you further explanation about business conti nuity and ISO 27001:
    - How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

  • Property belonging to customers or external providers


    Answer:

    If a customer provides some type of software that it is used for the preparation or execution of an order in the manufacturing process that is included in clause 8.5.3 of ISO 9001:2015. In the case of an external provider, that is included in the same clause if there is some previous agreement about obligations. You can buy an input for your manufacturing process and assume with the external provider that you will not share that input with other organizations. For example, you are a franchisee and receive software from your franchiser with some agreement about intellectual property and other obligations.

    The following material will provide you information about the clause 8.5:

    ISO 9001 – ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/ 0012015-clause-8-5-product-realization-practical-examples-for-compliance/
    free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    -book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Data Subject Access Form


    Answer:

    The “Data Subject Access Form” https://advisera.com/eugdpracademy/documentation/data-subject-access-request-form/ can be used for all the rights of the data subject, it makes no sense to have a special form for all data subject rights otherwise you will end up with lots of document with similar content. So, my advice is to use the “Data Subject Access Form” for any instances where data subject makes a request.

    The same is applicable for providing the response, you can use “Data Subject Disclosure Form” https://advisera.com/eugdpracademy/documentation/data-subject-disclosure-form/ for providing a response to all data subject`s requests.

    Both template documents mentioned above can be found in folder 4 “Managing Data Subject Rights” in our EU GDPR implementation toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
Page 814-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +