Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Implementing ISO 27001


    Can you provide some guidance?

    XXXX is a tiny company - just me and my co-founder. However, I am finding that some of my larger prospects require ISO 27001 certification. So I want to move through this process ASAP. Unfortunately, due to budget constraints, I'm on my own.

    How can I minimize the time required and get certified quickly, but also with quality?

    Answer: The documents in your toolkit are placed in folders in the precise order and structure for your ISMS to be implemented, so to begin your implementation and avoid confusion you should follow this structure (e.g., first the procedure for document and record control, after that the procedure for identification of requirements, then the ISMS scope document, and so on...).

    Regarding the number of documents, the "List of documents" file highlights the mandatory documents, so you should focus on them and keep the implementation of other templates at the minimum.

    Included in your toolkit you have access to video tutorials that will show you how to fill out the documents.

    Also included in your toolkit, you can schedule a meeting with one of our experts so he can help you orienting the best way to implement ISO 27001. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/

    This article will provide you further explanation about ISO 27001 implementation:
    - The 3 key challenges of ISO 27001 implementation for SMEs https://advisera.com/27001academy/blog/2017/04/17/the-3-key-challenges-of-iso-27001-implementation-for-smes/

    These materials will also help you regarding ISO 27001 implementation:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/
    - ISO 27001: An overview of the ISMS implementation process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/

  • Questions on internal audit


    The standard does not define how often the internal audit should be performed, but usually the entire scope of the QMS (Quality Management System) is covered with internal audit within one year period.

    How is the importance of processes shown in the audit programme? For example, choosing not to audit resource management during one audit cycle to focus on other parts of the standard?

    Very common and easy way to demonstrate importance of certain processes is to audit them more than the other processes, for example, you can audit the manufacturing process twice a year and the rest of the processes only once a year.

    Is there a preview of the ISO 13485 audit checklist for ISO 27001 internal audits also?

    Here you can download free previews of:
    - ISO 13485 Internal Audit Checklist https: //advisera.com/13485academy/documentation/internal-audit-checklist-iso-13485-2016/
    - ISO 27001 Internal Audit Checklist https://advisera.com/27001academy/documentation/internal-audit-checklist/

  • Frequency of performing internal audit of ISMS


    Answer: ISO 27001 is not prescriptive about a specific frequency to perform internal audits, but when defining it, the standard requires you to take in consideration the importance of the processes concerned and the results of previous audits (the more problematic or critical is the process, more frequent it should be audited, and vice versa). Additionally, if your organization is iso 27001 certified, the certification auditor will expect to see internal audit performed at least once a year, so you also should take this in consideration.

    This article will provide you further explanation about planing audits:
    - How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

    These materials will also help you regardi ng planing audits:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • BC policy and BC framework


    Answer: The business continuity framework defines which elements are part of an business continuity approach (e.g., Business Impact Analysis, Risk Assessment, Business Continuity Plans and tests, etc.), while a business continuity policy defines the general guidelines for the business continuity (e.g., its purpose, objectives, management commitment, etc.)

    2 - Definitions for mission critical /important/ vital assets in an organization? How are they determined?

    Answer: These definitions are determined considering the relation and impact of the assets to the business functions. Generally, they can be defined as follows:
    - Mission critical assets are related to the purpose of the organization (without them an organization is unable to serve its customers).
    - Important assets generally means assets which failure or unavailability can severely impair business operations.
    - Vital assets generally means assets which failure or unavailability ca n prevent one or more business processes to work (mission critical assets are one kind of vital assets, specific or related to processes which serve the customers).

  • Documenting policies


    Answer: ISO 27001 is not prescriptive about how to document your information, so you can put all policies into a single document. To have all policies in a single document can make easier to manage them, but you have to take care not to finish with a document so big that it will become difficult or annoying for user to handle them.

    These articles will provide you further explanation about how manage policies:
    - One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
    - Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/

  • Access control policy: A.9.2.3

    The control A.9.2.3 (Management of privileged access rights) is covered in sections 3.4 (Privilege management) and 3.5 (Regular review of access rights).

    This article will provide you further explanation about access control:
    - How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/

    This material will also help you regarding access control:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Different legal entities under one certificate


    Answer:

    Yes. You can certify different companies under the same certificate as long as the scope is clear about the different locations and includes products and services of both locations. For example, last year I worked for a group of 4 companies, 4 different legal entities, certified under the same certificate.

    The following material will provide you information about scope:

    - ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015

    - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/

    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/

    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Getting clients as a consultant


    Answer:

    Consider your experience to identify in which sectors and for what kind of organizations you should target your efforts. Preferably, before contacting them, you should build ways of showing who you are, what you do, and how you can help. You can use e-mails, newsletters, starting a blog, publishing articles in technical magazines or professional networks, volunteer to speak in conferences, ask for introductions. Another way is to contact consulting companies, perhaps they are looking for a junior with hands-on experience.

    The following material will provide you information about scope:

    - Free webinar – Free webinar – How to sell ISO consulting services - https://advisera.c om/9001academy/webinar/how-to-sell-iso-consulting-services-free-webinar/

    - ISO 9001 - How to become an ISO 9001 consultant - https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/

  • PEST, SWOT and the Quality Manual


    Answer:

    You can have your PEST and SWOT analysis documented as an input to your management review. Using the actual PEST and SWOT analysis in your quality manual, normally implies that you should update your quality manual more frequently. Like with quality objectives, in the quality manual we say that we have quality objectives but document them elsewhere.

    The following material will provide you information about context and quality manual:

    - ISO 9001 – ISO 9001:2015 Case study: Context of the organization as a success factor in manufacturing company - https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/

    - The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/ n-iso-90012015/

    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/

    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • External Auditor versus Lead Auditor


    Answer: An external auditor can be a second-party auditor (who performs audits in an organization in name of another organization) or a third-party auditor (who performs audits in an organization in the name of a certification body). For third-party auditors the lead auditor qualification is mandatory. As for the second-party auditor, the lead auditor qualification may be optional, depending on the requirements of the organization demanding the audit (in general organizations the lead auditor qualification is required, because the interaction with other organizations has additional steps and phases that are not covered by internal auditor qualifications).

    If your purpose is to audit other sites of your own organization, then the internal audit qualification is sufficient.

    These articles will provide you further explanation about internal and external auditor qualification:
    - Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    These materials will also help you regarding internal audit:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Page 815-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +