Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Property belonging to customers or external providers


    Answer:

    If a customer provides some type of software that it is used for the preparation or execution of an order in the manufacturing process that is included in clause 8.5.3 of ISO 9001:2015. In the case of an external provider, that is included in the same clause if there is some previous agreement about obligations. You can buy an input for your manufacturing process and assume with the external provider that you will not share that input with other organizations. For example, you are a franchisee and receive software from your franchiser with some agreement about intellectual property and other obligations.

    The following material will provide you information about the clause 8.5:

    ISO 9001 – ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/ 0012015-clause-8-5-product-realization-practical-examples-for-compliance/
    free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    -book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Data Subject Access Form


    Answer:

    The “Data Subject Access Form” https://advisera.com/eugdpracademy/documentation/data-subject-access-request-form/ can be used for all the rights of the data subject, it makes no sense to have a special form for all data subject rights otherwise you will end up with lots of document with similar content. So, my advice is to use the “Data Subject Access Form” for any instances where data subject makes a request.

    The same is applicable for providing the response, you can use “Data Subject Disclosure Form” https://advisera.com/eugdpracademy/documentation/data-subject-disclosure-form/ for providing a response to all data subject`s requests.

    Both template documents mentioned above can be found in folder 4 “Managing Data Subject Rights” in our EU GDPR implementation toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

  • Implementing ISO 27001


    Can you provide some guidance?

    XXXX is a tiny company - just me and my co-founder. However, I am finding that some of my larger prospects require ISO 27001 certification. So I want to move through this process ASAP. Unfortunately, due to budget constraints, I'm on my own.

    How can I minimize the time required and get certified quickly, but also with quality?

    Answer: The documents in your toolkit are placed in folders in the precise order and structure for your ISMS to be implemented, so to begin your implementation and avoid confusion you should follow this structure (e.g., first the procedure for document and record control, after that the procedure for identification of requirements, then the ISMS scope document, and so on...).

    Regarding the number of documents, the "List of documents" file highlights the mandatory documents, so you should focus on them and keep the implementation of other templates at the minimum.

    Included in your toolkit you have access to video tutorials that will show you how to fill out the documents.

    Also included in your toolkit, you can schedule a meeting with one of our experts so he can help you orienting the best way to implement ISO 27001. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/

    This article will provide you further explanation about ISO 27001 implementation:
    - The 3 key challenges of ISO 27001 implementation for SMEs https://advisera.com/27001academy/blog/2017/04/17/the-3-key-challenges-of-iso-27001-implementation-for-smes/

    These materials will also help you regarding ISO 27001 implementation:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/
    - ISO 27001: An overview of the ISMS implementation process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/

  • Questions on internal audit


    The standard does not define how often the internal audit should be performed, but usually the entire scope of the QMS (Quality Management System) is covered with internal audit within one year period.

    How is the importance of processes shown in the audit programme? For example, choosing not to audit resource management during one audit cycle to focus on other parts of the standard?

    Very common and easy way to demonstrate importance of certain processes is to audit them more than the other processes, for example, you can audit the manufacturing process twice a year and the rest of the processes only once a year.

    Is there a preview of the ISO 13485 audit checklist for ISO 27001 internal audits also?

    Here you can download free previews of:
    - ISO 13485 Internal Audit Checklist https: //advisera.com/13485academy/documentation/internal-audit-checklist-iso-13485-2016/
    - ISO 27001 Internal Audit Checklist https://advisera.com/27001academy/documentation/internal-audit-checklist/

  • Frequency of performing internal audit of ISMS


    Answer: ISO 27001 is not prescriptive about a specific frequency to perform internal audits, but when defining it, the standard requires you to take in consideration the importance of the processes concerned and the results of previous audits (the more problematic or critical is the process, more frequent it should be audited, and vice versa). Additionally, if your organization is iso 27001 certified, the certification auditor will expect to see internal audit performed at least once a year, so you also should take this in consideration.

    This article will provide you further explanation about planing audits:
    - How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

    These materials will also help you regardi ng planing audits:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • BC policy and BC framework


    Answer: The business continuity framework defines which elements are part of an business continuity approach (e.g., Business Impact Analysis, Risk Assessment, Business Continuity Plans and tests, etc.), while a business continuity policy defines the general guidelines for the business continuity (e.g., its purpose, objectives, management commitment, etc.)

    2 - Definitions for mission critical /important/ vital assets in an organization? How are they determined?

    Answer: These definitions are determined considering the relation and impact of the assets to the business functions. Generally, they can be defined as follows:
    - Mission critical assets are related to the purpose of the organization (without them an organization is unable to serve its customers).
    - Important assets generally means assets which failure or unavailability can severely impair business operations.
    - Vital assets generally means assets which failure or unavailability ca n prevent one or more business processes to work (mission critical assets are one kind of vital assets, specific or related to processes which serve the customers).

  • Documenting policies


    Answer: ISO 27001 is not prescriptive about how to document your information, so you can put all policies into a single document. To have all policies in a single document can make easier to manage them, but you have to take care not to finish with a document so big that it will become difficult or annoying for user to handle them.

    These articles will provide you further explanation about how manage policies:
    - One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
    - Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/

  • Access control policy: A.9.2.3

    The control A.9.2.3 (Management of privileged access rights) is covered in sections 3.4 (Privilege management) and 3.5 (Regular review of access rights).

    This article will provide you further explanation about access control:
    - How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/

    This material will also help you regarding access control:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Different legal entities under one certificate


    Answer:

    Yes. You can certify different companies under the same certificate as long as the scope is clear about the different locations and includes products and services of both locations. For example, last year I worked for a group of 4 companies, 4 different legal entities, certified under the same certificate.

    The following material will provide you information about scope:

    - ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015

    - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/

    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/

    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Getting clients as a consultant


    Answer:

    Consider your experience to identify in which sectors and for what kind of organizations you should target your efforts. Preferably, before contacting them, you should build ways of showing who you are, what you do, and how you can help. You can use e-mails, newsletters, starting a blog, publishing articles in technical magazines or professional networks, volunteer to speak in conferences, ask for introductions. Another way is to contact consulting companies, perhaps they are looking for a junior with hands-on experience.

    The following material will provide you information about scope:

    - Free webinar – Free webinar – How to sell ISO consulting services - https://advisera.c om/9001academy/webinar/how-to-sell-iso-consulting-services-free-webinar/

    - ISO 9001 - How to become an ISO 9001 consultant - https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/
Page 815-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +