Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Implementation of knowledge management?


    Answer:

    You should determine the knowledge that your organization needs to operate their processes and make products and services according to requirements.
    You should maintain this knowledge and make it available as needed, for example, when new people are contracted.
    Consider your current knowledge when making changes, and determine how you will gain additional or updated knowledge if necessary for the changing needs.

    The following material will provide you information about knowledge management:

    ISO 9001 – How to manage knowledge of the organization according to ISO 9001 - - https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
    free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Implementation of risk management


    Answer:

    There are no mandatory documents required by ISO 9001:2015 to evidence implementation of Risk Management.

    So, you are free to decide how to perform and evidence Risk Management. Normally, organizations create a non-mandatory procedure for addressing risks and opportunities, and generate a Risk Registry to keep a list of updated determined risks and opportunities, their evaluation according to action need; the actions performed and the evaluation of their effectiveness.

    The following material will provide you information about the risk-based approach:

    ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
    List of mandatory docum ents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
    ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
    free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Management system scope change


    Answer:

    Will the acquired company be merged with your organization with the same brand(s) and logo? If yes, your organization is changing the scope of the management system with a new geography/site. In that case your company should contact the Certification Body to inform them about the change.

    The following material will provide you information about the management scope:

    ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
    free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • How do I get consultancy work?

    Thanks. All very good advice and I will follow it up.

  • EU GDPR for the banking sector


    Answer:

    There are no specific DSGVO (EU GDPR) for the banking sector alone, the GDPR is meant to be applicable across industries as long as personal data is being processes. The same is applicable for software development.

    Generally when you are developing a software banking solution this solution would have to be compliant with the “privacy by design” and “privacy by default” principles as provided by article 25 of the EU GDPR (https://advisera.com/eugdpracademy/gdpr/data-protection-by-design-and-by-default/).

    In terms of security measures article 32 of the EU GDPR provides some some security measures you should be considering (https://advisera.com/eugdpracademy/gdpr/security-of-processing/) but there are high level measures so companies are free to take whatever security measures they see fit. Y ou can always use ISO 27001 as a good starting point for your security requirements. For more insight on ISO27001 and EU GDPR you can check our article “ How does 27001 implementation satisfy EU GDPR requirements at: https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/

    Another thing you should consider, if your software is front facing the data subjects, it is the notices you would have to present to the data subjects. Guidance on the notices can be found in folder 2 “Personal data policy framework” in our EU GDPR toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

    Don`t forget also local banking sector specific requirements that might be applicable for banking software especially in terms of security.

  • Risk assessment and BIA


    A risk assessment was done for our company recently. The follow through from here is un-clear.

    Also, how to calculate the Risk rating for the critical services?

    Answer: The information from risk assessment can be used to prioritize which activities to focus first in your BIA, by indicating which business processes are under greater risk, saving time and effort to perform the initial BIA.

    For rating critical services considering the results of a risk assessment you can consider the value of the risks, or the number of risks, associated to a specific service. For example, you can have a service with two high risks associated to it and other with ten medium risks associated to it. Considering your context, in terms of risks maybe the second service is more critical.

    This article will provide you further explanation about risk assessment and BIA:
    - Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/

  • BCP and DRP tests

    https://www.theverge.com/users/custom_write

  • AS9100D Operational Risk Management


    Response:
    With AS9100 Rev D the requirements of clause 8.1.1 are identical to the requirements of AS9100 Rev C Clause 7.1.2. The only difference is that the clause has been changed from being about "risk management" to being about "operational risk management". The reason for this is to separate it from the new requirement (from ISO 9001:2015), clause 6.1, on actions to address risks and opportunities. This new clause deals with identifying and addressing the risks for the QMS (not necessarily risk management, but risk assessment) where as the requirement you ask about is risk manag ement for the operational processes of the organisation only (for example, what risks are there in the product design, the tight delivery schedule, the assembly process, etc). In truth, this has not changed from before.

    So in short, if the process you had in place before was acceptable, then it should remain acceptable now. The only difference in thinking is that now all of operations applies to products and services, so if there is a service you provide the customer (such as turning the customer drawing into computer files for your machines) then the risks from these services need to also be included in the operational risk management.

    If you need to know more about the operational risk management process see this article: https://advisera.com/9100academy/blog/2017/05/15/5-key-elements-of-risk-management-in-as9100-rev-d/

  • Improving an information security program


    Answer: Considering that your audit was based on ISO 27001, the first thing you should do is consider the results of your audit against the results of your risk assessment (if you did not performed a risk assessment, this is a good moment to do that). By doing that you can identify and prioritize which controls to work first based on the quantity or relevance of the risks affected by them.

    Once you have identified which controls to treat first, you should:
    - define objectives to be achieved (based on already existent goals or on new defined goals);
    - analyse the situation of each control, to identify what should be done (eliminate root causes for the problems, or implement potential improvements)
    - define action plans to establish resources, deadlines and respon sible for each action that will be implemented.

    This article will provide you further explanation about implementing improvements:
    -Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/

    These materials will also help you regarding implementing improvements:
    - Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 817-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +