Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Toolkit content

    - NOC (network operations center) policy
    - Log Management – not as part of the annex a section A12 operating procedures
    - Capacity Management/Business Capacity
    - Client Complaint Policy

    Answer: These documents you mentioned are not mandatory for ISO 27001, and they are not usually used by smaller companies, that's why we didn't include specific template for them in the toolkit, but regarding the Log Management, you can use the content of Operating Procedures for Information and Communication Technology template to create a specific document using blank template that comes with your toolkit.

    Our toolkits focus on small and mid-size companies, and that's the reason we do not write documents to cover each control – for those companies this large number of documents would result in an overkill for many of them. Instead of that a single template may cover multiple controls.

    If you consider that these documents are needed for your organization, i ncluded in your toolkit you can schedule a meeting with one of our experts and he can help you elaborate such documents. To schedule a meeting with one of our experts, please access this link: https://advisera.com/27001academy/consultation/

  • Templates content differences


    Could you explain essence and main differences between next tree documents?

    Appendix_1_Risk_Assessment_Table_EN.xlsx, Appendix_2_Risk_Treatment_Table_EN.xlsx, and Risk_Treatment_Plan_EN.docx

    Answer: Sure.

    The Appendix_1_Risk_Assessment_Table_EN.xlsx is the document used to list all identified risks during the risk assessment and currently related implemented controls (when they exist).

    The Appendix_2_Risk_Treatment_Table_EN.xlsx is the document used to select treatment options and controls.

    Finally, the Risk_Treatment_Plan_EN.docx is the document where you list all the actions and resources needed to implement the treatment options identified on the Risk Treatment Table, as well as the respective deadlines and responsible people.

    As you can see, from the Risk assessment table to the risk treatment table, the information becomes more focused on the risks that must be treated. You could have all this information on a single document, but this will make it more complex to handle.

    By the way, included in the toolkit you bought you have access to video tutorials that will explain you about these documents and how to fill them in.

    This article will provide you further explanation about risk treatment and risk treatmewnt plan:
    - Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

  • Template customization


    Answer: The internal audit checklist is based on the clauses of the standard, but you are free to include additional questions (e.g., questions that would cover controls not listed on ISO 27001 Annex A), or change the existing ones if you understand another text will make the checklist cover the requirements of the company own documentation.

    This article will provide you further explanation about elaborating checklists:
    - How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

    These materials will also help you regarding audit checklists:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 INTERNAL AUDITOR COURSE https://advisera.com/training/iso-27001-internal-auditor-course/

  • Graphical presentation of risks

    Thanks; that's really helpful.

  • How PDCA meets the sections of AS9100 Rev D


    Answer:
    The AS9100 Rev D standard follows the PDCA cycle very well, and has been written in this order. Plan is covered by Sections 4(context), 5(leadership) & 6(planning). Do is covered by Sections 7(support) & 8(operation). Check is covered in section 9 (Performance evaluation). Act is covered in section 10 (improvement)
    For more on how this works see this article: https://advisera.com/9100academy/knowledgebase/pdca-cycle-in-as9100-rev-d/

  • Can you certify to AS9102?


    Answer:
    Unlike AS9100, you cannot be certified against AS9102. AS9102 is a support standard that gives you the best practice for First Article Inspection, but is not required for AS9100 certification, nor is it designed to be certified against.
    If you want to know more about the support standards for AS9100 see this article: https://advisera.com/9100academy/blog/2017/10/23/how-does-as9101-as9102-as9103-relate-to-as9100-rev-d/

  • Certification and compliance


    Answer:

    Each country has its own legislative and regulatory framework. Normally, in Europe there is no requirement for certification. About chemical compounds to introduce in the European Union you should check Regulation (EC) No 1907/2006.

  • Certification scope


    Answer:

    I understand that you are asking if your organization should certify the remaining 8 branches that are not yet certified. The scope of implementation it is not a technical decision, it is a business decision based on your business objectives:
    - If the certificate is required by some of your customers, then those customer probably defined what should be the scope
    - Sometimes it is not possible to exclude some of the departments/locations/organizational units outside of the scope because they are too crucial part of the process
    - Sometimes it is desirable to exclude some of the departments/locations/organizational units because they are not important for e.g. QMS.

    Once your organization decide this, then you can go and make an arrangement with the certification body about the scope of certification. The main concern of the certification body is t he avoidance of misleading information.

    The following material will provide you information about correction, corrective and preventive actions:
    - ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
Page 836-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +