Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Change implementation challenges
Answer:
Here are few biggest challenges I see people are facing during the implementation:
- Resistance to the change in process
- Getting management buy-in
- Roles and responsibilities
- Implementation of the process
- Process (not) supported by tool
This article will help you address and overcome those challenges while implementing Change Management:
"How to overcome barriers while implementing the ITIL/ISO 20000 Change Management process" How to overcome barriers while implementing the ITIL/ISO 20000 Change Management process -
Quality policy and transition
When considering the task of formulating a quality policy I like that organizations focus on their customers and their requirements, because organizations exist with the purpose of serving customers. Considering that, look into the difference between clause 5.2 (ISO 9001:2008) and clause 5.1.2 (ISO 9001:2015). We went from “customer requirements” into “customer and applicable statutory and regulatory requirements”. So, when designing a quality policy the organization compromises should be not only about customer requirements but also about applicable statutory and regulatory requirements.
The following materials will provide you details with quality policy:
- Article - How to Write a Good Quality Po licy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
- White paper - Twelve-step transition process from ISO 9001:2008 to the 2015 revision - https://info.advisera.com/9001academy/free-download/twelve-step-transition-process-from-iso-90012008-to-the-2015-revision/
- Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/ -
External audit principles
Answer:
External audit principles are defined in ISO 19011 and they are the following:
- Have integrity and be professional
- Present fair and truthful results
- Exercise due professional care
- Care about confidentiality
- Be independent and impartial
- Use an evidence-based approach
For more information, see: Benefits and potential problems in becoming an ISO 9001 Lead Auditor https://advisera.com/9001academy/blog/2020/04/10/how-to-become-an-iso-9001-lead-auditor/
These materials will also help you regarding the audit:
- Book Discover ISO 9001:2015 Through Practical Examples https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ -
Responsibilities and process map
Answer:
Assigning responsibilities for processes should be easy. Once you identified the processes, you should put someone in charge of the process, usually it is a manager of the department to which the process belongs, for example, the owner of the production process will be production manager and for sales process the sales manager, and so on.
The key here again is to identify the processes first and then define the sequence and interaction between them. For example, information from sales process goes to design and development, then the design goes to production, then the product goes to storage, distribution and delivery to the customer. For more information, see: How to create an ISO 9001 process flowchart https://info.advisera.com/9001academy/free-download/how-to-create-an-iso-9001-process-flowchart -
ISMS implementation
Answer: Sure. In the following article you can find a sixteen-steps list about how to implement an ISMS:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
For a practical example, I suggest you to take a look at this article: Case study: ISO 27001 implementation in an IT system integrator company https://advisera.com/27001academy/blog/2017/05/08/case-study-iso-27001-implementation-in-an-it-system-integrator-company/
2 - I want to be an expert for security of networks and systems, what can I do?
Answer: To master security of networks and systems you should consider attend courses related to these topics, look for related certifications, and follow already recognized experts on this fields, since they often publish materials that can help one to apply security concepts on his activities.
This article will provide you further explanation about certifications:
- How personal certificates c an help your company’s ISMS https://advisera.com/27001academy/blog/2014/10/06/how-personal-certificates-can-help-companys-isms/
These materials will also help you regarding acquiring knowledge:
- How to learn about ISO 27001 and BS 25999-2 https://advisera.com/27001academy/blog/2010/11/30/how-to-learn-about-iso-27001-and-bs-25999-2/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Disaster recovery and ISO standards
Answer: For Disaster recovery and business continuity the recommended ISO standards are ISO 22301, ISO 22313, and ISO 27031.
ISO 22301 covers the requirements for a business continuity management system, which will help you identify, implement, operate, control and improve the most relevant business aspects to be supported by business continuity and disaster recovery practices.
ISO 22313 covers guidance on how to implement ISO 22301 requirements, business continuity and disaster recovery plans.
ISO 27031 cover guidance on how to implement business continuity and disaster recovery plans on Information and Communication Technology.
For an example of a cycle from establishment of business continuity requirements to a complete plan, please see these articles:
- How to write business continuity plans? https://advisera.com/ 27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/
- Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/
This article will provide you further explanation about ISO standards related to business continuity and disaster recovery:
- ISO 22301 vs. ISO 22313 https://advisera.com/27001academy/blog/2013/05/21/iso-22301-vs-iso-22313/
- Understanding IT disaster recovery according to ISO 27031 https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/
These materials will also help you regarding disaster recovery:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Writing a business continuity plan according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/ -
ISMS gap analysis
Answer: Sure. To verify the current status of your ISMS you can use our Free ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
This tool can help you see how much of ISO 27001 you have implemented so far, considering the management system requirements and security controls. -
List of requirements template
Answer: In the "requirement" column you must write what is the requirement to be fulfilled (e.g., only authorized personnel can have access to customer information). In the column "document stipulating the req" you must write the document that defines the requirement (e.g., law xyz, contract abc, etc.).
Unfortunately we do not have an specific tutorial or webinar for filling this document, but included in the toolkit you bought you can schedule a meeting with one of our experts, so he can help you filling this document, or you can ask for a review of the document you finished, and we will provide you our comments on what you can improve in your document so it can be compliant with the standard.
You can schedule a meeting with one of our experts at this link: https://advisera.com/27001academy/consultation/
This article will provide you further explanation about requirement's identification:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/ -
Cryptography and ISMS
As a cryptography technology, you should consider the applicability of controls from section A.10 (Cryptography) from ISO 27001 Annex A. These controls will help you ensure proper and effective use of cryptography, either by defining which technologies can be used, when, how, and by whom, as well as how cryptographic keys will be protected through their whole life cycle.I suggest you take a look at the free demo of our Policy on the Use of Cryptographic Controls at this link: https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/, so you can have a view of how this policy looks like.
This article will help you regarding ISO 27001 cryptographic controls:
- How to use the cryptography according to ISO 27001 control A.10 https://advisera.com/27001academy/blog/2015/12/14/how-to-use-the-cryptography-according-to-iso-27 001-control-a-10/ This material will also help you regarding ISO 27001 cryptographic controls: - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/