Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • iso27001 and iso20000


    Answer: Although Information Technology and Information Security belong to different domains, they have a considerable overlap that requires that any organizational unit responsible for them to work together. For example, both IT and IS require procedure for incident handling, and to fulfill its mission. Information Technology must integrate information security requirements in its implementation. Regarding information security, when defining which and how to protect information the characteristics of the IT environment should be considered to define the best approach.

    These articles will provide you further explanation about integration between information technology and information security:
    - Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003 https://advisera.com/27001academy/blog/2016/09/05/incidents -in-iso22301-vs-iso27001-vs-iso-20000-vs-iso28003/
    - ISO 27001 vs. ITIL: Similarities and differences https://advisera.com/27001academy/blog/2016/03/07/iso-27001-vs-itil-similarities-and-differences/

    These materials will also help you regarding integration between information technology and information security:
    - How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/

  • Documentación ISO 14001:2015


    Mi respuesta:

    En la nueva versión de la norma hay sólo unos pocos documentos obligatorios que no necesariamente tienen que tener el formato de un procedimiento y son los siguientes:

    - Alcance del SGA (cláusula 4.3)
    - Política ambiental (cláusula 5.2)
    - Riesgos y oportunidades a abordar y procesos necesarios (cláusula 6.1.1)
    - Criterio para la evaluación de aspectos ambientales significativos (cláusula 6.1.2)
    - Aspectos ambientales con impactos ambientales asociados (cláusula 6.1.2)
    - Aspectos ambientales significativos (cláusula 6.1.2)
    - Objetivos ambientales y planes para conseguirlos (cláusula 6.2)
    - Control operacional (cláusula 8.1)
    - Preparación y respuesta a emergencias (cláusu la 8.2)

    Además existen una serie de registros obligatorios que la organización necesita mantener como: Registro de obligaciones de cumplimiento (cláusula 6.1.3); Registro de capacitación, habilidades, experiencia y cualificaciones (cláusula 7.2), etc

    En este artículo puede encontrar los documentos y registros obligatorios así como los procedimientos más comúnmente utilizados: https://advisera.com/14001academy/es/knowledgebase/list-of-mandatory-documents-required-by-iso-140012015/

    Por otro lado, una buena planificación de la implementación puede ayudar en gran medida a la hora de implementar la norma ISO 14001 y así trabajar con vistas a la certificación. Así que tome el tiempo que sea necesario para planificar y saber qué recursos se requieren, ya que esto por un lado , ahorrará tiempo a la organización y por otro, más tarde, recursos.

    Para más información sobre los pasos en la implementación y certificación, puede ver: https://advisera.com/14001academy/es/knowledgebase/lista-de-pasos-para-la-implementacion-de-la-iso-14001/

    Estos materiales además pueden ayudarle con la implementación de la norma ISO 14001:2015:

    - Libro "Preparación para el proyecto de implementación: una guía en un lenguaje sencillo"":https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/

    - Curso gratuito en línea : Curso de fundamentos ISO 14001: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

    - Conformio (herramienta en línea para ISO 14001): https://advisera.com/conformio/

  • Which standard to use in internal audits

    You're welcomed

  • Competence requirement for job position


    Answer:

    The requirements for competency (appropriate level of education, experience, training) is usually not included in the procedure but other documents in such as job description. The standard requires the organization to ensure that any person(s) under its control performing tasks that can impact on OH&S is (are) competent on the basis of appropriate education, training or experience, but it doesn't require organization to document competency requirements for each job position.

    In order to check whether the facility manager has appropriate level of competency, and again the standard only refers to the competence regarding occupational health and safety, you need to speak with the facility manager superior or HR department and see what are the re quirements and does this person meets these requirements.Also, if some operational controls are related to this job position and require training, you need to see if there is a record that demonstrates that this person had this training, and knows how to apply these particular operational controls.

    For more information, see: The importance of training and awareness in OHSAS 18001 https://advisera.com/18001academy/blog/2015/07/01/the-importance-of-training-and-awareness-in-ohsas-18001/

  • Documented information vs documents and records


    Answer:

    "Documented information" is the term that covers both documents and records and there is a little hint on how to determine whether the standard is requiring a document or a record. When you come across a phrase "maintain documented information", it means that you need to create a document, e.g. quality policy, the term "retain documented information as an evidence" means that you need to create a record, e.g. record about management review.

    For more information, see: A new approach to documented information in ISO 14001:2015 https://advisera.com/14001academy/blog/2015/08/24/a-new-approach-to-documented-information-in-iso-140012015/

    These materials will also help you regarding documentation:
    - Book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
    - Free online training ISO 14001:2015 Foundations Course https://training.a dvisera.com/course/iso-14001-foundations-course/
    - Conformio (online tool for ISO 14001) https://advisera.com/conformio/

  • Internal Audit - Technical Knowledge

    Although high level of technical knowledge is desirable, it is not mandatory for an ISO 27001 internal auditor, because he can work together with an expert in the field being audited to provide the necessary support.

    An internal auditor must have knowledge about ISO 27001 standard and audit process and techniques, which can be acquired through attending ISO 27001 audit-related courses.

    These articles will provide you further explanation about ISO 27001 internal auditor:
    - Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
    - How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/

    These materials will also help you regarding ISO 27001 internal auditor:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • Audit Plan

    The audit plan is written considering all departments, processes, and/or locations included in the ISMS scope (all scope must be audited). Starting from these you can decide to perform a single audit to cover all scope, or multiple audits considering smaller parts of the scope on each one, to verify compliance with the standard's requirements as well as with other requirements established in the ISMS.

    This article will provide you further explanation about audit plan:
    - How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

    These materials will also help you regarding audit plan:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • Internal Audit - Lack of Documentation

    If the documentation that is missing is mandatory to start the audit, or if by making it available during the audit the audit team cannot assure the related processes are being performed as planned, then the internal audit should not be performed. In any other cases the audit team can adjust the audit plan to cover the processes related to the missing document at the end of the audit, giving time for the documentation to be ready to be evaluated.

    But you should note that this situation must be informed and recorded either at the audit opening meeting as well as at the audit closing meeting. This way the audit team can make the situation and results clear to all involved.

    In case you want to perform this internal audit before the implementation of a standard is done, then it would be better to perform the Gap analysis instead of internal audit. For more information about gap analysis and internal audit, please see this article: Gap analysis vs. internal audit in ISO 9001 https://advisera.com/9001academy/blog/2015/02/17/gap-analysis-vs-internal-audit-iso-9001//

    This arti cle will provide you further explanation about internal audit:
    - How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

    These materials will also help you regarding internal audit:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • Address for certification


    Answer: I don't know the legal requirements of your country to start a company, but in terms of certification you should have at least one dedicated office location (company's headquarters), where the people accountable for the company can be found. This dedicated office can be the home address of the founder / CEO of the company. You can present this address as company's address and all other locations can be considered remote locations and can be audited accordingly.

  • Cybersecurity and ISO 9001


    Answer: Cybersecurity is the protection of computer systems from situations that can prevent them to fulfill their intended objectives, and ISO 9001 is a standard related to quality management, with focus on meeting customer's requirements and ensure their satisfaction.

    That said, cybersecurity can be related to ISO 9001:2015 if your organization depends on computer systems to meet the customer's requirements. This dependency can be either stated explicitly by the customer, or it can be identified by the organization itself as a critical success factor to meet customers demands.
    For cybersecurity implementation you can use ISO 27001, which can use ISO 9001 as support. For more infotmation about ISO 27001 and ISO 9001, please see:
    - Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
    - ISO 27001 implementa tion: How to make it easier using ISO 9001 [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/
Page 848-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +