Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Data Protection Impact Analysis
Answer: I approximately 2 months from now we will launch the EU GDPR Toolkit which will contain checklists and all other documentation required to ensure compliance with EU GDPR, including templates to help with DPIA. -
ISO 27001 and business continuity
Answer: ISO 27001 aspects on business continuity process (section A.17 from ISO 27001 Annex A) are related to ensuring the availability of information and information systems during either crisis or disaster situations. So while ISO 22301 has a holistic view of business continuity (as you pointed), ISO 27001 focuses on the information aspects of business continuity.
2 - Do you have a 1-day programme or course outline and notes or pointers fort self-study on the topic of Understanding & applying ISO22301 the faster or easy way?If you do would it be possible that you email it o me as I like to know the process thoughts.
Answer: For understanding and application of ISO 22301 I can suggest these material:
- What is ISO 22301? https://advisera.com/27001academy/knowledgebase/what-is-iso-22301/
- Implementing Bus iness Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/
- Writing a business continuity plan according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
- Developing the business continuity strategy according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-22301-free-webinar-on-demand/
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Threat Value VS Vulnerability Value
Answer: First, let's start with the relation between them. According ISO 27000 (Overview and vocabulary), threat is a potential cause of an incident, something that can harm an organization, system or asset (e.g., fire, malicious software, industrial espionage, etc.). A vulnerability is a weakness in an element (e.g, an asset or control) that can be exploited by one or more threats (e.g., lack of training, careless software development, etc.). So, they are separate things and if one has a high value it does not mean the other will automatically have a high value too.
Regarding how to evaluate threats and vulnerabilities values, some common used criteria are:
- Threats: how many vulnerabilities it can exploit, how easy it is to be used, how many resources it requires.
- Vulnerabilities: how well are they known, how easy they are to be exploited, how easy they to can be accessed by an attacker.
These articles will provide you further explanation about threats and vulnerabilities:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
These materials will also help you regarding threats and vulnerabilities:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
FICHA DE PROCESO
Una ficha de proceso o caracterización de proceso se trata del mismo concepto y puede ser considerado como una información de ayuda que tiene por objeto incluir aquellas características relevantes para el control de las actividades definidas en el mapa de procesos así como para la gestión de procesos.
La información incluida en una ficha de proceso puede ser variada y debe ser decidida por la organización. Además debe contener la información necesaria para permitir la gestión del proceso.
Los siguientes conceptos se pueden considerar relevantes para la gestión de procesos y una empresa puede decidir si incluirlo en la ficha de proceso:
- Misión y objecto
- Responsable del proceso
- Alcance del proceso
- Indicadores del proceso
- Recursos
Estos materiales puede ayudarle con respecto a la documentación ISO 9001:
- Libro "Gestión de documentación ISO: una guia en un lenguaje sencillo": https://advisera.com/books/gestion-de-documentacion-iso-una-guia-en-un-lenguaje-sencillo/
- Cursigratuito en línea: "Curso fundamentos ISO 9001"
https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio (herramienta en línea para ISO 9001): https://advisera.com/conformio/ -
ISO 20000 implementation
Answer:
I assume you have support of your management and required resources (e.g. IT Service Management (ITSM) tool, human resources, etc.). If not - you have to ensure that before you begin.
Since you are small company - don't exaggerate with project (organization) setup. Keep basic characteristics of the project structure.
If you don't know your ITSM state compared to ISO 20000 - do the GAP Analysis (https://advisera.com/20000academy/itil-iso-20000-tools/itil-gap-analysis-tool/).
So, you are ready to start. Following the standard's structure is good idea. You can also see the structure of the ISO 20000 toolkit and follow the sequence of the toolkit (see https://advisera.com/20000academy/iso-20000-documentation-toolkit/)
Finally, this article can help you: "12 steps for ISO 20000 implementation" https://advisera.com/20000academy/blog/2016/09/06/12-steps-for-iso20000-implementation/ -
Identificación de aspectos ambientales
Mi respuesta:
Es necesario identificar los aspectos ambientales de las actividades, productos y servicios de la organización dentro de el alcance que haya sido definido dentro del sistema de gestión ambiental, y considerando la perspectiva de ciclo de vida. "Alcance" de un SGA incluye las funciones de la organización, los límites físicos y sus actividades, productos y servicios a los cuales aplicarán los requisitos de la norma ISO 14001. Por otro lado, sólo se deben de considerar los aspectos que la organización pueda controlar y aquellos que puedan influir, teniendo en cuenta desarrollos nuevos o en planificación así como actividades, productos y servicios tanto nuevos o en planificación.
Para más información, vea el artículo "4 pasos en la identificación y evaluación de aspectos ambientales": https://advisera.com/14001academy/es/knowledgebase/4-pasos-en-la-identificacion-y-evaluacion-de-aspectos-ambientales/
Esto s materiales también le ayudarán con respecto a la norma 14001 y la identificación de aspectos ambientales:
- Libro "Preparación para el proyecto de implementación ISO: una guía en un lenguaje sencillo": https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/
- Cpacitación gratuita en línea: Curso fundamentos ISO 14001 https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
- Conformio (herramienta en línea para ISO 14001): https://advisera.com/conformio/ -
Implementing ISO 9001 to only one department
Note:- Organization is at single Physical location do not have any sub-office or do not have any branch.
Answer:
In theory, ISO 9001 can apply to one department but such implementation will have too many constrains. You will need to consider the rest of the company as a customer basically, and you will still need to implement processes that already exist in the company for this one single department. This doesn't make too much sense since implementing the standard in this way will have very limited affect on the quality of the product and services and real customers, so I would suggest you to avoid it and implement the standard for entire organization because the level of effort will be pretty much the same.
For more information, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/ -
Integrating OHSAS 18001 with ISO 9001 and ISO 14001
Answer:
The fact that MR (management Representative) by ISO 9001 and ISO 14001 doesn't mean it is to forbidden to have one. You can decide to keep MRs for ISO 9001 and ISO 14001 in addition to MR for OHSAS 18001, or you can just write in your IMS manual who is MR for OHSAS 18001 and what are his or her responsibilities. The only way how you can have nonconformity regarding MR is not to appoint one for OHSAS 18001.
For more information, see: Which roles and responsibilities should exist in the OH&SMS according to OHSAS 18001? https://advisera.com/18001academy/blog/2016/01/13/which-roles-and-responsibilities-should-exist-in-the-ohsms-according-to-ohsas-18001/ -
Identification and traceability
What is your opinion? Thank you for your time and attention.
Answer:
The worst thing you can do is to hire two consultants at the same time, it is the safest way to get conflicting information :) Jokes aside, the standard requires organization to apply methods for identification and traceablity only to the outputs of its processes, not the inputs (raw materials, etc.). If you don't have explicit requirement from your cu stomer to perform identification and traceability of your raw materials, you don't have to do it.
For more information, see: How to use ISO 9001 to facilitate the manufacturing of a complex product https://advisera.com/9001academy/blog/2016/02/02/how-to-use-iso-9001-to-facilitate-the-manufacturing-of-a-complex-product/ -
Certified internal auditors
Answer:
There is no requirement for internal auditors to be certified, thy only need to be familiar with requirements of the standard and auditing techniques. Your existing auditors just need to get familiar with new requirements of the standard and they will be ready to conduct internal audits.
Here you can find our, free to attend, ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
These materials will also help you regarding internal audit:
- Book ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/