Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Threat Value VS Vulnerability Value


    Answer: First, let's start with the relation between them. According ISO 27000 (Overview and vocabulary), threat is a potential cause of an incident, something that can harm an organization, system or asset (e.g., fire, malicious software, industrial espionage, etc.). A vulnerability is a weakness in an element (e.g, an asset or control) that can be exploited by one or more threats (e.g., lack of training, careless software development, etc.). So, they are separate things and if one has a high value it does not mean the other will automatically have a high value too.

    Regarding how to evaluate threats and vulnerabilities values, some common used criteria are:
    - Threats: how many vulnerabilities it can exploit, how easy it is to be used, how many resources it requires.
    - Vulnerabilities: how well are they known, how easy they are to be exploited, how easy they to can be accessed by an attacker.

    These articles will provide you further explanation about threats and vulnerabilities:
    - ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
    - Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/

    These materials will also help you regarding threats and vulnerabilities:
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • FICHA DE PROCESO

    Una ficha de proceso o caracterización de proceso se trata del mismo concepto y puede ser considerado como una información de ayuda que tiene por objeto incluir aquellas características relevantes para el control de las actividades definidas en el mapa de procesos así como para la gestión de procesos.

    La información incluida en una ficha de proceso puede ser variada y debe ser decidida por la organización. Además debe contener la información necesaria para permitir la gestión del proceso.

    Los siguientes conceptos se pueden considerar relevantes para la gestión de procesos y una empresa puede decidir si incluirlo en la ficha de proceso:

    - Misión y objecto

    - Responsable del proceso

    - Alcance del proceso

    - Indicadores del proceso

    - Recursos

    Estos materiales puede ayudarle con respecto a la documentación ISO 9001:

    - Libro "Gestión de documentación ISO: una guia en un lenguaje sencillo": https://advisera.com/books/gestion-de-documentacion-iso-una-guia-en-un-lenguaje-sencillo/

    - Cursigratuito en línea: "Curso fundamentos ISO 9001"
    https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

    - Conformio (herramienta en línea para ISO 9001): https://advisera.com/conformio/

  • ISO 20000 implementation


    Answer:
    I assume you have support of your management and required resources (e.g. IT Service Management (ITSM) tool, human resources, etc.). If not - you have to ensure that before you begin.
    Since you are small company - don't exaggerate with project (organization) setup. Keep basic characteristics of the project structure.
    If you don't know your ITSM state compared to ISO 20000 - do the GAP Analysis (https://advisera.com/20000academy/itil-iso-20000-tools/itil-gap-analysis-tool/).
    So, you are ready to start. Following the standard's structure is good idea. You can also see the structure of the ISO 20000 toolkit and follow the sequence of the toolkit (see https://advisera.com/20000academy/iso-20000-documentation-toolkit/)

    Finally, this article can help you: "12 steps for ISO 20000 implementation" https://advisera.com/20000academy/blog/2016/09/06/12-steps-for-iso20000-implementation/

  • Identificación de aspectos ambientales


    Mi respuesta:

    Es necesario identificar los aspectos ambientales de las actividades, productos y servicios de la organización dentro de el alcance que haya sido definido dentro del sistema de gestión ambiental, y considerando la perspectiva de ciclo de vida. "Alcance" de un SGA incluye las funciones de la organización, los límites físicos y sus actividades, productos y servicios a los cuales aplicarán los requisitos de la norma ISO 14001. Por otro lado, sólo se deben de considerar los aspectos que la organización pueda controlar y aquellos que puedan influir, teniendo en cuenta desarrollos nuevos o en planificación así como actividades, productos y servicios tanto nuevos o en planificación.

    Para más información, vea el artículo "4 pasos en la identificación y evaluación de aspectos ambientales": https://advisera.com/14001academy/es/knowledgebase/4-pasos-en-la-identificacion-y-evaluacion-de-aspectos-ambientales/

    Esto s materiales también le ayudarán con respecto a la norma 14001 y la identificación de aspectos ambientales:

    - Libro "Preparación para el proyecto de implementación ISO: una guía en un lenguaje sencillo": https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/

    - Cpacitación gratuita en línea: Curso fundamentos ISO 14001 https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

    - Conformio (herramienta en línea para ISO 14001): https://advisera.com/conformio/

  • Implementing ISO 9001 to only one department


    Note:- Organization is at single Physical location do not have any sub-office or do not have any branch.

    Answer:

    In theory, ISO 9001 can apply to one department but such implementation will have too many constrains. You will need to consider the rest of the company as a customer basically, and you will still need to implement processes that already exist in the company for this one single department. This doesn't make too much sense since implementing the standard in this way will have very limited affect on the quality of the product and services and real customers, so I would suggest you to avoid it and implement the standard for entire organization because the level of effort will be pretty much the same.

    For more information, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/

  • Integrating OHSAS 18001 with ISO 9001 and ISO 14001


    Answer:

    The fact that MR (management Representative) by ISO 9001 and ISO 14001 doesn't mean it is to forbidden to have one. You can decide to keep MRs for ISO 9001 and ISO 14001 in addition to MR for OHSAS 18001, or you can just write in your IMS manual who is MR for OHSAS 18001 and what are his or her responsibilities. The only way how you can have nonconformity regarding MR is not to appoint one for OHSAS 18001.

    For more information, see: Which roles and responsibilities should exist in the OH&SMS according to OHSAS 18001? https://advisera.com/18001academy/blog/2016/01/13/which-roles-and-responsibilities-should-exist-in-the-ohsms-according-to-ohsas-18001/

  • Identification and traceability


    What is your opinion? Thank you for your time and attention.

    Answer:

    The worst thing you can do is to hire two consultants at the same time, it is the safest way to get conflicting information :) Jokes aside, the standard requires organization to apply methods for identification and traceablity only to the outputs of its processes, not the inputs (raw materials, etc.). If you don't have explicit requirement from your cu stomer to perform identification and traceability of your raw materials, you don't have to do it.

    For more information, see: How to use ISO 9001 to facilitate the manufacturing of a complex product https://advisera.com/9001academy/blog/2016/02/02/how-to-use-iso-9001-to-facilitate-the-manufacturing-of-a-complex-product/

  • Certified internal auditors


    Answer:

    There is no requirement for internal auditors to be certified, thy only need to be familiar with requirements of the standard and auditing techniques. Your existing auditors just need to get familiar with new requirements of the standard and they will be ready to conduct internal audits.

    Here you can find our, free to attend, ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/

    These materials will also help you regarding internal audit:
    - Book ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/

  • Questions on internal audit


    There is no requirement to establish entire procedure, it enough to establish criteria for selecting the internal auditors and criteria is knowledge of the standard and auditing techniques.

    Is this only the responsibility of management Representative to select the internal auditors or management decision ?

    The standard does not specify who should be appointing internal auditors, it can be the management representative or somebody else, whatever the organization finds the most appropriate.

    How it should be impartial selection?

    Of course, you cannot ensure 100% impartiality, but what the organization should avoid is situation where internal auditor is auditing his own work.

    What if Internal audit delays due to work again and again, will it be count as a non conformity or not?

    No, you can always reschedule the internal audit, bu it is important to perform it. If internal audit program is not followed, it can be considered as nonconformity. For more information, see: What is the ISO 9001 audit program, and how does it work? https://advisera.com/9001academy/blog/2017/01/24/what-is-the-iso-9001-audit-program-and-how-does-it-work/

    These materials will also help you regarding internal audit:
    - Book ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/ "

  • Embedded software


    Answer:

    Embedded software is computer software, written to control machines or devices that are not typically thought of as computers. It is typically specialized for the particular hardware that it runs on and has time and memory constraints.

    The clause refers to organizations that are developing the software, not to the ones that are only using or embedding the software into its products, so you can consider this clause as inapplicable to your organization.
Page 864-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +