Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Standard for Disaster Recovery

    What is the best Iso norme for Drp ( Disaster recovery plan)

    Answer: For information and communication technology readiness, the main ISO standard for disaster recovery is ISO 27031 (Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity). For a more systemic view you may consider ISO 22301 (Societal security -- Business continuity management systems --- Requirements), which provides you a basis for the business continuity management, which also includes disaster recovery planning, and the practices of ISO 22313 (Societal security -- Business continuity management systems -- Guidance).

    These articles will provide you further explanation about ISO 27031, ISO 22301 and ISO 22313:
    - Understanding IT disaster recovery according to ISO 27031 https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/
    - What is ISO 22301? | 27001Academy - Advisera https://advisera.com/27001academy/what-is-iso-22301/
    - ISO 22301 vs. ISO 22313 https://advisera.com/27001academy/blog/2013/05/21/iso-22301-vs-iso-22313/

    This material will also help you regarding Business continuity management:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • ISO 27001 Annex A


    "Answer: The Annex A is at the end if the ISO 27001 standard. The controls objectives can be found right below the title of the sub-section of the control you want to apply."

    But we cannot find Annex A.

    Answer: Unfortunately Annex A is not a part of the toolkit, because it is a part of ISO 27001 standard, published by ISO (https://www.iso.org), and we cannot make it available as part of our toolkit because that would be a violation of ISO's intellectual property rights..

    You can buy ISO 27001:2013 standard at this link: https://www.iso.org/standard/54534.html

    In our template for Statement of Applicability you'll find a list of all the controls from the Annex A, and in the folder "08 Annex A" you will find all the templates you need to become compliant with the Annex A.

    For getting an overview of Annex A, I suggest you to attend our free online ISO 27001:2013 Foundations Course (https://advisera.com/training/iso-27001-foundations-course/)

  • Keeping records for certification audit


    Answer:

    If the organization has implemented the standard for the first time, the records should be kept from the moment when the standard was implemented and documents and records are approved. It wouldn't be reasonable to expect from organizations to keep documents required by the standard or be compliant with the standard before the implementation.

  • Uncontrolled Copy and New Issues in ISO 9001 2015

    So, there will be no more unreasonable & conflicting finding on each assessment..regards : sfroel

  • Mejora continua

    La mejora continua se lleva a cabo mediante los objetivos que establece la alta dirección. Como mínimo los objetivos de calidad deben de abordar:
    - La mejora de la eficiencia interna
    - Los requisitos de los clientes individuales
    - El nivel de desempeño que espera tu sector del mercado .

    Cada mejora requiere del compromiso de los recursos, los cuales estarán priorizados por la alta dirección, especialmente si es necesaria una inversión.

    Las oportunidades de mejora se obtienen de las siguientes fuentes:
    - Satisfacción del cliente
    - Reclamaciones y opiniones de los clientes
    - Investigación y análisis de mercado
    - Aportaciones de los empleados, proveedores y otras partes interesadas
    - Auditorias internas y externas del sistema de calidad
    - Registros de no conformidades de producto o proceso
    - Datos y características de procesos y productos, así como sus tendencias

    El procesos de mejora continua e trata de un requerimiento que no es obligatorio documentar. Sin emba rgo la implementación de un procedimiento para la mejora continua es apropiado para la mayoría de los negocios.

  • BS EN ISO IEC 27001 2017


    https://www.bsigroup.com/en-GB/iso-27001-information-security/BS-EN-ISO-IEC-27001-2017/

    Info is from this website, plus there are others referring to it.

    Answer: The change was only in the presentation form of clause 6.1.3 d), related to the Statement of applicability, and does not include any new requirements. You can see the ISO TECHNICAL CORRIGENDUM 2, that defined this change, released at 2015-DEC-01, at this link: https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:cor:2:v1:en

    Former text: "d) produce a Statement of Applicability that contains the necessary controls (see 6.1.3 b) and c)) and justification for inclusions, whether they are implemented or not, and the justification for exclusions of controls from Annex A;"

    New text: "d) produce a Statement of Applicability that contains:
    - the necessary controls (s ee 6.1.3 b) and c));
    - justification for their inclusion;
    - whether the necessary controls are implemented or not; and
    - the justification for excluding any of the Annex A controls."

  • Identifying threats and vulnerabilities


    Answer: I'm assuming you are talking about the article "ISO 27001 risk assessment: How to match assets, threats and vulnerabilities" (https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/). That said, technically there is no difference if you start first with identifying threats or vulnerabilities (this choice is basically upon which element you know best considering your context). However, in operational terms, the best approach is to identify the vulnerabilities first, since they are easier to be confirmed (assets and controls that may have them are under your management). In case of threats, specially those external to your organization, not always you will have enough information to confirm if they are applicable.

    This material will also help you regarding threats and vulnerabilities:
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Roles and responsibilities in incident management


    Answer: There is no specific template, or section in the templates, covering the definition of roles and responsibilities because these are described all along the documents. Please note that any time that there is an action to be performed there is also an associated field called [job title], or similar, identifying who should be responsible for that.

  • Selection of internal auditors

    Nosotros tenemos un comité de implementación (quien lleva la implementación) y estamos en la fase de verificación de los controles implementados.
    Mi consulta es si las auditorías internas nos corresponde hacerlas nosotros o personal externo especializado en el tema.

    (Our institution is in the process of implementing the NTP-ISO / IEC 27001: 2014 (it is the Peruvian Technical Standard that adopted in ISO 27001: 2013).
    We have an implementation committee (who is implementing) and we are in the verification phase of the implemented controls.
    My query is if the internal audits we are required to do by us or external staff specialized in the subject.)

    Answer: According to ISO 27001, clause 9.2 e), to select internal auditors you only have to ensure objectivity and the impartiality of the audit process, and for doing this you can either use external staff or organization's staff that is not direct ly involved in the process being audited (an auditor should not audit his own work).

    These articles will provide you further explanation about Selection of internal auditors:
    - How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
    - Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
    - Dilemmas with ISO 27001 & BS 25999-2 internal auditors https://advisera.com/27001academy/blog/2010/03/22/dilemmas-with-iso-27001-bs-25999-2-internal-auditors/

    These materials will also help you regarding Selection of internal auditors:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Lead auditor certification requirements


    Answer: No. The required hours of observation for ISO 27001 Lead Auditor certification must be related to ISO 27001 audits.

    These articles will provide you further explanation about becoming an ISO 27001 Lead Auditor:
    - How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    This material will also help you regarding becoming an ISO 27001 Lead Auditor:
    - ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/
Page 871-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +