Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Roles and responsibilities in incident management


    Answer: There is no specific template, or section in the templates, covering the definition of roles and responsibilities because these are described all along the documents. Please note that any time that there is an action to be performed there is also an associated field called [job title], or similar, identifying who should be responsible for that.

  • Selection of internal auditors

    Nosotros tenemos un comité de implementación (quien lleva la implementación) y estamos en la fase de verificación de los controles implementados.
    Mi consulta es si las auditorías internas nos corresponde hacerlas nosotros o personal externo especializado en el tema.

    (Our institution is in the process of implementing the NTP-ISO / IEC 27001: 2014 (it is the Peruvian Technical Standard that adopted in ISO 27001: 2013).
    We have an implementation committee (who is implementing) and we are in the verification phase of the implemented controls.
    My query is if the internal audits we are required to do by us or external staff specialized in the subject.)

    Answer: According to ISO 27001, clause 9.2 e), to select internal auditors you only have to ensure objectivity and the impartiality of the audit process, and for doing this you can either use external staff or organization's staff that is not direct ly involved in the process being audited (an auditor should not audit his own work).

    These articles will provide you further explanation about Selection of internal auditors:
    - How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
    - Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
    - Dilemmas with ISO 27001 & BS 25999-2 internal auditors https://advisera.com/27001academy/blog/2010/03/22/dilemmas-with-iso-27001-bs-25999-2-internal-auditors/

    These materials will also help you regarding Selection of internal auditors:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Lead auditor certification requirements


    Answer: No. The required hours of observation for ISO 27001 Lead Auditor certification must be related to ISO 27001 audits.

    These articles will provide you further explanation about becoming an ISO 27001 Lead Auditor:
    - How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    This material will also help you regarding becoming an ISO 27001 Lead Auditor:
    - ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/

  • Documenting actions to address risks and opportunities


    Answer:

    ISO 9001:2015 does not require action plans for addressing risks and opportunities and it is not required for the actions or their planning to be documented.

    All the standard requires is to identify risks and opportunities and plan actions to address them, it doesn't require any document to be created. However, it is usual to make some records about risks and opportunities and actions for addressing them simply because it is easier to monitor accomplishment of the actions and their effectiveness.

    On the grounds of documenting risks and opportunities or actions for addressing them, certification auditor can only issue you recommendations but he or she cannot issue you n onconformity.

    For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

  • Problem analysis techniques


    Answer:
    These techniques are related to problem analysis. There are many techniques und usual ones (beside mentioned pain value analysis, pereto and Kepner and Tregoe) are:
    - chronological analysis
    - brainstorming
    - 5-whys
    - fault isolation
    - affinity mapping
    - hypothesis testing
    - technical observation post
    - Ishikawa diagrams

    Also, the article "ITIL and ISO 20000 Problem Management – Organizing for problem resolution" https://advisera.com/20000academy/blog/2014/07/29/itil-iso-20000-problem-management-organizing-problem-resolution/ can help you.

  • Asset management tool


    Answer:
    Implementing a tool always require multidimensional approach.(see the article to find out more "5 things to beware of when selecting an ITSM tool" https://advisera.com/20000academy/blog/2016/03/08/5-things-to-beware-of-when-selecting-an-itsm-tool/).
    However, major IT equipment vendors have tools supporting asset management functionality.
    Analytic companies (like e.g. Gartner) also do analysis.
    Asset management is usual part of most of the IT Service Management tools, so that provides you with more choice.

  • IT Risk Management Material


    Answer: IT Risk Management goes well beyond information security risks, so besides the material you already mentioned, I'd recommend you to take a look at our 20000Academy, which focus on ISO 20000 and ITIL content. Some material you will find there, are:
    - ITIL Risk response measures and recovery options from catastrophic events https://advisera.com/20000academy/blog/2015/09/22/itil-risk-response-measures-and-recovery-options-from-catastrophic-events/
    - Risk Assessment and Treatment (template) https://advisera.com/20000academy/documentation/risk-assessment-and-treatment/
    - IT Service Continuity Management (ITSCM) Process https://advisera.com/20000academy/documentation/it-service-continuity-management-process-iso-20000/ process/

    Regarding ISO standards, I'd recommend ISO 31000 (Risk management) and ISO 31010 ( Risk management — Risk assessment techniques). These will provide you a wider view of risk management that can help you with IT risks not necessarily related to information security.

    These articles will provide you further explanation about ISO 31000 and ISO 31010:
    - ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
    - ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

  • Documenting clause 8.1


    Thank you in advance for your guidance.

    Answer:

    Clause 8.1 have general requirements for process control and document information required are applicable to all process in the QMS (Quality Management System).

    First, the standard requires organization to determine and keep documented information to extent necessary to have confidence that the process is carried out as planned. This means that you need to determine what processes and activities need to have documented procedures or wok instruction or any other document that will describe how the process or activity is conducted. The key phrase here is "to extent necessary", this means that you don't have to document all processes or all activities but rather those that are complicated, or rarely performed so there is a greater chance of nonconformity occur rence. Example of such document are production procedures, quality plans, etc.

    The second requirements is to demonstrate conformance of products and services to their requirements, this is usually record of quality control or quality inspection performed on the end of production process. This can also be approval for shipment or delivery.

    For more information, see: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

  • What is Quality Assurance


    Answer:

    One definition of quality assurance is: all the planned and systematic activities implemented within the quality system that can be demonstrated to provide confidence that a product or service will fulfill requirements for quality.

    Quality assurance (QA) is a way of preventing mistakes or defects in manufactured products and avoiding problems when delivering solutions or services to customers; which ISO 9000 defines as "part of quality management focused on providing confidence that quality requirements will be fulfilled". This defect prevention in quality assurance differs subtly from defect detection and rejection in quality control, and has been referred to as a shift left as it focuses on quality earlier in the process.

    The terms "quality assurance" and "quality control" are often used interchangeably to refer to ways of ensuring the quality of a service or product.

    For more information, see: Does a QMS ensure 100% quality? https://advisera.com/9001academy/blog/2015/01/27/qms-ensure-100-quality/
Page 872-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +