Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Development of new product and ISO 14001 certificate


    Answer:

    Development or introduction of new product doesn't necessarily impact the existing EMS (Environmental Management System). If the process of making the product is the same as the products already produced in the company, then there is no need for changes.

    If the production process or materials used are completely new for the organization, you need to conduct identification and evaluation of environmental aspects of all activities related to production of the product and if there are significant ones, you need to develop and establish operational controls.

    For more information, see: 4 steps in identification and evaluation of environmental aspects https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/

  • Implementing product safety


    Answer:

    There is no universal rules for safety of all products. Safety requirements for some products are defined by legislation or CE mark, or by customer requirements. It is not common to define requirement for product safety in contracts, simply because such requirements are implied. Or, it can be part of customer requirements as requirement for raw materials to be used or features of the product to be demonstrated.

    In you case the product safety can be demonstrated by providing attestation of safety of raw materials or by testing durability of t he product (harness) on strain or other product features. Basically, you need to demonstrate that your product is safe for use and fit for its purpose and, maybe, you can consult your customer on how to demonstrate this.

  • Definition of implementation for an ISO 27001 project


    Answer: The calculator considers as required time for implementation the performing of at least one cycle of the Information Security Management System, which starts with organization's context understanding (standard's clause 4.1), goes through implementation, operation and control of the system, and finishes with the outputs established in the management review of the system (standard's clause 9.3), covering decisions related to continual improvement opportunities and a ny needs for changes of the information security management system.

    Basically, the calculator will tell you the time needed for your company to become ready for the certification.

    The 3 months of the system in operation is required by some certification bodies, but not all. Therefore, our calculator did not take this time into account.

  • Impact Analysis Questionnaire


    Answer: Yes. Included in the premium toolkit you bought there is template called "Business Impact Analysis Questionnaire". You can use this document to help you gather information for supporting your BCM new initiatives and projects, as well as the development of the business continuity strategy.

    But more important than this template, is the Business Continuity Policy, also included in your toolkit. You can adapt this document, that reflects the top management expectations regarding business continuity, to establish as an organization directive, the need for considering business continuity practices in the organization's new initiatives and projects, thus obtaining a critical support for engagement of all people in the organization.

    This article will provide you further explanation about Business Impact Analysis:
    - Five Tips for Successf ul Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/

  • Qualitative and quantitative risk assessments


    Answer: Qualitative risk assessment focuses on interested parties perceptions about risks, expressing risk in terms of scales like “low – medium – high” or “1 – 2 – 3”, while quantitative risk assessment focuses on factual and measurable data, normally expressing risk values in monetary terms.

    This article will provide you further explanation about qualitative and quantitative risk assessments:
    - Qualitative vs. quantitative risk assessments in information security: Differences and similarities https://advisera.com/27001academy/blog/2017/03/06/qualitative-vs-quantitative-risk-assessments-in-information-security/

    These materials will also help you regarding qualitative and quantitative risk assessments:
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Customer complaint


    Answer:
    First of all, you'll need communication channel i.e. the way your customer can reach you. Service requests, publicly published form (e.g. on the self-service portal or service desk portal) or through Service Level management/Business Relationship Management processes - these are the common way to do it.

    Once you receive customer complaint it's important to have someone to handle it. Equally important - to let the customer know that someone is working on his complaint.
    An finally, internally you need to setup the procedure how to approach the complain. That would include, for example:
    - whom to report that complaint has been received
    - timescale (maybe hard to define general timescale to resolve complains but at least for usual complaints)
    - escalation procedure
    - roles and responsibilities
    - depending on the services you provide - particular steps to resolve the complaint

  • Functional Quality Objectives for Website development and maintenance

    Functional quality objectives should be related to some feature of your product (website) or your service (maintenance). It should be related to the requirements of product or service and criteria to determine whether the product or service meets its requirements.

  • Proposal for ISO 27001 project


    Answer: I suggest you to use as basis our free template "Project proposal for ISO 27001 / ISO 22301 implementation" . You can download a copy at this link: https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-iso-22301-implementation-msword), and include some information related to ISO 27017, ISO 27018 and ISO 22301 from these materials:
    - ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
    - ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
    - What is ISO 22301? https://adviser a.com/27001academy/what-is-iso-22301/

    Additionally, you can prepare a presentation based on the template "Project proposal for ISO 27001 implementation" (you can download a copy at this link: https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint).

  • Becoming ISO 27001 Lead Auditor

    First of all, I apologize for the late answer. Regarding your question, yes, the 40 hours course is compulsory to take the exam, but there is no experience requirement to take it.

    The experience is required only when you want to start working as a certification auditor. In such case you start by participating as an observer, and after some audit hours you will participate more actively in the audit, until the point you will have all responsibilities of a lead auditor.

  • Risk assessment and business analysis impact


    Answer: Risk Assessment and Business Impact Analysis can be performed in any sequence, and ISO 22301 allow both approaches. We recommend performing the risk assessment first because this way you will have a better impression of which incidents can happen, which will make easier to focus on the most impacting ones during the Business Impact Analysis.

    This article will provide you further explanation about risk assessment and business analysis impact:
    - Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/

    This material will also help you regarding risk assessment and business ana lysis impact:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Page 874-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +