Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Customer complaint
Answer:
First of all, you'll need communication channel i.e. the way your customer can reach you. Service requests, publicly published form (e.g. on the self-service portal or service desk portal) or through Service Level management/Business Relationship Management processes - these are the common way to do it.
Once you receive customer complaint it's important to have someone to handle it. Equally important - to let the customer know that someone is working on his complaint.
An finally, internally you need to setup the procedure how to approach the complain. That would include, for example:
- whom to report that complaint has been received
- timescale (maybe hard to define general timescale to resolve complains but at least for usual complaints)
- escalation procedure
- roles and responsibilities
- depending on the services you provide - particular steps to resolve the complaint -
Functional Quality Objectives for Website development and maintenance
Functional quality objectives should be related to some feature of your product (website) or your service (maintenance). It should be related to the requirements of product or service and criteria to determine whether the product or service meets its requirements. -
Proposal for ISO 27001 project
Answer: I suggest you to use as basis our free template "Project proposal for ISO 27001 / ISO 22301 implementation" . You can download a copy at this link: https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-iso-22301-implementation-msword), and include some information related to ISO 27017, ISO 27018 and ISO 22301 from these materials:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
- What is ISO 22301? https://adviser a.com/27001academy/what-is-iso-22301/
Additionally, you can prepare a presentation based on the template "Project proposal for ISO 27001 implementation" (you can download a copy at this link: https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint). -
Becoming ISO 27001 Lead Auditor
First of all, I apologize for the late answer. Regarding your question, yes, the 40 hours course is compulsory to take the exam, but there is no experience requirement to take it.
The experience is required only when you want to start working as a certification auditor. In such case you start by participating as an observer, and after some audit hours you will participate more actively in the audit, until the point you will have all responsibilities of a lead auditor. -
Risk assessment and business analysis impact
Answer: Risk Assessment and Business Impact Analysis can be performed in any sequence, and ISO 22301 allow both approaches. We recommend performing the risk assessment first because this way you will have a better impression of which incidents can happen, which will make easier to focus on the most impacting ones during the Business Impact Analysis.
This article will provide you further explanation about risk assessment and business analysis impact:
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
This material will also help you regarding risk assessment and business ana lysis impact:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Premises access control
Answer: Considering ISO 27001, the control of premises access has the objective to protect the physical access both to information and to information processing facilities. This is achieved by considering, according results of risk assessment, applicable legal requirements, and decisions of top management, the definition of security perimeters, entry controls, and protections of rooms and facilities, among other controls.
Regarding individual responsibilities, you can consider terms of:
- guidelines definition and resources provision (top management)
- operation and management of security controls (e.g., technical staff and security officer)
- Compliance with security controls and policies (employees)
These articles will provide you further explanation about access control:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/ how-to-handle-access-control-according-to-iso-27001/
- How to protect against external and environmental threats according to ISO 27001 A.11.1.4 https://advisera.com/27001academy/blog/2016/01/25/how-to-protect-against-external-and-environmental-threats-according-to-iso-27001-a-11-1-4/
These materials will also help you regarding access control:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
SOC Continued Operations Letter
Answer: SOC Continued Operations Letter is an artefact provided by Amazon Web Services a service organization may choose to issue describing updates or changes in its controls since previous audits from certification bodies or regulators, as means to support audit activities. You can find more information at this link: https://aws.amazon.com/artifact/ -
Certifications to support risk resilience.
Answer: If your focus is the recovery of business activities you should consider the ISO 22301 certification, because it can provide you the bases for identifying the most critical aspects of the business, the most relevant disruptions scenarios and how to handle them properly to minimize impact and speed up recovery.
Additionally, I also suggest you to consider ISO 27001 certification, since you also have to consider the protection of business information, and ISO 27001 is specifically designed to handle information protection.
These articles will provide you further explanation about ISO 22301 and ISO 27001:
- What is ISO 22301? https://advisera.com/27001academy/what-is-iso-22301/
- What is ISO 27001? https://advisera.com/27001academy/what-is-iso-27001/
- What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/
These materials will also help you regarding ISO 22301 and ISO 27001:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISO 20000 and ISO 27001 integration
Answer: Being ISO management standards, ISO 20000 and ISO 27001 have many similarities that become easier to integrate them (and this similarities will become clearer after the release of the new version of ISO 20000, that may be in the next two years - currently the revision is half way across the process - https://www.iso.org/standard/70636.html).
Considering the current standard, I advise you to start with the documenting the common procedures and records (e.g., internal audit and management review), considering the requirements of both standards, and after that go for the specificities of each standard.
These articles will provide you further explanation about integrating management systems:
- How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
These materials will also help you regarding integrating management systems:
- How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
- ISO 27001 vs. ISO 20000 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/ -
Failed change
Answer:
Change ticket should have final result. That could be that change was e.g. rejected, or implemented. In line with that, if change has failed - keep the next attempt in the same ticket. Next attempt belongs to the same change, anyway.
And, don't forget to use number of failed changes as one of the KPI's of the change management process.
To learn more about measuring efficiency of the change management process, read the article:
"How to measure Change Management efficiency according to ITIL" https://advisera.com/20000academy/blog/2016/10/11/how-to-measure-change-management-efficiency-according-to-itil/