Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • CAB and ECAB members


    Answer:
    Generally, you can do that, but practically - it's not approach I'd advise. Namely, ECAB needs rush action, quick decision and does not have time to wait for (usually - regular) meeting, long discussions (which usually happens when you have too big group of people), brainstorming, testing result analysis...etc.
    Most of the activities are, in some form, typical for CAB (Change Advisory Board - i.e. authorizing body for normal changes). ECAB needs different approach so therefore I think you need different approach.

    These articles can help you:
    "How to manage Emergency Changes as part of ITIL Change Management" https://advisera.com/20000academy/blog/2016/01/19/how-to-manage-emergency-changes-as-part-of-itil-change-management/
    "Change Advisory Board in ITIL – advise, approve or what?" https://advisera.com/20000academy/knowledgebase/change-advisory-board-itil-advise-approve/

  • Residual Risk and UAT


    Answer: The residual risk does not change from the original identified risk if an organization decides not to mitigate, avoid or transfer the risk (this option is called "retain the risk"). Depending upon the organization's context, there can be many risks relate to not performing an User Acceptance Testing, like:
    - Functionality does not work or does not fulfil user's requirements in live environment.
    - User's requirements are fulfilled but the output is not what is expected (information integrity problem) (may mean improper specification definition)

    For both, the major impact is that the system probably will not be accepted by the client.

    This article will provide you further explanation about risk treatment options:
    - 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/

    This article will provide you further explanation about system testing:
    - How to set secu rity requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/

  • ISO 27001 Internal Auditor recertification


    Answer: You only have to seek for recertification regarding an ISO 27001 Internal Auditor course when a new version of the standard is released, because in that case you need to update your knowledge about the standard.

  • Employees Security Vs. Product Security in IATF 1699

    We should make sure all those requirements are covered and we are nearly sure that the jobs are done, but a small question what were the focused of standard on this key word when they listed from a) to m).
    What would be the meaning of Product security over here? In our terms would be about the all thing that would be influence on final functional of products which might be influences on end user securities either along products life time either along its assembly processes.
    Despite we discussed and referred to different type of source, still we aren’t totally sure which one is corrects and which one isn’t.

    Again, what is exact meaning of product security and which direction will derive us ?

    Answer:

    Product safety is the ability of a product to be safe for intended use, as determined when e valuated against a set of established rules. Employee security or safety is related to occupational health and safety and product safety is related to consumer safety when using the product.

    Regarding the product safety, the standard requires organization to identify statutory and regulatory requirements ans well as customer requirements regarding the product safety, safety-related characteristics of the product and controls of safety-related characteristics of the product at the point of manufacture. It also requires organization to conduct Design FMEA, to have special approval of control plans and processes FEMAs, reaction plans and many other requirements. Meeting all requirements regarding product safety is no way related to employees safety.

  • Reviewing processes


    Answer:

    By "reviewing" I assume you meant "monitoring". In order to determine whether the process is really delivering what you are expecting from it, you need to determine some Key Performance Indicators (KPIs). The frequency of monitoring and measuring of the KPIs will depend on the nature of the KPI and also on the risks related to the processes. For more information, see: How to define Key Performance Indicators for a QMS based on ISO 9001 https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/

    Also, if you want to ensure that the process is carried out as planned, you need to perform internal audits of the processes. The purpose of the internal audit is to determine whether the process is carried out in compliance with requirements of the standard and procedures you've defined. At minimu m, internal audit should be performed once a year, but for more complex processes or processes where nonconformity is more likely to occur, internal audits can be done more frequently.

  • Contact with authorities

    Hi, I just visited community.advisera.com and wondered if you've ever considered an impactful video to advertise your business? Our videos can generate impressive results on both your website and across social media. Our prices start from just $195 (USD). Let me know if you're interested in seeing samples of our previous work. Regards, Joanna Unsubscribe: https://unsubscribe.video/unsubscribe.php?d=community.advisera.com

  • Operating procedure template content


    Answer: The template is fully customizable, and you can exclude the sections related to change management and backup policy from the template if their respective controls are marked as inapplicable in your Statement of Applicability, or if these policies constitute separate documents.

  • Annex A Controls

    Why aren't similar controls to Annex A included in other standards, i.e. 22301? Why specifically does 27001 have a set of controls attached?

  • ISO 9001

    Hello everyone, Very informative posts and answers! In a few days I will be posting some questions and hope you can help me as well. Thank you.

  • Documentation Toolkits

    Thanks for your reply. So in this case, the value comes from the content of the main body of text in a toolkit document rather than the template or format?
Page 877-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +