Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Restructuring Control Plan


    Answer:

    As long as the control plan meets all relevant requirements of the standard, you can remove numerical values and reference to appropriate documents.

    Control plan must at minimum include the following:
    a) control used for the manufacturing process control
    b) first-off/last-off part validation;
    c) methods for monitoring of controls;
    d) the customer-required information;
    e) specified reaction plan.

  • Addressing internal and external issues


    Determined issues whether internal or external do not necessarily require taking actions to address them. Basically, the information about the context is input for planning your Environmental Management System.

    Also for internal and external issues, is it enough to that I rated each of them based on severity and occurrence, made an action plan for each item, and significance. Is that enough?

    Internal and external issues are not environmental aspects and they do not require evaluation and taking actions like for environmental aspects. All the organization needs to do is to define context of the organization and all further steps in implementation of the standard will be affected by the context of the organization.

    For more information, see: Determining the context of the organization in ISO 14001 https://advisera.com/14001academy/knowledgebase/determining-the-context-of-the-organization-in-iso-14001/

  • Exclusion of clause 8.5.5

    I agree. 8.5.5 is not limite to warranty and servicing, but an over all responsibility toward the product.

  • SoA and Risk Treatment Plan

    Thanks for the advice; I thought that was the case.

  • Documents to be reviewed during stage 1 audit


    Answer:

    The Stage 1 audit is often called a ‘documentation review’ audit because the auditor will review your documentation to establish whether it is in line with the requirements of the standard. This stage is more of a ‘reconnaissance’ audit, or a ‘pre-assessment’, whereby the auditor does a high-level review of your management system and establishes whether the internal audit programme is in place.

    Stage 1 is completed on-site to determine whether your management system has met the minimum requirements of the standard and is ready for a certification audit. The auditor will point out any areas of nonconformity and potential improvements of the management system.

    Documents to be reviewed during this stage of the audit are all the documents that belong to the scope of your management system, this includes documents required by the standard itself and the ones that the organization determined as necessary for effective maintenance of the manage ment system.

    For more information, see: List of ISO 14001 implementation steps https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/

  • Information security on project management


    Answer: Unfortunately we do not have a template or tool covering specifically Information Security in Project Management, but there are many similarities with implementing an ISMS that you can use to drive the implementation of this control in a specific project:

    1 - You have to define information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with organization's objectives, the only difference is that these objectives are restricted to the scope of the project
    2 - You have to perform at the beginning, and periodically, information risk assessments in the project, like you would do it with other business processes, to identify necessary controls
    3 - You have to ensure that information security practices are part of all phases of the project (e.g., from the issue of the project charter to project closing)

    In short, you can think the inc lusion of information security in project management as if you are going to implement a small ISMS that will fit the projects needs and will be proportional to the project's lifetime and budget.

    Considering this, I suggest you to take a look at the free demo of our Risk Assessment Toolkit (https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/), and our online tool, Conformio (https://advisera.com/conformio/), since they can be used in the scope of a project to ensure information security is properly implemented and managed.

    This article will provide you further explanation about Information security in project management:
    - How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/

    This material will also help you regarding information security in project management:
    - Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/

  • Certificates for Asia Pacific and EU regions


    Answer: For cloud services and datacenters you can consider certificates based on ISO management standards like:
    - ISO 27001 (information security): https://www.iso.org/standard/54534.html
    - ISO 22301 (business continuity): https://www.iso.org/standard/50038.html

    Additionally, there are other standards that can support the implementation of security controls, like:
    - ISO 27017 (security controls for cloud services): https://www.iso.org/standard/43757.html
    - ISO 27018 (cloud privacy protection): https://www.iso.org/standard/61498.html

    I advise you to look for a legal expert to provide information about related laws, standards and regulations in these regions, because these are the main sources that motivate the development and adoptio n of certificates.

    Here you can see reference for some legislation regarding these regions:
    - Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
    These material will provide you further explanation about the above mentioned standards:
    - What is ISO 27001? https://advisera.com/27001academy/what-is-iso-27001/
    - What is ISO 22301? https://advisera.com/27001academy/knowledgebase/what-is-iso-22301/
    - ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
    - ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

  • Proactive vs. reactive Problem Management


    Answer:
    Most probably the question is about proactive and reactive Problem management.

    Reactive Problem Management is reaction to created Problem Record, usually based on an incident. So, Problem Management is triggered to do something (find a root cause of one or more incidents).
    On the other side, Proactive Problem Management is usually carried out in scope of Continual Service Improvement and means - "let's see if we can find some common pattern in incident/problem history in order to prevent future incidents".

    The article " "ITIL Reactive and Proactive Problem Management: Two sides of the same coin" https://advisera.com/20000academy/knowledgebase/itil-reactive-proactive-problem-management-two-sides-coin/ to learn more.

  • Incident vs. problem management


    Answer:
    Aim of the Incident management is to enable the user to use greed services, as soon as possible. This means, sometimes, to implement - temporary fixes (i.e. workarounds).
    On the other side, goal of the Problem management is to prevent incidents by finding the root cause of one or more incidents.
    Read these article to find out more about these processes:
    "Incident Management in ITIL – solid foundations of operational processes" https://advisera.com/20000academy/blog/2013/05/21/incident-management-itil-solid-foundations-operational-processes/
    "ITIL Incident Management" https://advisera.com/20000academy/knowledgebase/itil/-incident-management/
    "ITIL and ISO 20000 Problem Management – Organizing for problem resolution" https://advisera.com/20000academy/blog/2014/07/29/itil-iso-20000-problem-management-organizing-problem-resolution/
    "ITIL Problem Management: getting rid of problems" https://advisera.com/20000academy/blog/2013/08/05/itil-problem-management-getting-rid-problems/

  • BCM Templates vs BCM Software


    Answer: Some pros and cons we can mention are:

    - Software tools are more expensive, but provide you more control and management capabilities, like access control and searching functionalities.
    - Templates are cheaper and more adequate to work with non-structured information (like policies text), but they are less efficient and effective in large environments.

    This article will provide you further explanation about tools selection:
    - When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/
Page 878-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +