Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11272 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

7.1.5.2 TRAZABILIDAD DE LAS MEDICIONES
Puede excluir esta cláusula si en la empresa no cuentan con ningún equipo de medición, por lo que el responsable de esto sería el proveedor externo.

Para más información vea: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/#
Identification of legal requirements

https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/?utm_source=clause-27001&utm_medium=downloaded-content&utm_content=lang-en&utm_campaign=free-knowledgebase-27001 />
The UK requirements towards the bottom. There are 16 requirements listed so not sure if I need to include all these and our approach to it?

Answer: This list is just a general reference, and your organization should seek for expert support for identification of legal requirements relevant for your organization's industry (there may be more or less than those presented in the article).

2 - I know we also need to state our approach; is this simply by stating how we comply eg storing all HR docs in a locked cupboard marked confidential and i=unedr access con trol?

Answer: This answer will depend on what each applicable legislation is requiring. Some of them may require you to implement some kind of technology, present some specific records or reports, or implement policies. Again, you should seek for expert support regarding each applicable legislation to identify the approach required to fulfill them.

This article will provide you further explanation about how using ISO 27001 to comply with a legal requirement:
- How ISO 27001 can help suppliers comply with U.S. DFARS 7012 https://advisera.com/27001academy/blog/2017/04/24/how-iso-27001-can-help-suppliers-comply-with-usa-dfars-7012/
Document control procedure

Answer: The section "Reference documents" is used to list any document in the company used to define document control. These may be, for example, a documented decision from top management, an internal policy, or an industry regulation.

To identify documents to be referred in the document control procedure, you must identify which requirements, internal or external, the business must fulfil regarding documentation control.

In the toolkit you bought you have access to video tutorials that will help you filling the document control procedure.

2 - We are an IT company (a webhosting provider). Do you have documents and / or recommendations for an industry like this (what are mandatory documents and what not)? Already saw the mandatory documents list.

Answer: ISO 27001 was designed to be easily used by organizations from any industry, so mandatory documents won't change much because you are a webhosting provider - we have lots of clients that are in the same business and there was no need to have any extra security documents.

These articles will provide you further explanation about document control:
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

These materials will also help you regarding document control:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Communication plans requirements

Answer: No. Both ISO 27001 and ISO 22301 require that communication requirements must be determined, but the implementation is up to the organization. So, in some cases you may have a single communication plan for multiple processes and teams (e.g., communication by Intranet), and in others you may have specific plans for specific situations (e.g., communication plan for a project or a communication plan that is part of a disaster recovery plan).

For smaller companies you can include rules for communication without emphasizing that this is a Communication plan - e.g. in the Incident management procedure you can simply define who has to notify whom through which means, and this will be completely enough.

These articles will provide you further explanation about communications requirements:
- How to create a Communication Plan according to ISO 27001 https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- Enabling communication during disruptive incidents according to ISO 22301 https://advisera.com/27001academy/blog/2016/12/19/enabling-communication-during-disruptive-incidents-according-to-iso-22301/

These materials will also help you regarding communication:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
ISO certification for universities

Answer: I'm not aware of any specific ISO standard for universities. In general you can consider the ISO 9001 for implementation of quality management and ISO 17025 for quality management in laboratories, but these will depend mostly of the university's objectives and legal requirements it must comply with. It is important to note that you have to verify with the entity that regulate engineering courses in your country which are the requirements the workshops and labs must comply with. These are your main guidance to identify ISO standards.

This article will provide you further explanation about ISO 9001 for universities:
- Should universities implement ISO 9001? https://advisera.com/9001academy/blog/2015/04/21/should-universities-implement-iso-9001/
AUDITORIA INTERNA
Si quiere tener éxito en la implementación de un SIG, tanto usted como los empleados de la compañía necesitan adquirir el suficiente conocimiento como para poder llevar a cabo un proyecto de tal complejidad.

Llevar a cabo el proyecto por sus propios medios es la opción más eficaz en términos de costes ya que las herramientas en línea son más baratas que contratar un consultor externo. De esta forma también se preserva la confidencialidad de información sensible de la empresa, se incrementa el compromiso de los empleados que redactan su propia documentación, y el conocimiento se mantiene dentro de la organización.

Si quiere obtener conocimientos sobre ISO 14001 puede asistir al Curso gratuito de Fundamentos de ISO 14001: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/ o a cualquiera de nuestros webinars de ISO 14001: https://advisera.com/14001academy/es/webinars/

Además también se encuentra disponible un white paper que podría ayudarle en integrar ISO 14001 e ISO 9001 : https://advisera.com/14001academy/es/descargas-gratuitas/ ar-las-revisiones-2015-de-iso-9001-e-iso-14001.

En cuanto a la auditoria externa, hay muchas maneras en las que un auditor puede encontrar las respuestas a sus preguntas, como la revisión de los registros, o la observación de los empleados y las entrevistas a los mismos. Entre la información que el auditor recogerá está:

- Si todas las cláusulas han sido abordadas
- La coherencia de los procesos y si estos han sido revisados
- Las acciones correctivas que han sido implementadas donde haya sido necesario
- Si el enfoque basado en riesgos ha sido implementado
- Si existen planes para la mejora continua
- Si ha sido llevada a cabo la revisión por la dirección

Para más información, vea: https://advisera.com/9001academy/blog/2016/04/19/what-questions-to-expect-on-the-iso-9001-certification-audit/#
Implementing private cloud
But we plan migrate new IT Org Structures in the cloud-enabled. Could you help me this structure model? Have you ready templates?
At the same time, this new IT org structure must compliance to ISO 27001, ISO 27017 ISO 27018 when I writing it. Could you help me this issues?

Answer: Unfortunately we not have templates specifically related to IT based infrastructure. But I suggest you to take a look at the free demo of our ISO 20000 Documentation Toolkit (https://advisera.com/20000academy/iso-20000-documentation-toolkit/).

Although traditional IT and cloud IT are based on very different architecture, they share many common processes (e.g., incident management, capacity management, etc.), and these are covered by the ISO 20000 standard, the basis for the ISO 20000 Documentation Toolkit

This article will provide you further explanation about ITIL (the framework from which ISO 20000 standard was developed) and cloud services:
- How ITIL can help cloud services https://advisera.com/20000academy/blog/2015/07/28/how-itil-can-help-cloud-services/

Additionally, since this toolkit is also based on an ISO standard, like the one you already bought, you will have similar information regarding which template covers which standard's clause. This will make integrating them easier.

This article will provide you further explanation about integrating management systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
Developing procedure for addressing risks and opportunities
Dear Strahinja , I have created the procedure. If I send it to you would you be able to check it and correct it if needed? Thank you
Documents for employees and risks
1- be completed in competence of my employee ( required documents of them i need – personal documents of them )

Except for the training records, the standard does not define what documents for the employees the organization needs to keep, so it is completely up to the organization to decide. You can keep their CVs or other personal files, basically you can decide what information about the employees are sufficient.

2- best way to do my risk matrix of operations and sample i follow if applicable

When it comes to risks related to operation, the best approach is to examine each activity and determine where and how the noncoformities can occur and take actions to prevent the nonconformities from occurring. For example, if the organization is storing temperature sensitive products, it should apply regular mo nitorin g of the temperature.

For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11272 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

7.1.5.2 TRAZABILIDAD DE LAS MEDICIONES

Identification of legal requirements

Document control procedure

Communication plans requirements

ISO certification for universities

AUDITORIA INTERNA

Implementing private cloud

Developing procedure for addressing risks and opportunities

Documents for employees and risks

Didn’t find an answer?