Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Human Resource Policy in toolkit
Answer: The human resources requirements and most common controls used related to ISO 27001 are covered in documents "Training and Awareness Plan", "Confidentiality Statement", and "Statement of Acceptance of ISMS Documents". Other controls that are directly related to human resources are covered by documents like "Bring Your Own Device (BYOD) Policy" and "Acceptable Use Policy". You can find all this information in the "List of Documents" file that comes with your toolkit. It identifies which requirements and controls of the standard are covered by each document.
Regarding a Human Resource Policy, this document is not mandatory for ISO 27001, and it is not usually used by smaller companies, that's why we didn't include an specific template for the policy in the toolkit, but you can use the content of the templates your organization considers more relevant and merge them in a Human Resource Policy using our blank template.
This article will provide you further explanation about writing documents:
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/ -
Course for certification
Answer: Regarding certifying others, I'd suggest you the Lead Implementer course, which will provide you knowledge about the implementation process (e.g., which information to gather, which steps to take and when, etc.). Additionally, you also may consider the Lead Auditor course, so you can have a better understanding of how an certification auditor works (e.g., what he looks for and how he considers found evidences, etc.).
This article will provide you further explanation about Lead implementer and Lead Auditor courses:
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
This material will also help you regarding ISO 27001 imple mentation:
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
This material will also help you regarding how to become a consultant:
- How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/
- How to become an ISO 27001 / BS 25999-2 consultant [free webinar on demand] https://advisera.com/27001academy/webinar/become-iso-27001-bs-25999-2-consultant-free-webinar/ -
ISO 22301 and ISO 22316
Answer: ISO review process takes between 2 and 3 years to complete, and review of ISO 22301:2012 started on April 15 of this year, so we can expect a new version of ISO 22301 latest April 2020.
2 - What is the link between ISO 22301 and 22316?
Answer: ISO 22316 is about resilience, the ability of an organization to absorb and adapt in a changing environment to enable it to deliver its objectives and to survive and prosper. While ISO 22301 covers actions to ensure organization survival during disruptive events, ISO 22316 provides recommendations for identification and management of situations that are not so immediate in terms of impact but that in the long run can be as damaging to the organization. You can think ISO 22301 as an specific application of the broader concept of resilience.
These articles will provide you further explanation about ISO 22301 and ISO 2316:
- Organizational resilience according to ISO 22316 – Is this another buzzword? https://advisera.com/27001academy/blog/2016/12/12/organizational-resilience-according-to-iso-22316-is-this-another-buzzword/
This material will also help you regarding ISO 22301:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
AS 9100 question - Followup
Or, as we do not manufacturer or repair any parts that go up in a plane – we can remain AS9120?
Please clarify as that is the information I need.
Answer:
The general rule of thumb is that if it goes airborne it should be built using a quality management system that is implemented to AS9100, however tools are not. However, the real definitive criteria for having a QMS that meets AS9100 is if your customer requirements demand it. -
Bureaucratic burden of ISO 9001
came to external audits. Now, it seems process map is confused with work flow. -
Writing quality objectives and plans for achieving them
Answer:
When writing quality objectives, you need to keep in mind that the standard requires you to later measure level of their achievement. The best approach when it comes to defining the objectives is to make them S.M.A.R.T (Specific, Measurable, Attainable, Relevant and Timely) and this will enable you to meet requirements of the standard related to the objectives.
Planning achievement of the objectives includes defining actions to be taken, responsibilities, resources and deadlines for the activities. All these information, including the objective itself can be written in one document that contains all these information. Here you can download free preview of our template for Quality Objectives https://advisera.com/9001academy/documentation/quality-objectives/ that can be interesting to you.
For more information on defining and documenting quality objectives, s ee: How to Write Good Quality Objectives https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/ -
Determining the scope in nonprofit organization
Thank you very much for your feedback -
ISO 27001 basic concepts
Answer: ISO 27001 is a management system standard focused on the protection of information. It defines requirements to implement, operate, control and improve the information security based on a process and risk management approaches. For more detailed information, I suggest you to take a look at these materials:
- What is ISO 27001? https://advisera.com/27001academy/what-is-iso-27001/
- What is an Information Security Management System (ISMS) according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/23/information-security-management-system-isms-according-iso-27001/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
BIA template
Answer: For a BIA template and how to fill it I suggest you these materials:
- ISO 22301 Business Impact Analysis Toolkit https://advisera.com/27001academy/iso22301-business-impact-analysis-documentation-toolkit/
- Implementing Business Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/
The toolkit has a methodology and questionnaire that can be customized to your needs. In the same link you have access to a free demo that you can take a look to see if it can fulfill your needs. You just have to scroll down the screen a little to find the free demo tab.
This article will provide you further explanation about BIA implementation:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Five Tips for Successful Business Impact Ana lysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/
This material will also help you regarding performing a BIA:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Defining context of the organization in IATF 16949
Answer:
The requirements for context of the organization in IATF 16949 are no different than the ones stated in ISO 9001:2015. First, you do not have to document context of the organization, you only need to determine it and this can be done on the brainstorming session with the relevant people in the company including the top management.
You need to examine all internal and external issues that can affect the QMS(Quality Management System) and its ability to achieve the objectives and customer satisfaction. The easiest way o do it is by applying the SWOT analysis which can even provide sufficient documented information to demonstrate that you've determined the context.
For more information, see: How to define the context of the organization in IATF 16949:2016 https://advisera.com/16949academy/knowledgebase/how-to-define-the-context-of-the-organization-in-iatf-169492016/