Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 basic concepts
Answer: ISO 27001 is a management system standard focused on the protection of information. It defines requirements to implement, operate, control and improve the information security based on a process and risk management approaches. For more detailed information, I suggest you to take a look at these materials:
- What is ISO 27001? https://advisera.com/27001academy/what-is-iso-27001/
- What is an Information Security Management System (ISMS) according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/23/information-security-management-system-isms-according-iso-27001/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
BIA template
Answer: For a BIA template and how to fill it I suggest you these materials:
- ISO 22301 Business Impact Analysis Toolkit https://advisera.com/27001academy/iso22301-business-impact-analysis-documentation-toolkit/
- Implementing Business Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/
The toolkit has a methodology and questionnaire that can be customized to your needs. In the same link you have access to a free demo that you can take a look to see if it can fulfill your needs. You just have to scroll down the screen a little to find the free demo tab.
This article will provide you further explanation about BIA implementation:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Five Tips for Successful Business Impact Ana lysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/
This material will also help you regarding performing a BIA:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Defining context of the organization in IATF 16949
Answer:
The requirements for context of the organization in IATF 16949 are no different than the ones stated in ISO 9001:2015. First, you do not have to document context of the organization, you only need to determine it and this can be done on the brainstorming session with the relevant people in the company including the top management.
You need to examine all internal and external issues that can affect the QMS(Quality Management System) and its ability to achieve the objectives and customer satisfaction. The easiest way o do it is by applying the SWOT analysis which can even provide sufficient documented information to demonstrate that you've determined the context.
For more information, see: How to define the context of the organization in IATF 16949:2016 https://advisera.com/16949academy/knowledgebase/how-to-define-the-context-of-the-organization-in-iatf-169492016/ -
BCM and datacenters
Answer: As a BCM manager your main role would be ensuring that the results of Business Impact Analysis and the chosen strategies for business continuity are considered in the construction of the new datacenter. This may mean location definition, infrastructure features (e.g., redundant electrical circuits, use of fire proof material, etc.). Additionally, you have to ensure the documentation and testing of business continuity plans related to the most probable disruption incidents.
Specifically about datacenters I'd suggest the standard TIA 942. It can provide you recommendations regarding datacenter features to ensure different levels of availability that can fulfill your needs. You can buy this standard at this link: https://global.ihs.com/doc_detail.cfm?&input_search_filter =TIA&item_s_key=00414811&item_key_date=860905&input_doc_number=942&inp ut_doc_title=&org_code=TIA#product-de tails-listse of fire proof material, etc.). Additionally, you have to ensure the documentation and testing of business continuity plans related to the most probable disruption incidents.
Specifically about datacenters I'd suggest the standard TIA 942. It can provide you recommendations regarding datacenter features to ensure different levels of availability that can fulfill your needs. You can buy this standard at this link: https://global.ihs.com/doc_detail.cfm?&input_search_filter =TIA&item_s_key=00414811&item_key_date=860905&input_doc_number=942&inp ut_doc_title=&org_code=TIA#product-details-list -
BCM awareness
Thanks but I want to know if you have awareness for end users -
Service desk escalaton
Answer:
Service Desk is, actually, heavily involved in Incident Management process. In Incident Management - there are two kinds of escalations:
- hierarchical
- functional.
What you are mentioning is - functional. That means - to the group with more expert knowledge. However, there is no requirement i.e recommendation that there must be e.g. three levels of escalation. Adopt it to your own organization. You can have more, as well as less than three.
Read the article "Incident Management in ITIL – solid foundations of operational processes" https://advisera.com/20000academy/blog/2013/05/21/incident-management-itil-solid-foundations-operational-processes/ to learn more about it. -
Modification of the Quality Manual in IATF 16949
Answer:
ISO/TS 16949 didn't have any additional requirements for Quality Manual other the ones stated by ISO 9001:2015. Although new ISO 9001 is foundation for IATF 16949 and does not require the manual, IATF 16949 kept this requirement and added basically two requirements to the ones existing in the previous version of the standard:
1. to include extent and type of controls for outsourced processes in description of sequence and interaction of processes; and
2. document indicating where in the QMS the customer specific requirements have been met.
For more information, see: How to write the IATF 16949 Quality Manual https://advisera.com/16949academy/blog/2017/05/31/how-to-write-the-iatf-16949-quality-manual/ -
ISO 27002 and application of control A.9.4.4
Thanks a lot. Your response has been very helpful. -
Internal team for penetration and vulnerability tests
Answer: Yes, the penetration testing and vulnerability tests can be performed by internal employees. Regarding ISO 27001, there is no mandatory requirement demanding that these tests must be performed by a third party. What happens is that you should ensure that these tests are performed by people not directly involved with the process, so you can ensure impartiality since, like internal audits, no one should audit their own work.
This article will provide you further explanation about penetration and vulnerability tests:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
These materials will also help you regarding penetration and vulnerability tests:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
GPDR training
Answer: Unfortunately we do not provide specific training regarding GDPR, but considering our knowledge base I can suggest you these materials:
- What is EU GDPR and how can ISO 27001 help? https://info.advisera.com/27001academy/free-download/what-is-eu-gdpr-and-how-can-iso-27001-help
- What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/27001academy/blog/2016/10/03/what-is-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
- EU GDPR controller vs. processor – What are the differences? https://advisera.com/27001academy/blog/2017/01/30/eu-gdpr-controller-vs-processor-what-are-the-differences/
- IS O 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/