Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001 and ISO 17025


    Answer:

    ISO/IEC 17025 standard specifically addresses factors relevant to a laboratory’s ability to produce precise, accurate test and calibration data. The main difference between ISO 17025 and ISO 9001 is the accreditation and certification. ISO 17025 stands for accreditation, which means the recognition of competence of specific technical competence. ISO 9001 stands for certification, which means accordance with a standard assessed by management systems, certified by any independent body that is internationally agreed. Also, there is the difference with the accurate products. ISO 9001 does not mean accurate products are produced. For that, product should be approved by ISO 17025.

    The standards are too different when it comes to requirements and structure so it will be very difficult to integrate them. Besides docu ment and record control, corrective actions, internal audit and management review there is no a lot of similarities. ISO 9001 can be used as a supplement for ISO 17025 to meet requirements of ISO 17025 clauses 4.1 and 4.2 but other than that there is no much place for integrating them.

  • Quality objectives and plans to achieve them


    A) Automate 100% of HR processes by end of Year?
    B) Over the period of 3 months (May to July), determine the skills, knowledge, and resources needed to full automation of HR processes before end of current year?

    Please advise.

    Answer:

    The objectives need to be SMART (Specific, Measurable, Attainable, Relevant and Timely) and the objective itself doesn't need to explain how it will be achieved. For that, the standard requires plans for achieving the quality objectives. The plan includes defining actions, responsibilities, resources and deadlines.

    Example "A" that you provided is a good example of the quality objective, example "B" seems more like a plan f or achieving the objective "A".

    For more information, see: How to Write Good Quality Objectives https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

  • Ciclo PDCA y Productividad


    Mi respuesta:

    El nombre de PDCA viene de las palabras en inglés "Planificar, Hacer, Revisar, Actuar". Esta metodología describe cuatro fases que necesitan ser llevadas a cabo de manera sistemática para poder lograr una mejora continua y por lo tanto, una mayor productividad en la empresa. Cuando se alcanza la fase final ("Actuar") se regresará a la primera fase ("Planificar") y de nuevo se repetirá el ciclo, de esta forma las actividades serán reevaluadas periódicamente.
    Además, como el primer paso en el ciclo PDCA es Planificar, habrá que realizarse un diagnóstico inicial, en el cual se determinen las actividades en la organización que necesitan hacerse para cumplir con los requerimientos de la norma ISO 9001:2015. Todo ello conducirá a una mayor productividad, trabajando de una manera más eficaz ya que todos los procesos estarán alineados y serán comprendidos por el personal de la organización.

    Para más información, vea "Planificar-hacer-revisar-actuar en el estánd ar ISO 9001": https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/planificar-hacer-revisar-actuar-en-el-estandar-iso-9001/

  • ISMS implementation

    Answer: The best way to establish a ISMS is by considering an enterprise as a project, and by adopting a well proved framework, as ISO 27001. These articles will provide you further explanation about ISMS implementation: - ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/ - ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/ - Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/ These materials will also help you regarding ISMS implementation: - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ - Free webinar – Seven key problems to avoid in ISO 27001 implementation https://advisera.com/27001academy/webinar/seven-key-problems-to-avoid-in-iso-27001-implementation-free-webinar-on-demand/

  • Internal auditor training


    Is that fine for a company that none of staff contain a standard internal auditor training qualification but an intensive training certification?

    Thank you for your reply.

    Answer:

    Both ISO 9001 and ISO 14001 do not require internal auditors to have accredited certificates for internal auditors, so the company can send its auditors to any training that it finds appropriate. For more information, see: ISO 9001 internal auditor training: Is it for me? https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/

  • IRCA auditor

    Just as a background: We (our team of 3) have just finished the ISO 27001 (ISMS), 5 days training course and also we have cleared the written examination.
    However, as the trainer explained to us on the final day, that for us to be IRCA certified Lead Auditors, we need to pay a certain royalty fee to IRCA, also, we need to gain some experience as observers/auditors in a certain time frame. So, could you please explain the process further?

    Answer: IRCA's fees vary from country to country. To have precise information regarding you country you can find it here: https://www.quality.org/content/irca-fees
    Regarding audit experience, you must have at least 20 days of auditing, including at least 15 on site (this generally covers 3 or four certifications audit). For more information, see: https://www.quality.org/article/auditor

  • Organizational context

    Please specify on which type of context organisation has its own controls and on which not?

    Answer: For different contexts you can consider banks, hospitals and internet providers. All of them have specific business requirements to drive information security. Banks need to protect account holders financial data, hospitals need to protect patient's health data, and internet providers must protect users data flow. All of them must protect confidentiality, integrity and availability, but for different information, and in different degrees, so they will require different controls set and security levels.

    For example, the acceptable delay in providing information for a internet user can be completely different from a hospital patient, leading to a different set of controls.

    Regarding responsibility for controls, organizations that run its own IT infrastructure owns much more controls than those which outsource them, for example, by adopting a Software as a Service Solution.

    These articles will provide you further explanation about Organizational context:
    - Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

    These materials will also help you regarding Organizational context:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Non Disclosure Agreement


    Answer: Most frequently, the duration used for NDAs is 2, 3, and 5 years, but you can define a different period based on a risk assessment (a NDA can even last forever), and you do not have to define one single period for all your information. But you have to notice that the longer is the period, the greater is the cost involved.

    This article will provide you further explanation about handling classified information:
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

    These materials will al so help you regarding handling classified information:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Cryptography verification


    Answer: Cryptographic controls can be tested during information system development or operation. During development, you can ensure testing by applying controls from section A.14 (14.2.8 - System security testing and 14.2.9 - System acceptance testing), and for regular testing in operation, controls A.14.2.3 - Technical review of applications after operating platform changes and A.18.2.3 - Technical compliance review are good choices.

    This article will provide you further explanation about security testing:
    - How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
    - How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/

    These materials will also help you regarding security tes ting:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • BCP content


    Disaster declaration procedure: this content focuses on criteria to be evaluated so a disaster situation can be identified and properly communicated.
    Emergency notification procedure: this content focuses on the means and activities required to alert people about an emergency situation. This content differs from disaster declaration because it considers faster and local responses (e.g., a building evacuation), while disaster declaration involves incidents of greater scale.
    Incident response procedure: this content focuses on how to react initially to an incident in order to reduce the damage
    Recovery procedure: this material focuses on activities required to bring back operations back to agreed service levels, regardless if it is on original site or not.

    2 - What other procedure are contained in the BCM plan other than the above?

    Answer: You can also find as BCP content:

    a - the communication plan, covering activities to ens ure information flow for organization's employees, and emergency services, as well as which information should be communicated to the media.
    b - specific procedures for critical assets, like servers, information systems and key personnel.

    3 - Should the BCM plan be one big book containing the above or should each be written separately?

    Answer: Since BCPs cover multiple issues, in operational terms you should keep multiples BCPs, each one of them as small as possible, with only the necessary information for each team that will use them(e.g., systems recovery team, facilities disaster recovery team, emergency teams, etc.). In management terms, you can also keep one or two copies with all the BCPs, so you can use it to keep track of all plans, which will make their review easier.

    This article will provide you further explanation about documenting a BCP:
    - Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/
    - How to write business continuity plans? https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/

    These materials will also help you regarding :
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Page 910-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +