Search results

Home / Search

Category:
Select
Select

11268 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Standards ISO 17799 and ISO 27001


    Answer: ISO 17799:2005 is the previous version of ISO 27002:2007. The standard was renumbered as ISO 27002 to align with the other information security standards, under the ISO/IEC 27000-series. Its current version was released in 2013.

    Basically ISO 27002 (formerly ISO 17799) provides details and implementation guidelines regarding the controls described in ISO 27001 Annex A, which is helpful for organizations who decided to implement ISO 27001 practices. The main part of ISO 27001 defines the requirements for an Information Security Management System.

    This article will provide you further explanation about information security standards:
    - Information security & business continuity standards https://advisera.com/27001academy/knowledgebase/information-security-business-continuity-standards/
    - ISO 27001 vs. ISO 27002 https://advisera.com/ 7001academy/knowledgebase/iso-27001-vs-iso-27002/

    These materials will also help you regarding Information security controls:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • ISO 27001 clauses explanation white paper


    Whether standing alone or integrated with another management system, such as ISO 9001 (Quality), ISO 22301 (Information Security), ISO 14001 (Environment), or OHSAS 18001 (Operational Health and Safety), the ISO 27001:2013 standard provides guidance and direction for how an organization, regardless of its size and industry, should manage information security and address information security risks, which can bring many benefits not only to the organization itself, but also to clients, suppliers, and other interested parties.

    ustedes dicen que la ISO 22301 (Information Security), es de seguridad de la información y según yo entiendo esta ISO es de Continuidad del Negocio. Me podrían aclarar esto por favor.

    Answer: First of all, thanks for your feedback on our White Paper. Your understanding is right, ISO 22301 refers to Business Continuity Management System (BCMS), and the r eference you found is incorrect. We are already working to correct this situation. Again, thanks for your feedback.

  • Risk Treatment and SoA


    Answer: No. Risk treatment must be performed only for the controls stated as applicable in the SoA, unless they are already fully implemented and do not require corrections or improvements (sometime you will have a situation where a control already exist but is not performing as expected or you want to take the chance to improve its performance or efficiency, and the needed actions should be included in the risk treatment).

    This article will provide you further explanation about Risk Treatment and SoA:
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
    - The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

    These materials will also help you regarding Risk Treatment and SoA:
    - Book ISO 27001 Risk Management in Plain Engli sh https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • Change management


    Answer: Not necessarily. If the change is not in response to a demand from a system development process, it would be more proper to consider it under the control "A.12.1.2 Change management". For example, if a new version of an information system requires operational system upgrade, you can consider this change under the control A.14.2.2. On the other hand, if the server updated is related to a periodic release from the manufacturer, which has no impact on the systems installed in the server, then you should consider this change under control A.12.1.2.

    This articles will provide you further explanation about change management:
    - How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
    - How to manage changes in an ISMS according to ISO 27001 A.12.1.2 h ttps://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/

    These materials will also help you regarding change management:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • ISO 27001 certifications

    I setup my CPA practice in Morocco a couple of years ago & there are some Government bids to set up 27001 ISO systems. I would like to get your opinion on the best ISO certifs to go for & possibly team up together to bid for projects in Morocco.

    Answer: Regarding personal ISO-related certifications you will find only certifications for Lead Auditor and Lead Implementer. You can attend any one offered by an accredited provider (the accreditation ensures the same level of quality and that the certificate can be accepted worldwide).

    This article will provide you further explanation about Personal ISO certifications:
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    Regarding team up situation, I suggest you take a look at our toolkit for consultants at this link: https://advisera.com/27001academy/pricing/

    Click the "For consultants" tab to see if one of our supporting materials for consultants is attractive to you and contact us.

  • Books for ISO LA exam


    Answer: I will assume you are referring to ISO 27001 LA exam. For accredited exams the best books are the standards themselves, both ISO 27001 and ISO 19011 (the standard for management systems audit). LA audit exams do not go beyond the concepts presented in the standards, focusing on application of these concepts in simulated situations.

    This article will provide you further explanation about lead auditor course:
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    These materials will also help you regarding lead auditor course:
    - ISO 27001 Lead Auditor Course preparation training https://advisera.com/training/iso-27001-lead-auditor-course/
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Documentación contexto de la organización


    Respuesta
    No hay documentos obligatorios en la cáusula 4.1., sin embargo es recomendable y utilizado comúnmente el procedimiento para determinar el contexto de la organización.

    Para cumplir con esta cláusula es necesario centrarse en aquellas cuestiones que puedan afectar a la satisfacción del cliente y a la entrega del producto y/o servicio de calidad. Además es muy valioso la sistematización de esta información, demostrando así donde se encuentra la organización.

    Para más información vea "Cómo identificar el contexto de la organización" : https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-identificar-el-contexto-de-la-organizacion-en-iso-90012015/

    También puede serle ,de utilidad "Lista de documentos obligatorios requeridos por la ISO 9001:2015": https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

  • Exclusions in QMS


    Answer:

    Exclusions are possible in new version of ISO 9001. For example if you do not perform design and development, do not use monitoring and measuring equipment or customer property, you can exclude relevant clauses of the standard and document the justifications for the exclusions. For more information, see: What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

    On the other hand, if the entire standard is applicable to your company and you don't have any exclusions, you need to delete that section from the template.

  • Where to start ISO 9001 implementation


    Answer:

    The most important thing before starting the implementation is to obtain the management support for the implementation project. You will need to explain to the top management why the standard is important, what are the benefits and how important is their involvement in the project. For more information, see: How to get Management Buy-in for ISO 9001 https://advisera.com/9001academy/blog/2014/09/02/get-management-buy-iso-9001/
    Once you have the top management support, you need to perform a GAP analysis to determine to what extent your company is already compliant with the standard and what needs to be done to bridge those gaps. Here you can find free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
    The last step before starting the implementation is to develop a Project Plan for the implementation where you will define activities, documents, responsibilities and deadlines according to the results of the gap analysis. To download free Project Pl an for ISO 9001 implementation https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word

  • ITIL V3 vs. ITIL 2011


    Answer:
    ITIL V3 Foundation was certificate valid until ITIL refresh made in 2011. But, since changes in these two "versions" were insignificant - no need for re-certificate was necessary. So, if someone certified ITIL (Foundation level) between 2007 - 2011 (that was - V3), there is no need to do certification again (since actual version is, actually, ITIL 2001 update (only ITIL is used for this "version).

    This article provides more details: ITIL and ISO/IEC 20000 History: Parallel Worlds https://advisera.com/20000academy/blog/2013/05/01/itil-isoiec-20000-history-parallel-worlds/
Page 913-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +