Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Change management


    Answer: Not necessarily. If the change is not in response to a demand from a system development process, it would be more proper to consider it under the control "A.12.1.2 Change management". For example, if a new version of an information system requires operational system upgrade, you can consider this change under the control A.14.2.2. On the other hand, if the server updated is related to a periodic release from the manufacturer, which has no impact on the systems installed in the server, then you should consider this change under control A.12.1.2.

    This articles will provide you further explanation about change management:
    - How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
    - How to manage changes in an ISMS according to ISO 27001 A.12.1.2 h ttps://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/

    These materials will also help you regarding change management:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • ISO 27001 certifications

    I setup my CPA practice in Morocco a couple of years ago & there are some Government bids to set up 27001 ISO systems. I would like to get your opinion on the best ISO certifs to go for & possibly team up together to bid for projects in Morocco.

    Answer: Regarding personal ISO-related certifications you will find only certifications for Lead Auditor and Lead Implementer. You can attend any one offered by an accredited provider (the accreditation ensures the same level of quality and that the certificate can be accepted worldwide).

    This article will provide you further explanation about Personal ISO certifications:
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    Regarding team up situation, I suggest you take a look at our toolkit for consultants at this link: https://advisera.com/27001academy/pricing/

    Click the "For consultants" tab to see if one of our supporting materials for consultants is attractive to you and contact us.

  • Books for ISO LA exam


    Answer: I will assume you are referring to ISO 27001 LA exam. For accredited exams the best books are the standards themselves, both ISO 27001 and ISO 19011 (the standard for management systems audit). LA audit exams do not go beyond the concepts presented in the standards, focusing on application of these concepts in simulated situations.

    This article will provide you further explanation about lead auditor course:
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    These materials will also help you regarding lead auditor course:
    - ISO 27001 Lead Auditor Course preparation training https://advisera.com/training/iso-27001-lead-auditor-course/
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Documentación contexto de la organización


    Respuesta
    No hay documentos obligatorios en la cáusula 4.1., sin embargo es recomendable y utilizado comúnmente el procedimiento para determinar el contexto de la organización.

    Para cumplir con esta cláusula es necesario centrarse en aquellas cuestiones que puedan afectar a la satisfacción del cliente y a la entrega del producto y/o servicio de calidad. Además es muy valioso la sistematización de esta información, demostrando así donde se encuentra la organización.

    Para más información vea "Cómo identificar el contexto de la organización" : https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-identificar-el-contexto-de-la-organizacion-en-iso-90012015/

    También puede serle ,de utilidad "Lista de documentos obligatorios requeridos por la ISO 9001:2015": https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

  • Exclusions in QMS


    Answer:

    Exclusions are possible in new version of ISO 9001. For example if you do not perform design and development, do not use monitoring and measuring equipment or customer property, you can exclude relevant clauses of the standard and document the justifications for the exclusions. For more information, see: What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

    On the other hand, if the entire standard is applicable to your company and you don't have any exclusions, you need to delete that section from the template.

  • Where to start ISO 9001 implementation


    Answer:

    The most important thing before starting the implementation is to obtain the management support for the implementation project. You will need to explain to the top management why the standard is important, what are the benefits and how important is their involvement in the project. For more information, see: How to get Management Buy-in for ISO 9001 https://advisera.com/9001academy/blog/2014/09/02/get-management-buy-iso-9001/
    Once you have the top management support, you need to perform a GAP analysis to determine to what extent your company is already compliant with the standard and what needs to be done to bridge those gaps. Here you can find free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
    The last step before starting the implementation is to develop a Project Plan for the implementation where you will define activities, documents, responsibilities and deadlines according to the results of the gap analysis. To download free Project Pl an for ISO 9001 implementation https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word

  • ITIL V3 vs. ITIL 2011


    Answer:
    ITIL V3 Foundation was certificate valid until ITIL refresh made in 2011. But, since changes in these two "versions" were insignificant - no need for re-certificate was necessary. So, if someone certified ITIL (Foundation level) between 2007 - 2011 (that was - V3), there is no need to do certification again (since actual version is, actually, ITIL 2001 update (only ITIL is used for this "version).

    This article provides more details: ITIL and ISO/IEC 20000 History: Parallel Worlds https://advisera.com/20000academy/blog/2013/05/01/itil-isoiec-20000-history-parallel-worlds/

  • Measuring customer satisfaction


    Answer:

    One of the key principles of ISO 9001 is customer satisfaction and I understand that in your case it is hard to obtain the information. You do not have ti set the objective to increase customer satisfaction, but it i s very common. What is important is to get some kind of initial data and than try to improve the customer satisfaction. If the objective is not met, it doesn't mean that the QMS has failed, it only means that you need to improve something and determine why the objective wasn't achieved.

    For more information, see: Main elements of handling customer satisfaction in ISO 9001 https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/

  • How to start the implementation


    Answer:

    The most important thing before starting the implementation is to obtain the management support for the implementation project. You will need to explain to the top management why the standard is important, what are the benefits and how important is their involvement in the project. For more information, see: How to get Management Buy-in for ISO 9001 https://advisera.com/9001academy/blog/2014/09/02/get-management-buy-iso-9001/

    Once you have the top management support, you need to perform a GAP analysis to determine to what extent your company is already compliant with the standard and what needs to be done to bridge those gaps. Here you can find free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

    The last step before starting the implementation is to develop a Project Plan for the implementation where you will define activities, documents, responsibilities and deadlines according to the results of the gap analysis. To download free Project P lan for ISO 9001 implementation https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word

  • Information Security in Project Management


    Answer: There are many similarities with implementing an ISMS that you can use to drive the implementation of this control:
    1 – You have to define information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with organization's objectives, the only difference is that these objectives are restricted to the scope of the project.
    2 – You have to perform at the beginning, and periodically, information risk assessments in the project, like you would do it with other business processes, to identify necessary controls
    3 – You have to ensure that information security practices are part of all phases of the project (e.g., from the issue of the project charter to project closing).

    In short, you can think about the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the projects needs and be proportional to the project' s lifetime and budget.

    This article will provide you further explanation about Information security in project management:
    - How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/

    These materials will also help you regarding Information security in project management:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
Page 914-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +