Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Measuring customer satisfaction
Answer:
One of the key principles of ISO 9001 is customer satisfaction and I understand that in your case it is hard to obtain the information. You do not have ti set the objective to increase customer satisfaction, but it i s very common. What is important is to get some kind of initial data and than try to improve the customer satisfaction. If the objective is not met, it doesn't mean that the QMS has failed, it only means that you need to improve something and determine why the objective wasn't achieved.
For more information, see: Main elements of handling customer satisfaction in ISO 9001 https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/ -
How to start the implementation
Answer:
The most important thing before starting the implementation is to obtain the management support for the implementation project. You will need to explain to the top management why the standard is important, what are the benefits and how important is their involvement in the project. For more information, see: How to get Management Buy-in for ISO 9001 https://advisera.com/9001academy/blog/2014/09/02/get-management-buy-iso-9001/
Once you have the top management support, you need to perform a GAP analysis to determine to what extent your company is already compliant with the standard and what needs to be done to bridge those gaps. Here you can find free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
The last step before starting the implementation is to develop a Project Plan for the implementation where you will define activities, documents, responsibilities and deadlines according to the results of the gap analysis. To download free Project P lan for ISO 9001 implementation https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word -
Information Security in Project Management
Answer: There are many similarities with implementing an ISMS that you can use to drive the implementation of this control:
1 – You have to define information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with organization's objectives, the only difference is that these objectives are restricted to the scope of the project.
2 – You have to perform at the beginning, and periodically, information risk assessments in the project, like you would do it with other business processes, to identify necessary controls
3 – You have to ensure that information security practices are part of all phases of the project (e.g., from the issue of the project charter to project closing).
In short, you can think about the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the projects needs and be proportional to the project' s lifetime and budget.
This article will provide you further explanation about Information security in project management:
- How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/
These materials will also help you regarding Information security in project management:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/ -
Information labelling
Answer: ISO 27001 clauses do not require from an organization to include address information in documentation, so this decision is up to the organization itself, if it considers relevant to the business, it is demanded by law or contractual clauses, or as a result of a risk assessment.
This article will provide you further explanation about information labeling:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
This material will also help you regarding information labeling:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
ISO 27018
Answer: For more information about ISO 27018, I suggest you to take a look at this article:
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
We also have a toolkit which covers the specific recommendations of ISO 27018. You can take a look at a free demo of this toolkit to get more information at this link: https://advisera.com/27001academy/iso-27001-iso-27017-iso-27018-cloud-documentation-toolkit/
You just need to scroll down the screen a little to find the free demo tab. -
Customer requirements review
Answer:
Depending on the type of product or service you are providing to your customer you can get information on customer requirements in different ways. Sometimes, you can send your customer questionnaire or some other record that will provide you with sufficient information on customer requirements so you can decide whether you can meet these requirements or not. Or you can have a conversation with your customer and record its requirements by yourself.
Here you can find a free preview of our Customer Requirement Review Checklist https://advisera.com/9001academy/documentation/customer-requirement-review-checklist/ -
Quality Management Metrix
Answer:
The purpose of implementation of metrics in quality management system is to determine performance of the QMS. In order to achieve that, you need to define KPIs (Key Performance Indicators) for every process. KPIs should be defined in a way that provides you with information whether the process is delivering the expected outcome or some improvements are needed for the process.
For more information, see: How to define Key Performance Indicators for a QMS based on ISO 9001 https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/ -
Context of organization for 27001
Answer: You can understand context of organization as any internal or external factor that can affect the ISMS. As examples of external factors (something that is outside the organization's control) we can mention new technologies, competitors, and laws. As examples of internal factors (something the organization can control or have influence over) are organization's own resources and knowledge, its culture, and its employees competences. Understanding the context is essential to identify where the ISMS can be applied, its strengths and limitations.
This article will provide you further explanation about Context of organization for 27001:
- Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
These materials will also help you regarding Context of organization for 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 2700 1 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Mandatory documents
1 - The format of the entire 27001 Standard. Do you have a sample format of what would need be presented to the external auditor please, ie. all the documents please?
Answer: Unfortunately, we cannot provide you the ISO 27001 standard itself because it is protected with intellectual property rights - you can purchase it directly from the ISO website: https://www.iso.org/standard/54534.html You can download this free white paper from our website which provides some deeper insight into the standard: Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
If your question was about policies and procedures that need to be produced as part of ISO 27001 implementation, you can find them in this ISO 27001 Documentation Toolkit: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
2 - Do you have a sample Documents List where all the ISO 27001 documents are listed and numbered?
Answer: In article you wil l find explanation about all ISO 27001 mandatory documents, as well as the most common practices adopted by organizations: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
But you should also note that the results of a risk assessment and treatment may demand additional documentation. Please, see this article for more information: 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
These materials will also help you regarding mandatory documents:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Auditor selection
Answer:In case of certification bodies, you can use this article as reference: How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
For the selection of an auditor or consultant to help you with ISO 27001 certification I suggest you to take a look a this material: List of questions to ask your ISO 27001/ISO 22301 consultant https://info.advisera.com/27001academy/free-download/list-of-questions-to-ask-an-iso-27001-iso-22301-consultant
This list of questions cover areas like knowledge of industry, use of methodologies and payment conditions you can use to evaluate potential candidates.
This material will also help you regarding selection of auditors and certification bodies:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/