Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Where to start ISO 9001 implementation


    Answer:

    The most important thing before starting the implementation is to obtain the management support for the implementation project. You will need to explain to the top management why the standard is important, what are the benefits and how important is their involvement in the project. For more information, see: How to get Management Buy-in for ISO 9001 https://advisera.com/9001academy/blog/2014/09/02/get-management-buy-iso-9001/
    Once you have the top management support, you need to perform a GAP analysis to determine to what extent your company is already compliant with the standard and what needs to be done to bridge those gaps. Here you can find free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
    The last step before starting the implementation is to develop a Project Plan for the implementation where you will define activities, documents, responsibilities and deadlines according to the results of the gap analysis. To download free Project Pl an for ISO 9001 implementation https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word

  • ITIL V3 vs. ITIL 2011


    Answer:
    ITIL V3 Foundation was certificate valid until ITIL refresh made in 2011. But, since changes in these two "versions" were insignificant - no need for re-certificate was necessary. So, if someone certified ITIL (Foundation level) between 2007 - 2011 (that was - V3), there is no need to do certification again (since actual version is, actually, ITIL 2001 update (only ITIL is used for this "version).

    This article provides more details: ITIL and ISO/IEC 20000 History: Parallel Worlds https://advisera.com/20000academy/blog/2013/05/01/itil-isoiec-20000-history-parallel-worlds/

  • Measuring customer satisfaction


    Answer:

    One of the key principles of ISO 9001 is customer satisfaction and I understand that in your case it is hard to obtain the information. You do not have ti set the objective to increase customer satisfaction, but it i s very common. What is important is to get some kind of initial data and than try to improve the customer satisfaction. If the objective is not met, it doesn't mean that the QMS has failed, it only means that you need to improve something and determine why the objective wasn't achieved.

    For more information, see: Main elements of handling customer satisfaction in ISO 9001 https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/

  • How to start the implementation


    Answer:

    The most important thing before starting the implementation is to obtain the management support for the implementation project. You will need to explain to the top management why the standard is important, what are the benefits and how important is their involvement in the project. For more information, see: How to get Management Buy-in for ISO 9001 https://advisera.com/9001academy/blog/2014/09/02/get-management-buy-iso-9001/

    Once you have the top management support, you need to perform a GAP analysis to determine to what extent your company is already compliant with the standard and what needs to be done to bridge those gaps. Here you can find free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

    The last step before starting the implementation is to develop a Project Plan for the implementation where you will define activities, documents, responsibilities and deadlines according to the results of the gap analysis. To download free Project P lan for ISO 9001 implementation https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word

  • Information Security in Project Management


    Answer: There are many similarities with implementing an ISMS that you can use to drive the implementation of this control:
    1 – You have to define information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with organization's objectives, the only difference is that these objectives are restricted to the scope of the project.
    2 – You have to perform at the beginning, and periodically, information risk assessments in the project, like you would do it with other business processes, to identify necessary controls
    3 – You have to ensure that information security practices are part of all phases of the project (e.g., from the issue of the project charter to project closing).

    In short, you can think about the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the projects needs and be proportional to the project' s lifetime and budget.

    This article will provide you further explanation about Information security in project management:
    - How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/

    These materials will also help you regarding Information security in project management:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/

  • Information labelling


    Answer: ISO 27001 clauses do not require from an organization to include address information in documentation, so this decision is up to the organization itself, if it considers relevant to the business, it is demanded by law or contractual clauses, or as a result of a risk assessment.

    This article will provide you further explanation about information labeling:
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

    This material will also help you regarding information labeling:
    - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • ISO 27018


    Answer: For more information about ISO 27018, I suggest you to take a look at this article:

    - ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

    We also have a toolkit which covers the specific recommendations of ISO 27018. You can take a look at a free demo of this toolkit to get more information at this link: https://advisera.com/27001academy/iso-27001-iso-27017-iso-27018-cloud-documentation-toolkit/

    You just need to scroll down the screen a little to find the free demo tab.

  • Customer requirements review


    Answer:

    Depending on the type of product or service you are providing to your customer you can get information on customer requirements in different ways. Sometimes, you can send your customer questionnaire or some other record that will provide you with sufficient information on customer requirements so you can decide whether you can meet these requirements or not. Or you can have a conversation with your customer and record its requirements by yourself.

    Here you can find a free preview of our Customer Requirement Review Checklist https://advisera.com/9001academy/documentation/customer-requirement-review-checklist/

  • Quality Management Metrix


    Answer:

    The purpose of implementation of metrics in quality management system is to determine performance of the QMS. In order to achieve that, you need to define KPIs (Key Performance Indicators) for every process. KPIs should be defined in a way that provides you with information whether the process is delivering the expected outcome or some improvements are needed for the process.

    For more information, see: How to define Key Performance Indicators for a QMS based on ISO 9001 https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/

  • Context of organization for 27001


    Answer: You can understand context of organization as any internal or external factor that can affect the ISMS. As examples of external factors (something that is outside the organization's control) we can mention new technologies, competitors, and laws. As examples of internal factors (something the organization can control or have influence over) are organization's own resources and knowledge, its culture, and its employees competences. Understanding the context is essential to identify where the ISMS can be applied, its strengths and limitations.

    This article will provide you further explanation about Context of organization for 27001:
    - Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/

    These materials will also help you regarding Context of organization for 27001:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 2700 1 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 914-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +