Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • BCP project budget


    Answer: For budgeting your BCP project you need to specify as much as possible:
    - the scope you will have to work on, in terms of customer's organization number of processes, people and locations involved;
    - the activities you will perform, such as Business impact analysis, risk assessment, documents elaboration, training, etc.;
    - information of previous similar projects you can use as reference

    These information will help you estimate how many plans you will need to develop and the people you will need to complete the project in the specified duration.

    Roughly speaking, you can consider costs divided this way:
    - project plan: 5% to 10%
    - diagnostic (BIA, Risk assessment, etc.): 20%
    - BCPs elaboration and people training: 50%
    - BCP's tests: 20% to 25%

    It is important to note that you have to make clear to your client that the costs involved in the implementation of controls related to BCPs (e.g., acquisition of equipment, implementation of new process, etc.) will be available only after BIA and risk assessment.

    This article will provide you further explanation about BCP project:
    - Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/

    These materials will also help you regarding BCP project:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
    - How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project (although you are not planing for a BCMS, the project structure is rather similar).

  • Cambios en los procedimientos

    He recibido esta pregunta: Cómo se debe realizar los procedimientos de la ISO 14001 versión 2015 y si son diferentes a los de la ISO 14001 versión 2004 Respuesta: En la nueva norma 14001:2015 hay partes que han sufrido cambios más significativos y otras sólo cambios menores. Por ejemplo, en la nueva versión existen 16 documentos obligatorios y registros, mientras que en la anterior versión de 2004 eran únicamente 12. Entre los nuevos requisitos más importantes se encuentran el contexto de la organización (cláusula 4) y las acciones para abordar riesgos y oportunidades (cláusula 6.1), mientras que otros requisitos se han eliminado. Esto significa que será necesario redactar nuevos procedimientos pero que otros podrán mantenerse de manera similar. Para más información, vea: https://advisera.com/14001academy/es/knowledgebase/infografia-iso-140012015-vs-2004-que-ha-cambiado/

  • Evaluation of QMS performance and effectiveness


    Answer:

    In order to be able to evaluate performance of the QMS, you need to define KPI (key performance indicators) to be measured. KPIs should be some indicator that will tell you whether your process is delivering what you expect from it. For example, it can be number of nonconformities during storage against total amount of stored products. For more information, see: How to define Key Performance Indicators for a QMS based on ISO 9001 https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/

    When trying to determine effectiveness of the QMS, the main question is whether the QMS is really achieving its objectives. This is the ultimate measure of QMS effectiveness.

  • Meeting requirements of clause 8.5.1 f) - validation

    If “motor winding & wielding” are not incorporated in your product clause 8.5.1 f) is not applicable.

    If “motor winding & wielding” services are considered relevant perhaps your organization should include requirements for your suppliers of those products.

  • Control of external providers


    8.4.2 The type and extent of the controls to be applied to the external provision and processes, products and services have been determined

    What documentation would LRQA Assessor require?

    Answer:

    As you can see the standard does not have explicit requirements for documentation regarding controls of external providers. The amount of documentation in this regard will depend on the type and extent of the controls you enforce to your external providers but in most cases the contract, work instruction or similar will the auditor require to see during the audit.

    For more information, see: How to control outsourced processes using ISO 9001 https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/

  • El nuevo contexto de la organización

    He recibido esta pregunta: Estoy en proceso de certificarme en ISO 9001:2015 y tengo dudas respecto al punto 4 de la norma que habla del contexto de la organización Respuesta: La cláusula 4 es un nuevo requerimiento de la norma ISO 9001:2015 para la organización en la cual es necesario considerar no sólo cuestiones internas sino también externas que pueden causar un impacto en los objetivos estratégicos y la planificación del Sistema de Gestión de Calidad. Esto implica que necesitará definir algunos elementos de la organización y cómo estos son reflejados en el SGC, por ejemplo, el tamaño de la organización, mercados, consumidores, etc. Para más información, vea: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-identificar-el-contexto-de-la-organizacion-en-iso-90012015/

  • Benefits from ISO 27018


    To give you some context, my organisation is a SaaS, providing Cloud Products and Services to our customers (who typically use our software).
    As an organisation, we utilise Cloud IaaS from some of the Big Vendors. So, we are a SaaS, not actually a Cloud Infrastructure Service provider.

    We already understand the benefits of ISO27001, and are leaning towards establishing a program towards compliance. however, given our business profile, do you think it would be a good fit to extend our control environment to include ISO 270018.

    Answer: You can think of ISO 27018 the same way as ISO 27002, a set of detailed recommendations on how to implement controls described in ISO 27001 Annex A, the difference being that ISO 27018 focuses on recommendations to protect personally identifiable information (PII) in cloud environments. It can be used both by cloud services providers, which can use the standards recommendations to improve their security controls, and cloud custom ers, that can use the standard to help them verify is potential or current providers have proper controls to protect their PII information.

    Considering this, for your second question I can say yes, as a Cloud IaaS customer, your organization can benefit by extending you control environment to include recommendations from ISO 27018 with the purpose to have a better basis to evaluate security controls for PII implemented by your cloud providers.
    This article will provide you further explanation about ISO 27018:

    - ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

  • Scope of second party audit


    Answer:

    This situation is very strange. The scope of the customer audit can only include the processes and products they are using and you can prohibit them from auditing other processes and facilities. Taking pictures of processes and documents is completely off limits, you cannot allow this. There cannot be an agreement that can grant them this especially if they are not using products produced in this way.

    They will probably try to threaten you with canceling the contract or something like that but you should endure. This sounds like behaviour of some big company but sometimes is better to lose some contract th an to allow third party to find out all sensitive information about the company.

    For more information, see: First-, Second- & Third-Party Audits, what are the differences? https://advisera.com/9001academy/blog/2015/02/24/first-second-third-party-audits-differences/

  • Implementing clause 4.4


    Answer:

    Clause 4.4 of ISO 9001:2015contains general requirements for QMS (Quality Management System) and it cannot be fulfilled by single document or process but rather with establishing the entire system. You will need to identify all the processes, determine their interaction and sequence, inputs and outputs and so on. Basically, by defining each process, documenting procedures and performing the processes, you will meet requirements of this clause.

    For more information, see: How do you prove to the certification auditor that QMS processes are carried out as planned? https://advisera.com/9001academy/blog/2016/12/13/how-do-you-prove-to-the-certification-auditor-that-qms-processes-are-carried-out-as-planned/

  • Implantación del SGC

    The first step that needs to be done is the company´s decision to follow the ISO 9001 as the guide for the QMS. Thus, the organization will need to carry out the creation and documentation of its QMS according to ISO 9001. After some time, and having assesed internal audits and al least one management review, the implementation will be completed. Finally, a certification body will verify that the company meets the standard.
Page 920-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +