Search results

Home / Search

Category:
Select
Select

11268 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Implementing a Business Impact Analysis according ISO 22301

    Escribo porque des afortunadamente en mi computadora no me fue posible escuchar el webinar de hoy (30/03/2017) y quisiera saber cuando sera el próximo webinar sobre el mismo tema?

    (Surely a webinar full of professionalism and wisdom.
    I write because fortunately on my computer I was not able to hear the webinar today (03/30/2017) and I would like to know when the next webinar will be on the same subject?)

    Answer: The next webinar about implementing BIA according ISO 22301will be on November 23, but at this link you can access the recorded webinar: https://advisera.com/27001academy/es/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/

    Tengo varias preguntas relacionadas con el tema de hoy:

    1. Mencionar estándares internacionales que puedan ser utilizados para implementación de un sistema de gestión de continuidad de negocio?

    (I have several questions related to today's topic:
    1. Mention international standards that c an be used to implement a business continuity management system?)

    Answer: Besides ISO 22301, ISO 22313 and NFPA1600, I suggest you to take a look at these article: Information security & business continuity standards https://advisera.com/27001academy/knowledgebase/information-security-business-continuity-standards/

    These articles will provide you further explanation about other standards:
    - NFPA 1600 vs. ISO 22301 – Similarities and differences https://advisera.com/27001academy/blog/2013/11/05/nfpa-1600-vs-iso-22301-similarities-and-differences/
    - ISO 22301 vs. ISO 22313 https://advisera.com/27001academy/blog/2013/05/21/iso-22301-vs-iso-22313/

    2. 5 elementos que deban considerarse para la implementación de un sistema de gestión de continuidad de negocio.

    (5 elements that must be considered for the implementation of a business continuity management system.)

    Answer: For a successful Business Continuity Management System implementation you should consider Business continuity policy, BIA, BC Strategy, BC Plans, and Exercising & testing.

    3. 3 eventos que puedan afectar la continuidad de negocio de una institución bancaria?

    (3 events that may affect the business continuity of a banking institution?)

    Answer: Considering the interconnected banking industry today unplanned IT and telecom outages, cyberattacks and data breaches could be on many top 10 lists of disruptive events.

    4. Que actividades y aspectos consideras que son necesarios considerar para la elaboración de un BIA?

    (What activities and aspects do you consider necessary to consider for the development of an BIA?)

    Answer: The establishment of a BIA methodology, engagement of top management, participation of processes key users, and the use of a facilitator with experience on performing business impact analysis. This is all covered in the webinar.

    5. Por ejemplo si un incendio afectó las oficinas centrales de un banco un domingo por la madrugada. La situación es tan critica que ningún empleado puede ingresar al edificio. Considerando que el banco cuenta con un plan para este tipo de incidente, según tu experiencia que recursos, estrategias y actividades pueden estar detalladas en dicho plan?

    (For example, if a fire affected the central offices of a bank on a Sunday in the morning. The situation is so critical that no employee can enter the building. Considering that the bank has a plan for this type of incident, according to your experience what resources, strategies and activities can be detailed in this plan?)

    Answer: Considering this scenario, a strategy that should be considered is the definition of an alternative site from where people can initiate their work on Monday. Generally bank institutions have extremely short recovery times, so this alternative should be a warm or hot site. In terms of resources and activities, without further details it is not possible to define them, but generally speaking, you should consider transportation for employees, recovering of IT systems and databases, and communication with the media.

    This article will provide you further explanation about Business Impact Analysis according ISO 22301:
    - How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

    This material will also help you regarding Business Impact Analysis according ISO 22301:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • Auditor's opinion

    How do you think that would be viewed by the auditor? Answer: Hypothetically speaking, all will depend on the justification for accepting the risk - if such justification does not exist, or it is not plausible, this situation is a nonconformity. This article will provide you further explanation about how an auditor thinks: - Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/ - Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

  • Convergence of ISO 27001 and ISO 22301


    Answer: First of all, you need to understand that you cannot achieve convergence with a single document. Both management systems are composed by many different subprocesses that would make unpractical and very confusing to centralize them in a single document.

    That said, ISO 27001 and ISO 22301 have many similar requirements, which makes easier to integrate them. Considering the possibility of integration, I suggest you to take a look in the free demo of our ISO 27001 & ISO 22301 Premium Documentation Toolkit, which can help you implement both standards. You can access the free demo at this link: https://advisera.com/27001academy/iso-27001-22301-premium-documentation-toolkit/ .

    This article w ill provide you further explanation about integrating management systems:
    - How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
    - ISO 27001 & ISO 22301: Why is it better to implement them together? [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/

    These materials will also help you regarding ISO 27001 and ISO 22301 integration:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • HIPAA and ISO 27001


    Answer: Basically, HIPPA is not so strong on information security management requirements as ISO 27001, and ISO 27001 is not so strong on privacy controls required by HIPAA. So, you can speed up your ISO 27001 compliance in the implementation phase where you perform the risk assessment and implement risk treatments, since besides privacy and incident management controls, other controls implemented to fulfil HIPAA's requirements can be mapped to ISO 27001 Annex A and help build ISO 27001 Statement of Applicability. Besides that, you can make use of ISO 27799 (ISO standard related to personal health information) to cover privacy controls. Unfortunately at this moment we do not have a mapping between ISO 27001 and HIPAA)

    This article will provide you further explanation about ISO 27799:
    - How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/

  • BIA and risk assessment

    1 - The BIA includes a risk assessment?

    Answer: The risk assessment process is independent of the BIA process, but BIA can make use of the results of risk assessment to help improve the reliability of its results (by identifying the risks you’re most exposed you can focus on consequences of those incidents). You should note that ISO 22301 documentation toolkit does not include the risk assessment documents, but they can be purchased separately

    2 - Should The BIA questionnaire be different for every business unit into the company?

    Answer: The general framework of the questionnaire is the same (what are the critical processes, how long you can support an disruption of the process, in how much time you have to resume minimal and normal operations, etc.), but some questions may be adjusted accordingly each business unit (for example, a production unit may have specific questions about equipment, while research and development should add more questions related to information protection). You also should note that answers will be different from one department to another.

    This article will provide you further explanation about BIA and risk assessment:

    - Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/

    - How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

    These materials will also help you regarding BIA and risk assessment:

    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • ISO 27001 clause 7


    Answer: Clause 7.1 refers to provision of resources used by the ISMS, and you can find examples of those defined on risk treatment plans, plans to achieve security objectives and plans for corrective actions. So, I suggest you to read these articles:
    - Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
    - ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

    For information about ISO 27001 clause 7.2 I suggest you read these articles:
    - How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
    - 8 Sec urity Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/

    These materials will also help you regarding ISO 27001 clause 7:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Auditor support material


    Answer: First of all, I'd like to thank you for attending our course. I hope that information will help improve your skills and satisfaction of your clients.

    For assistance in your assessment, I suggest you to take a look at the free demo of our ISO 27001/ISO 22301 Internal Audit Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/

    This toolkit has everything you need to plan, perform and report an audit activity. To find the free demo tab you only have to scroll down the screen a little.

    This article will provide you further explanation about audit activities (you can adapt the concepts of this article to an internal audit context):
    - Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questio ns-will-the-iso-27001-certification-auditor-ask/

    This material will also help you regarding audit activities:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Quality manual and procedures in small company


    Answer:

    There are basically two options when writing the documentation. you can ether put your procedures into quality manual or make reference to them in the manual and write them as separate documents.

    Since you are implementing the standard in a small company, maybe it would be better if you include the procedures in the manual instead of having them as separate documents. These procedures don't have to be too detailed, you can shortly describe how the processes are carried out and what records are used within the process.

    For more information, see: Writing a short Quality Manual https://advisera.com/9001academy/knowledgebase/writing-a-short-quality-manual/

  • Auditing marketing and sales against ISO 14001 and OHSAS 18001

    We are preparing now for ISO 14001, OHSAS 18001 certification and we are conducting the internal audits now, does marketing and sales operations should be involved in the internal audit cycle?
    If yes, what are the references that I can conduct my audit based on it? And what are the type of questions that should be asked?

    Answer:

    If the marketing and sales departments are part of the scope of your implementation of ISO 14001 and OHSAS 18001, you should definitely audit them. Unlike ISO 9001 where you have specific requirements that relate to these requirements, ISO 14001 and OHSAS 18001 have more general requirements that can apply to any process or department.

    First thing to be audited is whether the identification and evaluation of environmental aspects and occupational health and safety hazards is conducted for these processes and then whether the operational controls for environmental protection and occupational health and safety are implemented.

    For more information, see: Internal Audits in the EMS: Five Main Steps https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/
Page 927-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +