Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Change classification
Answer: Changes are, usually, classified according to the risks and costs they have. Here are criteria for Normal changes: 1. Minor change - low risk and/or low cost 2. Significant change - medium risk and/or cost 3. Major change - high risk and/or cost This article can provide few more details: "Three key elements of assessment and evaluation of changes according to ITIL" -
ISO 27001 ISMS into ISO 13485 QMS
Answer: If the system's scopes have sufficient overlap, considering their integration it is a good option to optimize organization's efforts and resources. Additionally all ISO management systems published after 2012 have the same general structure, and this make integrating them a lot of easier.
This article will provide you further explanation about integrated management systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
These materials will also help you regarding integrated management systems:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free webinar – ISO 27001 implementatio n: How to make it easier using ISO 9001 https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/ This webinar can give you insights that can be applied to ISO 13485. -
Environmental objectives, targets and programs
Answer:
Keep in mind that requirements for targets and programs belong to 2004 version of the standard, 2015 version of the standard only has environmental objectives and plans to achieve them.
In ISO 14001:2004, environmental objectives are more general and provide directions for environmental targets that are more specific. The programs represent a set of activities to enable organization to achieve and monitor and measure achievement of the environmental objectives and targets. For example, your environmental objective can be to decrease pollution, and one of the targets can be to decrease CO2 emissions by 20%, the program would be to install the filters and monitor the CO2 emission.
For more information, see: How to write ISO 14001 environmental targets for your organization https://advisera.com/14001academy/blog/2015/05/25/how-to-write-iso-14001-environmental-targets-for-your-organization/
Here you can download free preview of our template Environmental Objectives and Plans for Achieving Them https://advisera.com/14001academy/documentation/environmental-objectives-targets-and-programs/ -
ISO 27001 trainings
Answer: To undertake our practice exams you only have to enroll for course you want and go through the whole course before taking the exams. It is totally free. If you wish to go for the certification you will have to purchase the exam and schedule the time at you convenience.
Here are the links if you want to access the practice exams:
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
And these are the links if you want to purchase an exam eligible to certification:
- ISO 27001:2013 Foundations Course exam eligible to certification https://www.bluesnap.com/jsp/buynow.jsp?contractId=3287768
- ISO 27001:2013 Internal Auditor Course exam eligible to certification https://www.bluesnap.com/jsp/buynow.jsp?contractId=3287770
Here you can find other information about our online courses:
- Online courses FAQ https://advisera.com/support/knowledgebase_category/online-courses/ -
Implementing ISO 27001 with Documentation toolkit
Answer: Yes. Since ISO 27001 is an international standard, we developed our toolkits, including those for consultants, following the same standard's principles regarding their use by organizations all around the world, so the toolkit will help you implementing ISO 27001 regardless the country where the organization is.
At the moment we do not have the toolkit translated to Japanese (languages available are English, Deutch, Spanish, Dutch, Croatian, Portuguese, French, Russian and Polski.
This article will provide you further explanation about ISO 27001 implementation project:
- ISO 27001 implementati on checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These materials will also help you regarding ISO 27001 implementation project:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- How to use a Documentation Toolkit for the implementation of ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/ -
Documents and records
Answer: Basically documents refer to information used to plan or define activities, while records are used as evidence of activities done or results achieved. Considering your examples, we have:
Scope: document that defines where the ISMS is applicable.
Information Security policy: document that defines the main rules about information security.
Risk assessment: If you refer to Risk Assessment Methodology, it is a document that defines how to perform a risk assessment. On the other hand, if you refer to Risk Assessment Report, it is a record that evidences the results of an risk assessment.
Training, monitoring and measurement, internal audit: for all these you must be more specific, because if you are referring to a procedure or a policy, you are talking about a document, but if you refer, f or example, to a training attendance list, monitoring or internal audit report, you are referring to a record.
This article will provide you further explanation about records in ISO 27001:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
These materials will also help you regarding documents and records in ISO 27001:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Toolkit content
- 7.1 prior to employment, 7.2 During employment, and 7.3 termination and change of employment
- 8.1 responsibility for assets and 8.3 media handling
- 12.1. 1 Operational procedures and responsibilities, 12.1.3 Capacity Management, 12.2.1 controls against malware, and 12.4.1 event logging
my current priority is work on on operations securities.
Answer: ISO 27001 does not require each control in Annex A to be implemented, only those deemed necessary as result or risk assessments, legal requirements or organizational decision. To see the required documents by the standard, and the most common documents implemented to support an ISMS, please see this article: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Our toolkits focus on small and mid-size companies, and that's the reason we do not write documents to cover each control - for thos e companies this large number of documents would result in an overkill for many of them. Instead of that a single template may cover multiple controls.
To answer your question, controls from section A.7.1 are covered by documents Confidentiality Statement (control A.7.1.2 ), Statement of Acceptance of ISMS Documents (control A.7.1.2), Supplier Security Policy (controls A.7.1.1 and A.7.1.2), and Appendix – Security Clauses for Suppliers and Partners (control A.7.1.2 ).
In the root folder of the toolkit you'll find a document called "List of Documents" which will explain which control is covered by which document. -
ISO 27001 Presentation to Top Management
Answer: Yes. Using the link displayed below you can access a free presentation covering:
- The reasons for implementation
- The purpose of the project
- What milestones to set throughout the project
- Which resources are required
- The deliverables expected from the project
Project proposal for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint
This article will provide you further explanation about benefits of ISO 27001 implementation:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
These materials will also help you regarding benefits of ISO 27001 implementation:
- ISO 27001 benefits: How to obtain management support [free webinar] https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/ -
CISM and ISACA
Answer: We are focused on ISO management standards and related material, but we have some articles regarding how these materials can help implementation and operation of an ISMS - ISO 27001 based:
- How personal certificates can help your company’s ISMS https://advisera.com/27001academy/blog/2014/10/06/how-personal-certificates-can-help-companys-isms/
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/ -
Integrating ISO management systems
Answer: All ISO management systems published after 2012 have the same general structure, and this make integrating them a lot of easier. In the integration process you should consider two phases:
1 - Integration of the common parts of ISO management systems, e.g., control of documents, internal audit, training, management review, etc. These have basically all the same requirements, requiring only minor adjustments to refer to all systems covered
2 - Integration of the specific parts of each system (basically sections 6 and 8 of each standard). Regarding ISO 27001, this means including in the organizational process the activities related to information security risk assessment and treatment processes.
This article will provide you further explanation about integrating ISO management systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
These materials will also help you reg arding integrating ISO management systems:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free webinar – ISO 27001 implementation: How to make it easier using ISO 9001 https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/