Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Sources of requirements
Answer: 'Document stipulating the requirement' is any documentation with needs or expectations that can be measured in terms of information security characteristics. Examples of documents that stipulate requirements are contracts (e.g., Non Disclosure Clauses, which refers to confidentiality), service level agreements (e.g., clauses which define minimal availability to be delivered, like 99.999% availability during a year), and regulations (e.g., EUGDPR, which define how EU Citizens private information must be handle by organizations that offers services to EU, which also refers to confidentiality).
These materials will also help you regarding sources of requirements:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- F ree online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Duration of ISO 27001 implementation
Answer: To identify the time required to implement ISO 27001:2013 you can use our Free ISO 27001 Duration Implementation Tool, which takes into account the effect of other management systems that are implemented. The link for the tool is https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/
Now, taking into account you are also planning to implement ISO 9001:2015, you can consider saving up to 30% in the time of implementing ISO 27001, because these two standards have a lot of requirements in common. The savings may be greater if they are implemented at same time as an integrated system, but without more detailed information we are unable to properly evaluate that.
This article will provide you fu rther explanation about ISO 27001 implementation:
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
I also suggest you to take a look at Conformio, our online ISO tool that can provide you a very detailed list of steps that need to be done to implementation ISO 27001, as well as other resources to make your implementation easier. We offer a Free plan includes access for 10 users to ISO guidance, document management system, task management, social intranet, and 1 GB of storage. The link for Conformio is https://advisera.com/conformio/ -
Project risk assessment
Quite clear now. Appreciate your response. Thanks. -
ISO 9001:2015 documentation level
Answer:
Not all processes need to be documented and this version of the standard aims to decrease the amount of documentation. The documentation should be a balance between the competence of employees and complexity of processes. If you have competent employees you don't have to document every singe activity, the same is for the simple processes. Instead of writing procedures, sometimes it can be much easier to develop process flowchart or Quality Plan. For more information, see: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/ -
Gaining competence for ISO 9001:2015
Answer:
There is no requirement for the top management to get training in ISO 9001 requirements. The auditors, on the other hand, must get familiar with the standard requirements in order to be able to audit the system. They can get familiar with the standard by themselves or take some in-house or external course, but they do not have to have the certificate.
Here you can find our free ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/ -
The transition and the document coding system
For example, I have a flow-down list of document numbers, however it only lists one form number for a calibration list, using F-715-001. Currently we have a calibration form for each piece of lab equipment. Same form just, individual form for each thermometer, balance, etc. Would this form then be F-715-002?
Answer:
New version of the standard doesn't change the coding system, so you can keep the existing one and there is no reason for change. What will change during the transition are the documents themselves and their version number should be changed but they can have the same identification code.
For more information, see:
- New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/ -
How to address life cycle perspective in providing services?
The life cycle perspective is not relevant for every type of business in the same way, the service companies will have far less difficulties meeting this requirement. In case of logistic company, you will basically examine the steps you go through when delivering the product and determine that environmental aspects regarding each step and it will overlap with your processes such as transportation and storage.
So, in your case you only need to identify and evaluate environmental aspects in your processes and there is no need for further assessments. For more information about life cycle perspective, see: Lifecycle perspective in ISO 14001:2015 – What does it mean? https://advisera.com/14001academy/blog/2017/02/20/lifecycle-perspective-in-iso-140012015-what-does-it-mean/ -
ISO 20000 / ISO 27001 cost of implementation
There are two calculators which can help you:
ISO 27001 - "Return on Security Investment Calculator" https://advisera.com/27001academy/free-tools/free-return-security-investment-calculator/
ISO 20000 - "ITIL Return On Investment (ROI) Calculator" https://advisera.com/20000academy/itil-iso-20000-tools/roi-calculator/ (although it's ITIL calculator, it can help you with ISO 20000).
Additionally, there are some articles which explain this topic:
"How much does the ITIL/ISO 20000 implementation cost?" https://advisera.com/20000academy/blog/2016/12/13/how-much-does-the-itiliso-20000-implementation-cost/
"How much does ISO 27001 implementation cost?" https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/ -
ISO 27001 and ISO 9001 integration
Answer: Yes, both standards have the same structure and can be implemented as an integrated system. This article will provide you further explanation about ISO 27001 and ISO 9001 integration: - How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/ - Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/ These materials will also help you regarding ISO 27001 and ISO 9001 integration: - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-14001-internal-auditor-course/ - ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/ -
Applying ISO principles in practice
Answer:
I'm not sure what ISO principles do you mean, but I assume your thinking of ISO 9001 principles. New version of the standard has 8 principles instead of 7 in the previous version. The principles are translated into requirements of the standard and by meeting the requirements, you will apply the quality principles.
There is no requirements for expertise regarding the principles, they only need to be applied through compliant with the standard and establishing the Quality Management System. For more information on quality principles, see: Seven Quality Management Principles behind ISO 9001 requirements https://advisera.com/9001academy/blog/2014/02/04/seven-quality-management-principles-behind-iso9001-requirements/