Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Annual auditing of controls


    Answer: After the certification, both the internal audits and the surveillance audits (from the certification body) are mandatory - therefore, you cannot avoid any of them.

    2- The other question is what you do see as the benefit of having a minimal annual system penetration testing performed as part of the internal audit?

    Answer: Penetration testing, by effectively trying to breach the system, offers the benefit of increasing the assurance that operational systems are well developed, configured and up to date regarding vulnerabilities patching, something that simple documentation review cannot offer.

    This article will provide you further explanation about auditing of controls:
    - Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/ surveillance-visits-vs-certification-audits/
    - How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/

    These materials will also help you regarding auditing of controls:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Do we have to use the control A.12.1.4 for all software development processes?

    Thank you for your time and informative reply. So, we should evaluate not to implement relevant contro by using the outcome of risk mangement. This makes quite sense. Thanks again

  • ISO 27001 implementation benefits


    Answer: Implementing ISO 27001 can bring benefits regarding enhancement of competitive edge, expenses reduction, easiness to achieve compliance, and improvement of internal organization.

    The consequences of not being certified will depend on the industry in which you operate, but may include not being able to negotiate with customers which require certification from suppliers, or even not being able to operate in the industry, if laws and regulations require this kind of certification.

    This article will provide you further explanation about ISO 27001 implementation benefits:
    - Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/

    These materials will also help you regarding ISO 27001 implementation benefits:
    - ISO 27001 benefits: How to obtain management support [ free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • IGSOC

    I would like to purchase the same

  • ISMS maintenance


    Answer: For ensure the maintenance of a certified ISMS you should cover these general points:

    1 - ensure that all the activities described in your policies and procedures are performed accordingly
    2 - ensure monitoring and measurement of ISMS performance
    3 - perform internal audits, management review, and corrective actions

    And inside all these points you must ensure risk assessments are reviewed and documentation is updated, or you may finish with an obsolete ISMS.

    This article will provide you further explanation about ISMS maintenance:
    - How to maintain the ISMS after the certification https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/

    These materials will also help you regarding ISMS maintenance:
    - Book ISO 27001 Risk Managemen t in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • Determining root cause of nonconformity

    What Might be the root cause of the above?
    Your assistance will be much appreciated.

    Answer:

    There are several methods for determining the rot cause but the most popular is 5Why method that requires you to ask the question "Why" five times to determine what caused the nonconformity. In this particular case, there can be various reasons why the report wasn't written, tit can be, for example, because the internal auditor didn't have enough experience and forgot to write the report but it is hard to make assumptions without proper investigation.

    For more information about root cause identification, see: How to use root cause analysis to support corrective actions in your QMS https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/

  • Determining scope of QMS

    Thanks for your understanding and i am looking forward to your reply.

    Answer:

    ISO 9001 allows you to limit the scope of QMS to only a part of your company and part of your services. You can decide not only to limit scope on several services you provide but also on several locations of your company instead of covering the entire company. Only when documenting the scope, you need to list exactly to what services, locations and departments the QMS is applied. For more information about determining the scope, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/

  • Creating procedure for competence


    Answer:

    The best way to create the procedure is to follow requirements of the standard. Procedure for competence should include information of how you determine the necessary competence, how you achieve the necessary competence (e.g. via training) and how you evaluate effectiveness of the training. Here you can find free preview of Procedure for Competence, Training and Awareness https://advisera.com/9001academy/documentation/procedure-human-resources/

    Unfortunately, we do not have the template for job descriptions, but such document should contain information about the job position and necessary competence/experience. It shou ld be made separately for each job position but rather to be one single document that contain job descriptions for every position in the company.

  • Continual improvement verification


    Answer: You understanding is correct. Continual improvement can be verified in all clauses from 4 to 10. Questions to ask, to check if continual improvement should be considered for a clause, should consider changes in the environment, results of monitoring and measurement, or decision from management review, since these are the main sources of the need to improve processes, procedures and controls.
Page 941-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +