Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
IGSOC
I would like to purchase the same -
ISMS maintenance
Answer: For ensure the maintenance of a certified ISMS you should cover these general points:
1 - ensure that all the activities described in your policies and procedures are performed accordingly
2 - ensure monitoring and measurement of ISMS performance
3 - perform internal audits, management review, and corrective actions
And inside all these points you must ensure risk assessments are reviewed and documentation is updated, or you may finish with an obsolete ISMS.
This article will provide you further explanation about ISMS maintenance:
- How to maintain the ISMS after the certification https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/
These materials will also help you regarding ISMS maintenance:
- Book ISO 27001 Risk Managemen t in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Determining root cause of nonconformity
What Might be the root cause of the above?
Your assistance will be much appreciated.
Answer:
There are several methods for determining the rot cause but the most popular is 5Why method that requires you to ask the question "Why" five times to determine what caused the nonconformity. In this particular case, there can be various reasons why the report wasn't written, tit can be, for example, because the internal auditor didn't have enough experience and forgot to write the report but it is hard to make assumptions without proper investigation.
For more information about root cause identification, see: How to use root cause analysis to support corrective actions in your QMS https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/ -
Determining scope of QMS
Thanks for your understanding and i am looking forward to your reply.
Answer:
ISO 9001 allows you to limit the scope of QMS to only a part of your company and part of your services. You can decide not only to limit scope on several services you provide but also on several locations of your company instead of covering the entire company. Only when documenting the scope, you need to list exactly to what services, locations and departments the QMS is applied. For more information about determining the scope, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/ -
Creating procedure for competence
Answer:
The best way to create the procedure is to follow requirements of the standard. Procedure for competence should include information of how you determine the necessary competence, how you achieve the necessary competence (e.g. via training) and how you evaluate effectiveness of the training. Here you can find free preview of Procedure for Competence, Training and Awareness https://advisera.com/9001academy/documentation/procedure-human-resources/
Unfortunately, we do not have the template for job descriptions, but such document should contain information about the job position and necessary competence/experience. It shou ld be made separately for each job position but rather to be one single document that contain job descriptions for every position in the company. -
Continual improvement verification
Answer: You understanding is correct. Continual improvement can be verified in all clauses from 4 to 10. Questions to ask, to check if continual improvement should be considered for a clause, should consider changes in the environment, results of monitoring and measurement, or decision from management review, since these are the main sources of the need to improve processes, procedures and controls. -
Business continuity management certification
Answer: Yes, if you want to be compliant with the standard you need to comply with all its requirements. Of course, you can use some guidelines from other frameworks like ISO 22313, DRII or NFPA 1600, but at the end of the day you need to be fully compliant with ISO 22301.
2 - Does the certification body certify BCM implementation against other standard? I. e. Does the certification body certify against DRII professional standard?
Answer: As far as I know, certification bodies certifies BCMS only against ISO 22301, since as a international standard, it would be the logical choice for certification in a global economy. The certifications issued by DRII are for people, not organizations, but you have to contact the specific certification body to know if it works with personal certifications.
This article will provide you further explanation about business continuity management certification:
- ISO 27001 certific ation for persons vs. organizations https://advisera.com/27001academy/iso-27001-certification/
These materials will also help you regarding Business continuity management certification:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/ -
Organizational context identification
Answer: Following the sequence recommend to implement an ISMS, you should start identifying the organizational context, the internal and external issues considered most relevant to ISMS (e.g., geographical location, organizational culture, public infrastructure available, etc.), and the interested parties, the relevant people with interest in ISMS results (e.g., clients, suppliers, top management, employees, etc). By knowing the internal and external issues interested parties, you can start think about which kind of questions you should ask.
This article will provide you further explanation about recommend steps to implement an ISMS:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These articles will provi de you further explanation about organizational context identification:
- Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
These materials will also help you regarding organizational context identification and recommend steps to implement an ISMS:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISO Internal auditor vs Certified internal auditor
Answer: Internal auditor certification is basically appropriate if you intend to work as internal auditor, and it doesn't have such visibility as e.g. Lead auditor certification. Both are recognized internationally, but the difference is in the level of knowledge (and status). I'm not very familiar with the Certified Internal Auditor, so I couldn't compare them.
If you go for our ISO 27001 Internal Auditor Course, the certification exam is currently US$ 99 although we're preparing to change our pricing policy soon: https://advisera.com/training/iso-27001-internal-auditor-course/
See also these articles:
- ISO 27001 Internal Auditor training – Is it good for my career? https://advisera.com/27001academy/blog/2016/03/29/iso-27001-internal-auditor-training-is-it-good-for-my-career/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/ -
Quality policy in healthcare organization
Answer:
Requirements for quality policy are the same regardless of the type of business. The policy needs to be appropriate to the purpose and context of the organization and supports its strategic direction and to provide a framework for setting quality objectives. It needs to include commitment of the organization to satisfy applicable requirements and to continually improve the quality management system. The policy is usually written as a set of statements that address above mentioned requirements.
For more information about quality policy, see: How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/