Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11268 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Operation controls beyond the company's power

Answer:

ISO 14001 states that you need to apply controls to the level possible so in case that you mentioned you can print instruction for the product disposal so your customers can dispose it properly. You can state users manual as an operational control for this life-cycle stage.

For more information about life-cycle perspective, see: How does product life cycle influence environmental aspects according to ISO 14001:2015? https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
ISO 27001 transition period

Answer: Since ISO 27001:2005 was withdrawn on October 1st, 2015, any certifications against this version of the standard are no longer valid from that date forward. So, unfortunately, your certification is no valid any more.

This article will provide you further explanation about transition to ISO 27001 2013:
- How to make a transition from ISO 27001 2005 revision to 2013 revision https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/

These materials will also help you regarding transition to ISO 27001 2013:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Auditor formation

1 - Being a non technical person, is it possible for a person to become an ISO 27001/2013 auditor?

Answer: Yes. ISO 27001 main focus is management practices (e.g., planning, performance evaluation, etc.), so it does not require deeper technical knowledge to perform an audit, only knowledge of basic concepts (e.g., identification, authentication and authorization for access controls).

2 - Any prior experience is required in order to become an auditor?

Answer: To become an internal auditor no prior experience is required, but if you desire to become a lead auditor it's a good thing to have some previous experience in auditing, and if y ou aim to become a certification auditor, definitely you will have to demonstrate audit experience.

3 - Where to start from?

Answer: You can start with an internal auditor course to know the basics of performing an ISO 27001 audit, or go right to an lead auditor course if you want to go deeper and know about planning audit programs and plans.

These materials will also help you regarding auditor formation:
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/

This article will provide you further explanation about auditor formation:
- ISO 27001 Internal Auditor training – Is it good for my career? https://advisera.com/27001academy/blog/2016/03/29/iso-27001-internal-auditor-training-is-it-good-for-my-career/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
- How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
Excluding clause 7.6 from ISO 9001:2008
Alternatively please provide me with all the exclusion clauses in order to study them and see which one is applicable to our company.

Answer:
I assume you are asking about ISO 9001:2008 because ISO 9001:2015 doesn't have clause 7.6. If you want to exclude clause 7.6 Control of monitoring and measuring equipment, you need to provide justification for the exclusion and that can be your company doesn't use monitoring and measuring equipment in its processes. In 2008 version of the standard you can exclude practically any requirement from clause 7, here are some suggestions:
- 7.3 Design and development
- 7.5.2 Validation of processes for production and service provision
- 7.5.3 Identification and traceability
- 7.5.4 Customer property

For more information, see: What is an acceptable exclusion in Clause 7 of ISO 9001? https://advisera.com/9001academy/blog/2015/03/24/what-is-an-acceptable-exclusion-in-clause-7-of-iso-9001/
Calculating risk score

Answer:

In order to calculate likelihood or severity, you need to determine the criteria for them. This means that you need to define the scale and explain how each value is assigned. For example for likelihood you can have the scale from 1 to 5 where one is the least likelihood and 5 is the most. Value 1 will represent the occurrence of the events 1 in ten years and 5 will be for daily occurrence, and of course you need to define all the values in between.

Another very important point regarding hazards in OHSAS 18001 is that you can relay on the hazard evaluation or assessment conducted by some authorized organization. In many countries the companies are obliged by the law to assess work place hazards and you can refer to this assessment if your company has already performed it.

For more information, see: How to identify and classify OH&S hazards https://advisera.com/18001academy/blog/2015/05/14/how-to-identify-and-classify-ohs-hazards/
ISO 22301 and ISO 27001 projects

Answer: You can make use our following free tool to get an estimate about the time for implementation of your both projects:
ISO 27001 / ISO 22301 Implementation Duration https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/

These materials will provide you further explanation about how budget your implementation costs (they are focused on ISO 27001, but the aspects can be used for an ISO 22301 implementation as well):
- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project
- How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/

These books will provide you further explanation about how budget your implementation costs:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
ISO 27003

Answer: ISO 27003 refers to aspects needed for successful design and implementation of an Information Security Management System, but it is not a mandatory requirement for ISO 27001 implementation. You can think of it as a supporting tool, which will help you to better plan your implementation project, but you should consider these points:
1) ISO 27003 is very difficult to read - definitely not for beginners
2) Last version of ISO 27003 was published in 2010, i.e. before ISO 27001:2013 was published - therefore, it is not cover the changes of the current ISO 27001:2013

This article will provide you further explanation about ISO 27001 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How to address main concerns with ISO 27001 implementation https://advisera.com/27001academy/blog/2013/10/22/how-to-address-main-concerns-with-iso-27001-implementation/
- How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/

These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free webinar - ISO 27001: An overview of the ISMS implementation process https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Verification audit

Answer: Rules for the certification audits for all ISO standards are the same: there needs to be at least one surveillance audit every 12 months. Verification audits are used only if you failed the Stage 2 audit, and the auditor needs to check whether you have closed a major nonconformity.

The 12 month period should start with the date of the completion of the last audit, but it would be best if you check this information with a certification body.

See also these articles:
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- Major vs. minor nonconformities in the certific ation audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
- ISO 27001 Certification: What’s next after receiving the audit report? https://advisera.com/27001academy/blog/2015/05/18/iso-27001-certification-whats-next-after-receiving-the-audit-report/

This book also explains a lot about the process: Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
ISO 9001:2015 guidance for transition

Answer:

The best way to start with the transition is to get familiar with requirements of the ISO 9001:2015. I suggest you to take a look at our free ISO 9001:2015 Foundation online course https://advisera.com/training/iso-9001-foundations-course/

The next step is to conduct gap analysis to determine to what level your company is already compliant with the standard and what needs to be done to achieve full compliance. Here you can find our free ISO 9001:2015 GAP Analysis tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/ When you determine the gaps, you can develop project plan and distribute responsibilities for developing new documents and updating the old ones, as well as updating the processes to meet the requirements of the standard. Here is one whitepaper that can be helpful to you ISO 9001:2015 benefits of early transition https://info.advisera.com/9001academy/free-download/iso-90012015-benefits-of-early-transition
ISO 27001 business case template

Answer: Generally speaking, an ISO 27001 business case would cover these four benefits: assured compliance, enhanced marketing edge, decreased expenses, and improved organizational structure. You can see more detailed information in this article: Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/ .

In our free material you can find these two templates that present a general framework to organize the information needed to present a business case:
- Project proposal for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint
- Project proposal for ISO 27001 / ISO 22301 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-iso-22301-implementation-msword

Additionally, the book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own (https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/) presents 10 case studies in chapter 14 that also can help you build your own.

This materials will also help you regarding ISO 27001 business case template:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- Free webinar ISO 27001 benefits: How to obtain management support https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/
- Free webinar ISO 27001 benefits: How to obtain management support https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11268 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Operation controls beyond the company's power

ISO 27001 transition period

Auditor formation

Excluding clause 7.6 from ISO 9001:2008

Calculating risk score

ISO 22301 and ISO 27001 projects

ISO 27003

Verification audit

ISO 9001:2015 guidance for transition

ISO 27001 business case template

Didn’t find an answer?