Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11277 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

ISO 27001 business value

Answer: We may say ISO 27001 can provide business values in the following aspects: compliance, marketing edge, expenses decreasing and strengthening of the internal structure. That being said, the following articles may provide you examples about business value that can be achieved with ISO 27001:

- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- ISO 27001 Case study for data centers: An interview with Goran Djoreski https://advisera.com/27001academy/blog/2013/10/29/iso-27001-case-study-for-data-centers-an-interview-with-goran-djoreski/
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
- How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799- complement-each-other-in-health-organizations/
- How can ISO 27001 help protect your company against ransomware? https://advisera.com/27001academy/blog/2016/11/14/how-can-iso-27001-help-protect-your-company-against-ransomware/

These materials will also help you regarding identification or ISO 27001 business value:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
ISO 27001-22301 Integration

Answer: Considering the content of ISO 27013, there is no ISO similar document regarding integration of specific aspects of ISO 27001 (risk assessment and treatment) and ISO 22301 (business impact analysis and business continuity plans), but since both standards follow the same structure, based on ISO Annex SL, their management aspects (e.g., document control, internal audit, management review, etc.) are practically the same, which makes the integration job easier.

These articles will provide you further explanation about ISO 27001/ISO 22301 integration:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continui ty-in-iso-27001/

These materials will also help you regarding ISO 27001/ISO 22301 integration:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Free webinar - ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
Importance of CIA aspects

Answer: There is no general single answer, since the impacts on information security confidentiality, integrity, or availability for each asset in your scope will vary depending upon the considered threats, which are to be identified during risk assessment. For example, for the asset "research and development information" the threat "fire" will have availability as the aspect most affected, while for the threat "unintentional change of data" the integrity is the most affect aspect.

This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
ISO 27018 implementation
ISO 27018 offers details on how to implement privacy controls on cloud environments, considering the controls from ISO 27001 Annex A, so in truth you can use the same process used to implement ISO 27001, and only complement the standard requirements, and controls you identify as relevant, with the recommendations from ISO 27018.
Regarding ISO 27001 implementation, I suggest you to take a look at these free materials:
- Project proposal for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint
- Project plan for ISO 27001 / ISO 22301 implementation https://info.advisera.com/27001academy/free-download/project-plan-for-iso-27001-iso-22301-implementation
- Diagram of ISO 27001:2013 Implementation https://info.advisera.com/27001academy/free-download/diagram-of-iso-27001-implementation-process
- Project checklist for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation
This article will provide you further explanation about ISO 27018:
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Verification of Product in ISO 9001

Answer:

The purpose of the product verification is to check whether the received product is compliant to the requirements for the product. Depending on the properties of the product, different measurements can be conducted to determine whether it complies to the requirements, it can be measuring dimensions, weight, etc.

For more information, see: Purchasing in QMS – The Process & the Information Needed to Make it Work https://advisera.com/9001academy/blog/2014/03/18/purchasing-qms-process-information-needed-make-work/
Capacity Management GAP analysis

Answer:
Please use our GAP analysis tools for ITIL i.e. ISO 20000. There are some differences in questionnaire, please suit it to your needs.
You can find them here:
ITIL https://advisera.com/20000academy/itil-iso-20000-tools/itil-gap-analysis-tool/
ISO 20000 https://advisera.com/20000academy/itil-iso-20000-tools/iso-20000-gap-analysis-tool/
Documentation requirements of clause 4.1, 4.2 and 6.1

Answer:

Clauses 4.1 and 4.2 of ISO 14001:2015 do not require any document to be made. Clause 6.1 requires organization to document risks and opportunities to be addressed and this can be done in a form of register. This register can be merged with one for environmental aspects but it would be better if it is separate register because the scope of assessment of environmental aspects and risks and opportunities is different. For more information, see: ISO 14001 risks and opportunities vs. environmental aspects https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
Interpretation of risks in ISO 14001

Answer:

By definition from ISO 14001, the risk is effect of uncertainty . The standard requires organization to identify and address risks and opportunities regarding environmental aspects, compliance obligations and other issues emerging from context of the organization.

The purpose of addressing risks and opportunities is to give assurance that the EMS (Environmental Management System) can achieve its intended outcomes, prevent, or reduce, undesired effects, including the potential for external environmental conditions to affect the organization and achieve continual improvement.

For more information about risks and opportunities, see: Risks and opportunities in ISO 14001:2015 – What they are and why they are important https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
Qualifications of OHSAS 18001 internal auditor

Answer:

OHSAS 18001 doesn't define the qualification of internal auditor and it doesn't require internal auditors to attend internal auditor training, not even from the CB. The only requirement regarding the internal auditor is to ensure objectivity and impartiality of the audit process (clause 4.5.5).

For more information about internal audit, see: How to perform internal audits in OHSAS 18001 https://advisera.com/18001academy/blog/2015/09/23/how-to-perform-internal-audits-in-ohsas-18001/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11277 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

ISO 27001 business value

ISO 27001-22301 Integration

Importance of CIA aspects

ISO 27018 implementation

Verification of Product in ISO 9001

Capacity Management GAP analysis

Documentation requirements of clause 4.1, 4.2 and 6.1

Interpretation of risks in ISO 14001

Qualifications of OHSAS 18001 internal auditor

Didn’t find an answer?