Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Capacity Management GAP analysis
Answer:
Please use our GAP analysis tools for ITIL i.e. ISO 20000. There are some differences in questionnaire, please suit it to your needs.
You can find them here:
ITIL https://advisera.com/20000academy/itil-iso-20000-tools/itil-gap-analysis-tool/
ISO 20000 https://advisera.com/20000academy/itil-iso-20000-tools/iso-20000-gap-analysis-tool/ -
Documentation requirements of clause 4.1, 4.2 and 6.1
Answer:
Clauses 4.1 and 4.2 of ISO 14001:2015 do not require any document to be made. Clause 6.1 requires organization to document risks and opportunities to be addressed and this can be done in a form of register. This register can be merged with one for environmental aspects but it would be better if it is separate register because the scope of assessment of environmental aspects and risks and opportunities is different. For more information, see: ISO 14001 risks and opportunities vs. environmental aspects https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/ -
Interpretation of risks in ISO 14001
Answer:
By definition from ISO 14001, the risk is effect of uncertainty . The standard requires organization to identify and address risks and opportunities regarding environmental aspects, compliance obligations and other issues emerging from context of the organization.
The purpose of addressing risks and opportunities is to give assurance that the EMS (Environmental Management System) can achieve its intended outcomes, prevent, or reduce, undesired effects, including the potential for external environmental conditions to affect the organization and achieve continual improvement.
For more information about risks and opportunities, see: Risks and opportunities in ISO 14001:2015 – What they are and why they are important https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/ -
Qualifications of OHSAS 18001 internal auditor
Answer:
OHSAS 18001 doesn't define the qualification of internal auditor and it doesn't require internal auditors to attend internal auditor training, not even from the CB. The only requirement regarding the internal auditor is to ensure objectivity and impartiality of the audit process (clause 4.5.5).
For more information about internal audit, see: How to perform internal audits in OHSAS 18001 https://advisera.com/18001academy/blog/2015/09/23/how-to-perform-internal-audits-in-ohsas-18001/ -
Risk assessment details
Answer: The level of details to be included in a risk assessment will depend upon the context of the organization. The industry where the organization operates, the laws and regulations which it must comply, and the complexity of its products and services are the main aspects that will define which details you should consider. For example, aviation industry requires a high level of security, and risk details should provide enough information so the risks can be properly handled.
2 - Which is the easiest risk tools for beginner?
Answer: We have a Risk Assessment Toolkit which covers the essential steps to perform a risk assessment in a easy and uncomplicated way. You can see a free demo through this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/
Additionally, you may take a look at our Free ISO 27001 Gap Analysis Tool in this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
These articles will provide you further explanation about risk assessment:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISO 27001 and SOC
Answer: While SOC has the purpose to assist in reporting to customers that an organization has met established security criteria, ISO 27001 assists an organization in a broader way, by providing a framework which helps to ensure security criteria and controls that are established according organizations needs, and that they are properly verified and improved over the time. So, in a way, SOC is covered by ISO 27001, and you might tell them that by adopting ISO 27001 they will not only cover the reporting aspects of SOC but also will be able to justify any adjustments required by the business needs as well as respond properly to changes in the risk scenario and ineffective controls.
This article will provide you further explanation about ISO 27001 benefits:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
These mat erials will also help you regarding ISO 27001 Benefits:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISO 27001 implementation project
Answer: The main point you should consider to include or not the business process description and scoping as a deliverable in your ISO implementation is if there are other projects or initiatives under way, or in the near future, that will require business process description and scoping (e.g., a information system development, or processes' re-engineering). Depending upon the scope of these other projects, it may be better to treat business process description and scoping as a separated project that will provide input for your ISO implementation. If this is not the case, you may include the business process description and scoping as a deliverable in your project, reducing the administrative load to run two projects. This article will provide you further explanation about ISO 27001 project: - ISO 27001 project – How to make it work https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/ These materials will also help you regarding ISO 27001 project: - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Financial benefits of ISO 27001
Some examples of how the right kind of software can help decrease operational costs are:
- increasing the number of automatized activities (i.e., fewer people required to perform the same number of tasks)
- improving response time to handle incidents or deviations in processes results (by means of monitoring features)
- providing information for decision making (by means of standard or customized reports and dashboards)
For further information, see:
- When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/
-
ISO 27001 awareness material
Answer: Sure. We do have a free download presentation called "Why ISO 27001 – Awareness presentation" you can access through this link: https://info.advisera.com/27001academy/free-download/why-iso-27001-awareness-presentation .
Additionally, you could check this article about topics for ISO 27001 awareness presentations:
- 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/
These materials will also help you regarding topics for ISO 27001 awareness presentations:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/