Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Importance of CIA aspects
Answer: There is no general single answer, since the impacts on information security confidentiality, integrity, or availability for each asset in your scope will vary depending upon the considered threats, which are to be identified during risk assessment. For example, for the asset "research and development information" the threat "fire" will have availability as the aspect most affected, while for the threat "unintentional change of data" the integrity is the most affect aspect.
This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISO 27018 implementation
ISO 27018 offers details on how to implement privacy controls on cloud environments, considering the controls from ISO 27001 Annex A, so in truth you can use the same process used to implement ISO 27001, and only complement the standard requirements, and controls you identify as relevant, with the recommendations from ISO 27018.
Regarding ISO 27001 implementation, I suggest you to take a look at these free materials:
- Project proposal for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint
- Project plan for ISO 27001 / ISO 22301 implementation https://info.advisera.com/27001academy/free-download/project-plan-for-iso-27001-iso-22301-implementation
- Diagram of ISO 27001:2013 Implementation https://info.advisera.com/27001academy/free-download/diagram-of-iso-27001-implementation-process
- Project checklist for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation
This article will provide you further explanation about ISO 27018:
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Verification of Product in ISO 9001
Answer:
The purpose of the product verification is to check whether the received product is compliant to the requirements for the product. Depending on the properties of the product, different measurements can be conducted to determine whether it complies to the requirements, it can be measuring dimensions, weight, etc.
For more information, see: Purchasing in QMS – The Process & the Information Needed to Make it Work https://advisera.com/9001academy/blog/2014/03/18/purchasing-qms-process-information-needed-make-work/ -
Capacity Management GAP analysis
Answer:
Please use our GAP analysis tools for ITIL i.e. ISO 20000. There are some differences in questionnaire, please suit it to your needs.
You can find them here:
ITIL https://advisera.com/20000academy/itil-iso-20000-tools/itil-gap-analysis-tool/
ISO 20000 https://advisera.com/20000academy/itil-iso-20000-tools/iso-20000-gap-analysis-tool/ -
Documentation requirements of clause 4.1, 4.2 and 6.1
Answer:
Clauses 4.1 and 4.2 of ISO 14001:2015 do not require any document to be made. Clause 6.1 requires organization to document risks and opportunities to be addressed and this can be done in a form of register. This register can be merged with one for environmental aspects but it would be better if it is separate register because the scope of assessment of environmental aspects and risks and opportunities is different. For more information, see: ISO 14001 risks and opportunities vs. environmental aspects https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/ -
Interpretation of risks in ISO 14001
Answer:
By definition from ISO 14001, the risk is effect of uncertainty . The standard requires organization to identify and address risks and opportunities regarding environmental aspects, compliance obligations and other issues emerging from context of the organization.
The purpose of addressing risks and opportunities is to give assurance that the EMS (Environmental Management System) can achieve its intended outcomes, prevent, or reduce, undesired effects, including the potential for external environmental conditions to affect the organization and achieve continual improvement.
For more information about risks and opportunities, see: Risks and opportunities in ISO 14001:2015 – What they are and why they are important https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/ -
Qualifications of OHSAS 18001 internal auditor
Answer:
OHSAS 18001 doesn't define the qualification of internal auditor and it doesn't require internal auditors to attend internal auditor training, not even from the CB. The only requirement regarding the internal auditor is to ensure objectivity and impartiality of the audit process (clause 4.5.5).
For more information about internal audit, see: How to perform internal audits in OHSAS 18001 https://advisera.com/18001academy/blog/2015/09/23/how-to-perform-internal-audits-in-ohsas-18001/ -
Risk assessment details
Answer: The level of details to be included in a risk assessment will depend upon the context of the organization. The industry where the organization operates, the laws and regulations which it must comply, and the complexity of its products and services are the main aspects that will define which details you should consider. For example, aviation industry requires a high level of security, and risk details should provide enough information so the risks can be properly handled.
2 - Which is the easiest risk tools for beginner?
Answer: We have a Risk Assessment Toolkit which covers the essential steps to perform a risk assessment in a easy and uncomplicated way. You can see a free demo through this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/
Additionally, you may take a look at our Free ISO 27001 Gap Analysis Tool in this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
These articles will provide you further explanation about risk assessment:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISO 27001 and SOC
Answer: While SOC has the purpose to assist in reporting to customers that an organization has met established security criteria, ISO 27001 assists an organization in a broader way, by providing a framework which helps to ensure security criteria and controls that are established according organizations needs, and that they are properly verified and improved over the time. So, in a way, SOC is covered by ISO 27001, and you might tell them that by adopting ISO 27001 they will not only cover the reporting aspects of SOC but also will be able to justify any adjustments required by the business needs as well as respond properly to changes in the risk scenario and ineffective controls.
This article will provide you further explanation about ISO 27001 benefits:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
These mat erials will also help you regarding ISO 27001 Benefits:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/