Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Registering users

    ISO 27001 does not prescribe who must register users, so organizations can perform this task as they see fit for their needs.

    In a general way, information systems users are registered by IT personnel upon formal request from the system owner.

    This article will provide you with a further explanation about access control:

  • ISO 27001 Internal Auditor Certification

    1 - I would like to do the ISO 27001 Internal Auditor Certification from Advisera, however, I would like to know whether the certification exam will be based on ISO 27001:2013 or ISO 27001:2022 or both.

    The current certification exam for ISO 27001 Internal Auditor Certification will be based on ISO 27001:2013. The date from which the exam will be based on ISO 27001:2022 will be confirmed after the new version standard is released.

    For further information, see:

    2 - Also, we will be facing our 1st surveillance audit on June 13, 2022, my question is whether the newly added security controls will be checked by the auditor or it will be based on ISO 27001:2013 only.

    On the date you stated, the audit will be based only on ISO 27001:2013.

    For further information, see:

  • Toolkit content

    First is important to note that all mandatory, and some non-mandatory, documents are included. Documents related to Annex A controls can be found in folder 08 Annex A Security Controls.

    Please note that ISO 27001 does not require each control in Annex A to be implemented, only those deemed necessary as a result of risk assessments, legal requirements, or organizational decisions. To see the required documents by the standard, and the most common documents implemented to support an ISMS, please see this article: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/  

    The same concept applies to ISO 22301. For the ISO 22301 documents, please see: ISO 22301:2019 List of mandatory documents https://advisera.com/27001academy/knowledgebase/mandatory-documents-required-by-iso-22301/

    Our toolkits focus on small and mid-size companies, and that's the reason we do not write documents to cover each control of ISO 27001 Annex A – for those companies this large number of documents would result in overkill for many of them. Instead of that, a single template may cover multiple controls. 

    In the root folder of the toolkit, you'll find a document called “List of Documents” that explains which clauses and controls are covered by which document. 

    Regarding clauses or annexes, please note that the text of ISO 27001 itself is not included in the price - this needs to be purchased separately, however is not essential for the implementation (toolkit templates and related comments are all you need for the implementation).

  • Min number of employees necessary for lab to get 17025

    There is no minimum number, a single person laboratory can be accredited. As long as the Lab has the necessary personnel resources and competency to meet the ISO 17025 requirements.

  • Implementation controls

    I’m assuming you are referring to ISO 27002, the standard which provides guidance for the implementation of controls requirements defined in ISO 27001 Annex A.

    Considering that, please note that ISO 27002 is not mandatory to implement ISO 27001. ISO 27002 is usually used by consultants who want to learn more about the standard.

    This article will provide you with a further explanation of ISO 27001 and ISO 27002:

  • Annexure SL

    I’m assuming that by “Annexure SL” you mean “Annex SL”.

    Considering that, Annex SL is part of the document “ISO/IEC Directives, Part 1 - Procedures for the technical work”, and it can be found on the ISO site: https://www.iso.org/sites/directives/current/consolidated/index.xhtml#_idTextAnchor569

    The Annex SL is not part of any ISO Management System Standard. It only supports the definition of a common framework for their development, so common clauses between different management systems can be treated in a similar way.

    Considering that, ISO 27001:2022 will be compliant with Annex SL definitions.

    For further information, see:

  • 27001 question

    ISO 27001 can help your strategy by helping:
    - identify information security business and legal requirements that need to be fulfilled
    - identify and prioritize information security risks that need to be treated
    - develop information security controls to treat relevant risks

    For further information, see:
    - ISO 27001 Implementation Guide: Checklist of Steps, Timing, and Costs involved https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

    To see how documents compliant with ISO 27001 looks like, please take a look at our ISO 27001 Documentation Toolkit: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

  • Numbering system

    You asked

    I was hoping you could give advice on a numbering system for cross reference between the different documents ?

    The naming convention and file structure is up to you, guided by your document management system platform. We find the folder structure we use for the ISO 17025 toolkit works well for small to medium laboratories. You could as an alternative, if you prefer, use the clause numbers as a folder number, e.g 6.4 Equipment however this can become unclear when you combine procedure together that cover multiple clauses, e.g. the recommended Complaint_Nonconformity_and_Corrective_Action_Procedure. Either way use your Quality Manual and Procedures to cross reference and or hyperlink to your files. Also use the List of Documents and records registers for cross referencing and control.

    You also asked

    Also do you have experience with 510K application at the FDA ? I have a local manufacturer who is busy the process."

    If you are interested in requirements for Medical devices, please visit the Advisera ISO 13485 Academy at https://advisera.com/13485academy/ and ISO 13485 & EU MDR - Expert Advice Community from https://community.advisera.com/ The experts answer to the subject Differences between EU MDR and US FDA regulations may be of assistance. Available at https://community.advisera.com/topic/differences-between-eu-mdr-and-us-fda-regulations/ 

  • IATF ll electric vehicle

    1) IATF is required for electric vehicle manufacturing company?(2 wheeler)

    According to IATF 16949:2015 rules 5, no additional requirement has yet come for electric vehicles.

    As you know Automotive means for IATF rules ‘’ shall be understood to include the following: Passenger Cars, Light Commercial Vehicles, Heavy Trucks, Buses, Motorcycles, and to exclude the following: Industrial. Agricultural, Off-Highway (Mining, Forestry, Construction, etc.). Aftermarket parts are excluded.

    2) If IATF certification not taken by electric 2 wheeler manufacturing company than what will be the outcomes company will face it is growing?

    I think there will be additional requirements in the near future as the number of electric vehicles (for example electric cars) will increase.

    3) is there any standards or information available for 2 wheeler electric manufacturing industry?

    I don't know if there is a special standard for 2-wheeled vehicles, but I think the highway regulations should be valid. IATF rules apply to motorcycle manufacturers. If the motorcycle is electric; I think that those who produce parts for this vehicle can get an IATF certificate.

    4) Apart from IAF certification need for 2 wheeler electric vehicle?

    I think the highway regulations should be valid.

  • Data controllers

    The definition of the data controller as it is presented in Article 4 GDPR – Definitions – is the following: “natural or legal person, […] which, alone or jointly with others, determines the purposes and means of the processing of personal data”. European Data Protection Board in its Guidelines 07/2020 on the concepts of controller and processor in the GDPR states the following related to the “determines” building block in the definition: << A controller is a body that decides certain key elements about the processing. This controllership may be defined by law or may stem from an analysis of the factual elements or circumstances of the case. One should look at the specific processing operations in question and understand who determines them, by first considering the following questions: "why is this processing taking place?” and “who decided that the processing should take place for a particular purpose?”>>

    So the questions you need to ask are “who designed the questionnaires”, “who benefits from the answers in the questionnaires”, “who decides what happens with the personal data in the questionnaires”, etc. If these entities have some degree of autonomy/ independence, then they are controllers or joint controllers. If they just provide forwarding service for other entities, then they should be considered processors.

    Please also consult these links:
Page 96-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +