Search results

Home / Search

Category:
Select
Select

11268 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • PCI DSS documents and standards


    Answer: PCI DSS documents and standards can be found at PCI's Document Library page (https://www.pcisecuritystandards.org/document_library). In this page you can find specifications, tools and other resources to help securely handle cardholder information.

    2) Do we need to purchase it ?

    Answer: PCI DSS standards are free of charge, but you have to accept a license agreement in order to download them. Other PCI DSS related documents (e.g., supporting documents, reporting templates and FAQs you can download normally.

    These articles will provide you further explanation about PCI DSS:

    - PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences - https://advisera.com/27001academy/knowledgebase/pci-dss/
    - PCI-DSS vs. ISO 27001 Part 2 – Implementation and Certification - https://advisera.com/27001academy/knowledgebase/pci-dss/

  • Implementing ISO 27001 polices


    Answer: I assume you are referring to Information Security Policy. Like other policies, a successful information security policy implementation involves properly aligning it with your needs (e.g., requirements and objectives), writing it in a clear and understandable way, and ensuring it is communicated to, understood by, all who needs to follow it.

    This article will provide you further explanation about policy implementation: Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//

    These materials will also help you regarding policy implementation :
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
    Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course
    https://advisera.com/training/iso-27001-foundations-course/

  • Good Documentation Practice - GDocP


    But I cannot find a direct link to them. Is this a completely separate thing from ISO? Does a separate body do the auditing and registration for this?

    Answer:

    Good documentation practice (commonly abbreviated GDP, recommended to abbreviate as GDocP to distinguish from "good distribution practice" also abbreviated GDP) is a term in the pharmaceutical industry to describe standards by which documents are created and maintained. GDocP has a lot of similar requirements as ISO 9001 but they have a lot of additional requirements and ISO 9001 would not be enough to cover GDocP.

    GDocP is published by FDA (U.S. Food and Drug Administration) and WHO (World Health Organization) and it is not related to ISO, so other independent bodies are conducting the audit and they are called GMP regulators.

  • SOP for threats and vulnerability assessment


    Answer: In ISO 27001 implementation, the procedure for implementing threats and vulnerabilities assessment (together with the rest of risk assessment) is usually written in the Risk assessment methodology - you can see a sample here: https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/

    You'll find these articles also useful:
    - How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
    - ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

  • Why are some documents mandatory?


    Answer: I assume you're referring to controls A.8.1.1 and A.8.2.1 - ISO 27001 defines what must be documented by saying "documented" or some similar expression. In case of A.8.1.1 it says "... an inventory of these assets shall be drawn up..." whereas A.8.2.1 doesn't say anything about documenting.

    This article will provide you further explanation: Explanation of the basic terminology in ISO standards https://advisera.com/27001academy/blog/2015/01/12/explanation-of-the-basic-terminology-in-iso-standards/

  • Where to start with the transition

    FYI in my company, there are 30 procedure adopt by 9001:2008 version, for all procedure WI and etc.have we to change it?
    And can you describe to me, the responsibility for MR in 2015 version? Have we show his sign for all procedure for evidence that he approve the procedure?

    Answer:

    The best way to start the transition (transition is when you have implemented one version of the standard and you need to adapt your system to new version of the standard) is to get familiar with the requirements of 2015 version of ISO 9001 and audit your system against the new version to determine to what level your existing system is compliant with the standard and what needs to be done to achieve full compliance. For more information about the transition steps, see: How to make the transition from ISO 9001:2008 revision to the 2015 revision https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/

    You do not have to change all procedures, but they all need to be reviewed to determine what needs to be changed, some will suffer more changes than others but the transition doesn't mean that you need to change your entire documentation. To learn more about requirements regarding the QMS documentation, see: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

    MR is no longer a mandatory role in QMS, sou you can choose to keep it as a role and in that case nothing changes or you can spread his or her responsibilities across process owners in the company. For more information, see: What will be the destiny of the management representative in the new ISO 9001:2015? https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/

  • Content of a manual


    Answer:

    What you call a manual is usually refereed as a procedure. There are no explicit requirements regarding the content or style but there are some usual elements that procedures contain. There is usually a section about purpose, scope and users of the procedure, reference documents and records to be used based on the procedure. Beside these elements the procedure contains descriptions of the activities included in the process as well as responsibilities. If you want to find out more about writing a QMS procedure, see: 7 steps in writing QMS policies and procedures for ISO 9001 https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/

    Human resource procedure will include, beside above mentioned elements, description on how your company identifies needs for competence and how it plans and conducts training in order to achieve these competence requirements as well as responsibiliti es and records used in the process. To learn more about ISO 9001 requirements regarding human resources, see: How to ensure competence and awareness in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/

  • Change window

    - is it Change implementation + Back Out + Validation and Testing
    - or Pre Implementation + change Implementation + Back Out + validation testing
    - or change Planning + pre Implementation + change Implementation + Back Out + validation testing

    The answer:
    Change window is agreed time when changes i.e. releases may be implemented. Guiding idea is to make minimal impact on services i.e. that's how change window should be planned. This means that change window will encompass change implementation. Back-out procedure should be in scope of change window in a way that you define threshold until you invoke back-out procedure. For example, if your change window is 4 hours, you can define that back-out procedure will be activated after 3 hours have passed. Of course, if 1 hour is enough for back-out procedure.
    Following articles will give good overview of Change Management:
    - How to measure Change Management efficiency according to ITIL https://advisera.com/20000academy/blog/2016/10/11/how-to-measure-change-mana gement-efficiency-according-to-itil/
    - ITIL V3 Change Management – at the heart of Service Management https://advisera.com/20000academy/knowledgebase/itil-v3-change-management-at-the-heart-of-service-management/
    - Elements of Change Management in ITIL https://advisera.com/20000academy/blog/2013/04/23/elements-change-management-itil/

  • Cost of the certification audit; managing ISO documents


    Answer: This cost depends primarily on (1) size of the audited company and (2) local price of the auditor. Size of the company is determined through number of employees, so for a company of 50 employees, for ISO 27001 certification audit around 8 man/days will be needed for the audit. The price of man/day differs from country to country, this is something you should ask locally.

    Read also: How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

    2.Is there any automated system in place to manage the ISO documents and make sure they are up-to-date?

    Sure, you can use Conformio, our online ISO tool: https://advisera.com/conformio/
Page 966-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +