Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
In which step of ISO implementation to write documents
Answer: The ISO 27001 documentation is written in almost all steps of the implementation - these articles will help you:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
Further, this free online training explains all the implementation steps: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Addressing clause 8.4 .3 d)
Answer:
The clause 8.4.3 d) requires organization to communicate to external providers its requirements for the external provider's interaction with the organization. This includes way of communication, way the product or service will be delivered by the provider, etc. This requirements are usually documented in contract or verbally between the organization and the external provider since documented information for this requirement is not mandatory.
For more information, see: How to control outsourced processes using ISO 9001 https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/ -
Management in ISO 27001 / ISO 22301
Answer:
I am sorry but I am not sure what you mean. Anyway, with ISO 27001 you can manage the information security, and with ISO 22301 you can manage the business continuity. So, if your question is about how to manage the information security, basically you can implement ISO 27001, and this article can help you to do it “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Regarding how to manage the business continuity, you can implement ISO 22301, and this article can help you “17 steps for implementing ISO 22301” : https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/
Furthermore, if you need more information about what is ISO 27001 and ISO 22301, these resources can help you :
“What is ISO 27001?” : https://advisera.com/27001academy/what-is-iso-27001/
“What is ISO 22301?” : https://advisera.com/27001academy/what-is-iso-22301/
Finally, these materials will help you to learn more about the management in ISO 27001 and ISO 22301:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ -
Risk analysis for a pharmaceutical company
Answer:
I am not sure if your requirement is about information security risks, because you can also have financial risks, environmental risks, etc. ISO 31000 can help you to develop your own methodology for all risks (information security, financial, etc). So this methodology, aligned with ISO 31000 can be interesting for you “Risk Assessment and Risk Treatment Methodology” : https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
And this article can be also interesting for you “ISO 31000 and ISO 27001 - How are they related?” : https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
This article can be also interesting for you if you want to write your own methodology according to ISO 27001 “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
Finally, these materials will help you to know more about the risk management methodology:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ -
Get the certification
Answer:
Basically our recommendation is that you need to implement controls for major risks, and accept all the other risks that are not treated with controls. So, if you have major risks related to some of these 40 controls, you need to implement them (or accept risks) to avoid problems during the certification audit.
Furthermore you need to perform all steps related to the implementation of the standard (development of mandatory documents, the management review, the internal audit, corrective actions, etc). After this, you should get the certification after the treatment of the final findings of the final report.
This article can be intere sting for you “Becoming ISO 27001 certified - How to prepare for certification audit” : https://advisera.com/27001academy/iso-27001-certification/
And also this one “How to get certified against ISO 27001?” : https://advisera.com/27001academy/blog/2010/02/15/how-to-get-certified-against-iso-27001
And also this one “Infographic: The brain of an ISO auditor - What to expect at a certification audit” : https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/
Finally, these materials will help you to know more about the certification of ISO 27001:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ -
IT experience
The more certificates you have, and the more useful knowledge you have, the higher chances is that you'll find a job.
How to get experience - this heavily depends on the market where you work. -
From which country should the certification body be?
Answer: You should select a certification body from your country that has the license (i.e. the accreditation) to work in your country. There are several factors you should take into account when selecting a certification body, please read this article: How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/ -
Auditing ISO 9001 and ISO 27001
Answer:
Auditing of ISO 9001 and ISO 27001 can be done according to the same procedure since the requirements for planning and conducting the audit are the same as well as the records needed to meet requirements of both standards. The only thing that is different is the audit criteria, in first case it is ISO 9001 and in the other it s ISO 27001.
For more information, see: How to integrate ISO 9001 and ISO 27001 https://advisera.com/9001academy/blog/2016/09/27/how-to-integrate-iso-9001-and-iso-27001/ -
Implementing ISO 9001 and ISO 14001 and getting the employees on board
2. HOW TO OVERCOME WITH IMPLEMENTATION PROCESS OF ISO FROM NEGATIVE NOTION OF THE EMPLOYEES WHOP ARE OVER BUR DON WITH WORK.
Answer:
1. The best way to start implementing integrated management system according to ISO 9001 and ISO 14001 is by identifying common requirements of both standards and incorporating those findings into the project plan for the implementation. This way you will save the time and effort, avoid doubling the steps or missing something out. For more information, see: How to integrate ISO 14001 and ISO 9001 https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/
2. Employees often resist to changes and this often happen when implementing standard. You will need to explain them that the standards will benefit the company and the additional tasks won't be so numerous. If you manage to implement the standard in a way that is most adequate to your compa ny, the standards won't represent a bureaucratic burden but a powerful tool that will help you improve the company. For more information, see: What are the benefits of ISO 9001 for your employees? https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/ -
Preventive Action
Yes, you can still use the preventive actions as a part of the QMS but they will be redundant since you will have a new process for addressing risks and opportunities.