Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27018 and EU PDPR


    Answer:
    The thoguth about go for ISO 27001 certification bringing some parts of ISO 27018 is the correct one, since ISO 27018 is not certifiable.

    Concerning EU GDPR, ISO 27018 can really help to accomplish compliance, mainly with chapter IV:

    Chapter II (principles): basic orientation to application of controls
    Chapter III (rights of the data subject): ISO 27018 clauses can be applied in terms of service
    Chapter IV (controller and processor: controls and procedures can make use of ISO 27018 recommendations. Clause 32 is of special interest.
    Chapter V (transfer of personal data to third countries or international organisations): ISO 27018 clauses can be applied in terms of service.
    Chapter VI (independent supervisory authorities): ISO 27018 clauses can be applied in terms of service
    Chapter VII (cooperation and consistency): ISO 27018 clauses can be applied in terms of service
    Chapter IX (specific data processing situations): controls and procedures can make use of ISO 27018 recommendations.

  • Document labeling

    For printed documents, yes.

  • BYOD policy


    Answer:
    Generally companies have an unique BYOD (Bring Your Own Device) policy that establishes rules about the use of personal devices (smartphones, tablets, etc.) in the network or the IT infrastructure of the company.

    Anyway, this document is not mandatory in ISO 27001, although can be a best practice. This article can help you to write a BYOD policy “How to write an easy-to-use BYOD policy compliant with ISO 27001” : https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/

    And also this article can help you to know more about the mandatory documents (and non mandatory) in ISO 27001 ”List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

    And maybe out template can be also interesting for you (you can see a free version clicking on “Free demo” tab) “Bring Your Own Device (BYOD) P olicy” : https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/

    Finally, these materials will help you to know more about the ISO 27001 and the BYOD policy:
    - free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • Risk management and different standards

    So could you please providing me by the requirement of risk management in each standard
    I am looking for word to get your reply as soon as possible.

    Answer:

    Non of the standard you mentioned requires risk management, they only require risk assessment and ISO 9001 doesn't even require risk assessment. Here is what each of the standards require:

    ISO 9001 - addressing risks and opportunities - meaning that you need to identify risks and opportunities regarding the QMS and take actions to address them. It doesn't require developing methodology for addressing risks and opportunities neither procedures and records. For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

    ISO 14001 - addressing risks and opportunities and identification and evaluation of environmental aspects - requirements for risks and opportunities are the same as for ISO 9001 but you need to focus on environmental aspects and compliance obligation in addition to context of the organization. For more information, see: Risks and opportunities in ISO 14001:2015 – What they are and why they are important https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/

    On the other hand, identification and evaluation of environmental aspects require organization to establish criteria for determining significant environmental aspects. For more information, see:
    - ISO 14001 risks and opportunities vs. environmental aspects https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
    - 4 steps in identification and evaluation of environmental aspects https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/

    - ISO 22000 - hazard analysis - the standard requires hazard analysis regarding food safety and for this purpose it require organization to conduct HACCP (Hazard Analysis and Critical Control Points) analysis. Again, this is only risk assessment methodology but not requirement for the full risk management.

    - ISO 13485 and ISO/TS 16949 - FMEA - this two standards require organization to conduct FEMA (Failure Mode Effect Analysis) risk assessment methodology for production, purchasing and design process. For more information, see:
    - ISO 9001 vs. ISO 13485 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/
    - ISO 9001 vs ISO/TS 16949 https://advisera.com/9001academy/blog/2014/10/01/iso-9001-vs-isots-16949/

    - ISO 50001 doesn't even mention risks or hazards and it has completely different to establishing management system.

  • How to implement ISO 9001

    No, SWOT analysis can be used during definition of the context and addressing risks and opportunities but it is not mandatory. If you decide to apply SWOT analysis, you can do it at the beginning of the implementation and there is no need to apply it at every implementation step.

  • ISO 9001 implementation


    Answer:

    In order to implement ISO 9001, you need to conduct the GAP analysis first to determine to what extent your company already meets requirements of the standard (Here you can find free GAP analysis tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/). Once you determine what requirements are left to fulfill, you need to develop project plan for the implementation and define activities, responsibilities and deadlines for the project. Here you can find free Project Plan for ISO 9001 implementation https://advisera.com/9001academy/free-downloads//

    Once you implement all retirements of the standard, you need to conduct internal audit and management review to make sure that you are fully compliant with the standard. Then you can hire certification body to conduct the audit and issue you the certificate. For more information, see: Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/

  • Context and risks and opportunities in ISO 9001


    ISO 9001:2015 requires that the company identify a risk management plan, does this plan fall in as a QMS or safety and health?

    Answer:

    I'm not sure if I understand the question but, beside interested parties and definition of the scope you need to consider internal and external issues relevant to your company QMS. For example, internal issues can be organizational structure, organization culture, resources needs, etc. while external issues might be condition on the market, availability of raw materials, tax policy of the company, etc. For more information, see: How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/

    ISO 9001 does not require risk management plan or any other document regarding risks. It only requires risks and opportunities to be identified and addres sed and to monitor and evaluate effectiveness of the actions taken to address risks and opportunities. It shouldn't be mixed with occupational health and safety or environmental risks since its focus is on quality and there is no requirement to establish methodology or write a procedure. For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

  • Transition of ISO 9001 and ISO 14001


    Answer:

    The transition process is the same for both standards. First, you need to conduct GAP analysis to determine to what extent your existing system is compliant with new requirements of the standards. Once you have this information, you can create a project plan with defined activities, responsibilities, resources and deadlines for the transition to new version of the standards.

    For more information, see:
    - Tools for ISO 9001:2015 transition https://advisera.com/9001academy/2015transition/
    - Tools for ISO 14001:2015 transition https://advisera.com/14001academy/2015-transition/

  • Combining ISO 27001 and ISO 9001 risk assessment


    Answer:

    At the moment we do not see a practical way to combine risk assessment according to ISO 27001 and ISO 9001 - the methodologies are different, types of risks are quite different, and also the treatment is different. So we think it is better to do a separate risk assessment for ISMS and for QMS.

    However, risk assessment in ISO 9001 is quite a new topic, and we're watching closely how the best practice will develop - if some methodology appears that will cover both standards, we will certainly recommend it.

    There articles may also help you:
    - How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
    - Methodology for ISO 9001 Risk Analysis https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/

  • Certificar ISO 27001 en Perú


    Respuesta:
    Si tu pregunta es sobre entidades certificadoras que puedan certificar tu organización en ISO 27001, existen muchas empresas en Perú ofreciendo este servicio, y es muy fácil encontrarlas (quizás a través de la entidad local INDECOPI sea más sencillo).

    En cualquier caso, aquí lo importante es seleccionar la mejor entidad certificadora para tu organzación, y para ello, debes tener en consideración algunos puntos como por ejemplo la reputación, acreditación, especialización, experiencia, etc. Este artículo te puede resultar interesante “How to choose a certification body” : https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

    Y este webinar también te puede resultar interesante “ISO 27001/ISO 22301: El proceso de certificación” : https://advisera.com/27001academy/es/webinar/iso-27001iso-22301-the-certification-process-free-webinar/

    Finalmente, estos materiales te ayudarán a conocer más la ISO 27001 y el proceso de ce rtificación:
    - free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Page 977-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +