Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Consultant career


    Would you please provide some guidelines on how to start a freelance consulting for InfoSec? As well as what would be the basics that should be included in the document.

    Answer:
    Regarding the document that you want, I am sorry but I am not sure if I have understood what is exactly you need. If you mean a document to present the information security (and your services as consultant) to any type of organization, we have a free presentation about ISO 27001 and about information security that can help you. You can download this presentation from our free download section “Why ISO 27001 - Awareness presentation” : https://advisera.com/27001academy/free-downloads/

    And our project proposal for the ISO 27001 implementation can be also interesting for your potential clients “Project proposal for ISO 27001 implementation” : https://advisera.com/27001academy/free-downloads /

    Regarding your information security career as freelance, you can follow these steps:

    1.- Attend the courses about information security. This course can help you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

    2.- Obtain a certification, for example ISO 27001 Lead Implementer.

    3.- Acquire experience working for another consultant.

    Finally, this article can be also interesting for you “How to become an ISO 27001 / ISO 22301 consultant” : https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/

    And also can be interesting for you our Consultant Toolkit : https://advisera.com/27001academy/consultants/

  • Internal audit checklist questions


    9.1 - "Is it defined what needs to be measured, by which method, who is responsible, who will analyze and evaluate the results?" Does this refer to the objectives? Also, does there need to be a document that shows each objective, what needs to be measured and who is responsible?

    Answer: Setting the objectives is only one part of measurement - once you set the objectives, then you have to measure whether they are fulfilled. You can document objectives in one or several documents, see the details here: https://community.advisera.com/topic/monitoring-and-measurement-and-the-process-approach/

    A6.1.2 - "Are duties and responsibilities defined in such a way to avoid conflict of interest, particularly with the information and systems where high risks are involved?" Do these duties include those beyond just IT?

    Answer: Information security is not only about IT, it concerns all the functions in your company - therefore, A.6.1.2 is not for IT only - e.g. you can avoid conflict of interest in your finance department by asking for a double signature for signing payments in your bank account.

    A16.1.7 - "Do procedures exist which define how to collect evidence that will be acceptable during the legal process?" How detailed does this need to be? Would saying we use a 3rd party to handle these procedures suffice?

    Answer: The level of detail depends on what your local courts would find as acceptable - therefore, asking for someone with experience (e.g. consultant with legal experience, or a lawyer with information security experience) would certainly help you with this. It is not enough to say that 3rd party is in charge of something - you need to check whether they are really performing the activities they are hired for.

    This free online training will also help you: ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • Implement ISO 27001 and ISO 22301


    2. Is there like a roadmap template that I can use to know how to plan the whole project?

    Answers:

    Regarding the question 1, the time depends by some factors (scope, complex of your company, etc), but generally the time of the implementation of both standards, from my point of view, can be between 6 - 12 months. Anyway, with this free tool you can calculate the time for the implementation of each standard in your organization “Free Calculator - Duration of ISO 27001/ISO 22301 Implementation” : https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/

    Regarding the second question, basically these articles can be also interesting for you:

    - “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    - “17 steps for implementing ISO 22301” : https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/ iso-22301/
    - “ISO 27001 project - How to make it work” : https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/

    Finally, these materials will help you to know more about how to implement ISO 27001 in your organization:
    - free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • Ejemplos para el alcance


    Respuesta:

    Te muestro algunos ejemplos:

    - Definición del alcance del SGSI: Este artículo te puede ayudar a definir el alcance “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/ y este también “Problemas para definir el alcance de la norma ISO 27001” : https://advisera.com/27001academy/es/blog/2010/06/29/problemas-para-definir-el-alcance-de-la-norma-iso-27001/

    - Procesos y servicios: Procesos de TI, servicio de soporte de TI, etc.

    - Unidades organizativas: Unidad Gerencial, Unidad de Soporte, etc.

    - Ubicaciones: Oficina principal, oficina de backup, etc.

    - Redes e infraestructura: Infraestructura de red interna

    Por otra parte, estos materiales te ayudarán a definir el alcance en tu SGSI:
    - free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • Determining scope of QMS considering context of the organization


    Answer:

    The requirements from clause 4.3 state that you need to define the scope of your QMS according to the internal and external issues which means that you need to define context of your organization and why you want to implement the standard and to align the scope with your own needs as a company. For example, if you want to apply to tenders with only one of your products, you can cover only one production line with the scope of the QMS and save money on certification because you will only certify this production line and not entire organization.

    The same reason is behind the consideration of interested parties. For example, your customer might require you to implement ISO 9001 because he buys one of your products so you can again cover with the scope only this production line to save time and implement the standard faster and meet customer requirements.

    You do not need to explain or justify why you decided to go with the scope the way you decided but you must define the scope considering all element of your organization context and you need to document the scope of QMS. For more information, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/

  • Time between 2 surveillance audits


    Answer:
    Yes, the standard that officially defines the maximum period between two surveillance audits is ISO 17021 (standard that defines requirements for bodies providing audit and certification of management system), and in accordance with this standard, surveillance audits shall be conducted at least once a year.

    These articles can be interesting for you:

    “Surveillance visits vs. certification audits” : https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/

    “How to maintain the ISMS after the certification” : https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/

    "Accreditation vs. certification vs. registration in the ISO world" : https://advisera.com/articles/accreditation-vs-certification-vs-registration-in-the-iso-world/

    Finally, these materials will help you to know more about information security and the audit s in ISO 27001:
    - free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • ISO 14001 transition and ISO 13485


    Answer:

    Since both ISO 14001 and ISO 13485 have new versions, it is best to conduct the transition for both standards at the same time. The problem is that the ISO 14001:2015 has adopted High Level Structure (with ten clauses) and ISO 13485:2016 is created according to ISO 9001:2008 so it kept the old clause numbering and this will make the transition and the integration more difficult that it should be.

    The best toolkit for you is ISO 14001:2015 Documentation Toolkit (https://advisera.com/14001academy/de/iso-14001-2015-gap-analyse-tool/ 001-documentation-toolkit/) that contains all necessary documents together with some most frequently used ones. You can use your old Quality Manual and combine it with our new Environmental Manual that is a part of above mentioned toolkit. Practically you will need to identify common requirements of ISO 13485 and ISO 14001:2015 and merge them into joint sections and for different requirements you will have separate sections in the manual. We will also publish ISO 13485:2016 Documentation Toolkit soon so if you decide to purchase it later, you will get a big discount as our previous customer.

  • QMS in rice industry


    Answer:

    Implementation of ISO 9001 is the same for every industry, including rice production. You need to conduct gap analysis first to determine to what level your company is already compliant with ISO 9001 and what needs to be done to achieve full compliance.

    Then you need to create all the documents needed for your quality management system and implement new processes and procedures in your everyday activities. For more information, see: List of mandatory documents required by ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/

    Once you create all new documents and implement them in your process, you need t conduct internal audit and management review to ensure your system is compliant with ISO 90 01. For more information, see: Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/

  • ISO 9001 in hospitals


    Answer:

    Implementation of ISO 9001 is the same for any type of business including the hospitals, clinics or any other health institution.

    You need to get the management buy in for the implementation first and then to assemble team for the implementation. Next step is to perform gap analysis to determine to what extent your company is already compliant with the standard and what needs to be done to achieve full compliance. Here you can find our free GAP analysis tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

    Then you need to start creating necessary documents and implement new processes and actions in order to be compliant with the standard. For more information, see: ISO 9001 Implementation Diagram https://advisera.com/9001academy/free-downloads/

    Once you complete the implementation, you need to conduct internal audit and management review to ensure that your system is fully compliant with ISO 9001:2015 . Finally you can hire certification body to conduct certification audit and issue your company the certificate.

    For more information, see:
    - Would hospitals benefit from ISO 9001? https://advisera.com/9001academy/blog/2015/07/21/would-hospitals-benefit-from-iso-9001/
    - Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/

  • Calibration according to ISO 14001:2015


    Answer:

    The standard does not define who will perform the calibration and what qualifications must the person to perform calibration have. It simply says in the clause 9.1 "The organization shall ensure that calibrated or verified monitoring and measurement equipment is used and maintained, as appropriate". However, the clause 7.2 states "The organization shall determine the necessary competence of person(s) doing work under its control that affects its
    environmental performance and its ability to fulfil its compliance obligations".

    This means that in case of internal calibration, the company itself may define requirements for competence of perople performing the calibration. If the company decides that no certificate is needed, than the person does no t need the certificate.

    For more information, see: ISO 14001 Monitoring & measurement equipment control https://advisera.com/14001academy/blog/2015/03/02/iso-14001-monitoring-measurement-equipment-control/
Page 982-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +