Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11271 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Certified Implementer ISO 27001
Answer:
Basically to initiate your career you need courses and basic information about these standards, and our site is the best place for this, because we give many free resources.
For example, we have this course that can help you to learn basic principles about ISO 27001 “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Our learning center can be also very interesting for you “What is ISO 27001” : https://advisera.com/27001academy/what-is-iso-27001/, "ISO 22301 Basics" : https://advisera.com/27001academy/what-is-iso-22301/
These material can be also interesting for you:
- Our free downloads section https://advisera.com/27001academy/free-downloads/
- Our free webinars : https://advisera.com/27001academy/webinars/
- Article about how to become consultant “How to become an ISO 27001 / ISO 22301 consultant" : https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301 -consultant/
- Article about Lead Implementer Course “Lead Auditor Course vs. Lead Implementer Course - Which one to go for?” : https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/
Finally, our ebook can be also very interesting for you: book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ -
ISO 9001 scope and clause exclusions
We do not have a formal procedure written for design work BUT we have a gateway for products we produce
this, to us, means that we regard our Operations as the customer of design. Our Operations ensures that the design is correct to achieve the end product through operations....
Can we then state that the scope of our ISO 9001 certification application is our Operations only?
We have procedures which control the drawings and Bills of Material that are used to make our products
Scope of the Quality Management System.... I need to know what to include in the scope and how to write what we exclude
Answer:
If your company does not conduct design and development of products, you can exclude clause 8.3 of ISO 9001:2015. Reviewing your customer design prior to production is part of clause 8.2.3 Review of requirements related to products and services so they are not di smissed once the clause 8.3 Design and development of product and services is excluded.
In the document about scope of QMS or in Quality Manual, you can write that clause 8.3 is not applicable to your business because you do not conduct design and development and this will be enough.
For more information, see:
- How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/ -
Storing too many documents
Answer:
The standards does not usually prescribe how long you need to keep the outdated documents and records, they only require organization to define retention and disposition of the documents. Usuall practice is to keep the documents and records for three years but this period can be shorter or longer.
For more information, see:
- New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/ -
Documentation and classification in ISO 27001
Answer:
I am not sure what you mean with your first question, but ISO 27001:2013 has the point 7.5 Documented information, where defines basic principles to manage documents and registers.
This article can be interesting for you “Document management in ISO 27001 & BS 25999-2” : https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
Regarding the top secret documents, the best way to send them to another party, is to encrypt the information, and for this you can use various open source tools (and free). By the way, this article about the classification of information according to ISO 27001 can be also interesting for you “Information classification according to ISO 27001” : https://advisera.com/27001academy/blog/2014 /05/12/information-classification-according-to-iso-27001/
Finally, these materials will help you to learn more about ISO 27001 and the classification of information:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ -
ISO 20000 implementation order
Answer
ISO 20000 does not require any particular order in which requirements will be implemented. But, from the experience point of view, I would recommend to:
1. establish the SMS (Service Management System
2. Implement the processes
There are two elements which can help. First one is to follow the order in the toolkit (you can see the list of documents here https://advisera.com/20000academy/iso-20000-documentation-toolkit/# .
Additional help could be "ISO 20000 implementation diagram" https://advisera.com/20000academy/free-downloads/
On the other side, ITIL needs different approach, and you can get useful ideas in the article "Ready, steady… go – Starting ITIL implementation" https://advisera.com/20000academy/blog/2014/06/10/ready-steady-go-starting-itil-implementation/ -
Documents requred by clause 4.4
Answer:
This clause has overall requirements for entire quality management system. Requirements for this clause are related to every part of the quality management system, and can be met indirectly through documented procedures, policies and records.
When it requires organization to maintain documented information to support the operation of its processes, this means that you need to decide what documentation (procedures, SOP, work instruction, etc) are necessary for running the processes and to create them. Another requirement is to retain documented information to have confidence that the processes are being carried out as plan and this means that you need to decided what records are needed and to create them according to your needs.
For more information, see:
- New approach to document and r ecord control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/ -
Risk assessment in ISO 22301
Answer:
You can do the risk assessment using ISO 27001 risk assessment framework, but defining critical activities and processes involved in your business. This article can be interesting for you “Can ISO 27001 risk assessment be used for ISO 22301?” : https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/
Finally, these materials will help you to understand how to perform the risk assessment:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ -
Back up of information regarding ISO 9001
Answer:
ISO 9001 does not mention or require back up of the organization information. It only requires documented information (in this case in electronic form) to be available, adequately protected, stored and preserved but it doesn't define how. It is completely up to organization to define how this will be achieved. If you want to back up your organization information, you can do it either by some cloud service, some additional hard disk drives, etc. but whatever you decide, you need to define it in your procedure for control of documented information.
For more information, see:
- Backup policy – How to determine backup frequency https://advisera.com/27001academy/blog/2013/05/07/backup-policy-how-to-determine-backup-frequency/ -
ISO 31000 and ISO 9001
ISO 31000 is much more related to ISO 27001, in this article you'll find the details: ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/ -
Implementing QMS from scratch
Answer:
Implementation of QMS can start with the GAP analysis to determine to what level your organization is already compliant with the standard. Once you determine what are the gaps, you can create a project plan with defined activities and documents to be created as well as responsibilities and deadlines.
Once you conduct all the activities and create all necessary documents, you need to conduct internal audit and management review to make sure your company is compliant with ISO 9001. Finally, after conducting all these activities your company will be ready for the certification audit.
For more information, see:
- Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/