Search results

Home / Search

Category:
Select
Select

11268 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ITIL and billing SW


    Answer:
    ITIL covers complete IT service lifecycle. That can include billing or any other SW. Usually, SW is related to an IT service (or vice-versa). So, you can apply ITIL to SW development, deployment or maintenance.

    Following articles can help you:
    "What is ITIL?" https://advisera.com/20000academy/what-is-itil/
    "ITIL Application Management Function – Custodian of application knowledge" https://advisera.com/20000academy/blog/2014/03/18/itil-application-management-lifecycle-within-service-lifecycle/

  • Differences between ISO 27017 and ISO 27018


    Answer:
    Sure, the main difference is that ISO 27017 is about information security controls for cloud services (generic), and ISO 27018 is specifically developed for protecting privacy in the cloud.

    Regarding document controls and assurance in the cloud using COBIT 5, we do not have specific information about this, because we are expert in ISO standards (27001, ISO 27002, ISO 22301), and the philosophy of COBIT is a bit different (has a different scheme of certification), and also remember that COBIT is specific developed for IT governance, so I am not sure if it is the best option for you.

    Concluding: If you are interested in the security of cloud computing, ISO 27017 and ISO 27018 are specific standards developed for this, and also are compatible with ISO 27001 (Information Security Management System) and ISO 38500 (Governance of Information Security).

    By the way, these articles can be interesting for you:

    "ISO 27001 vs. ISO 27017 - Information security controls for cloud services" : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/

    "ISO 27001 vs. ISO 27018 - Standard for protecting privacy in the cloud" : https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

    Finally, remember that our online course is very interesting to learn the fundaments of ISO 27001 “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • Document code for quality policy and objectives


    Answer:

    The standard requires documentation to be properly identified and this includes title, date, author and reference or coding number. This is the straightforward requirement of ISO 9001:2015, clause 7.5.2a) so it cannot be avoided even in case of Quality Policy and Quality Objectives.

    Since Quality Policy is often public document, it doesn't have to have the coding on the version that is available publicly but the version used internally must have the coding on it, the objectives are purely internal document so they also must have the coding on them.

    For more information, see: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

  • ISO 9001 transition and ISO 14001 and OHSAS 18001 integration


    Answer:

    The transition is a good chance to implement additional standards and create integrated management system. First step would be to conduct gap analysis and determine to what extent your existing system is compliant with new version of ISO 9001 and what needs to be done to achieve full compliance. This should be your first input for the project plan for transition and integration with ISO 14001 and OHSAS 18001.

    The second step would be to identify common requirements of ISO 14001:2015 and OHSAS 18001 and try to implement they at the same time with the transition steps for ISO 9001:2015. ISO 14001:2015 also went through the same changes as ISO 9001 so they now have same clause numbers for common requirements, ISO organization plans to replace OHSAS 18001 with ISO 45001 and this will probably happen next year so you will be ready with our experience with the transition process and knowledge about new versions of ISO 9001 and ISO 14001 and this will make your job much easier.

    The next step is to implement the requirements of ISO 9001:2015, ISO 14001:20015 and OHSAS 18001:2007 and once the system is in place you will need to conduct internal audit and management review so you can be sure that your system is compliant with the standards so you can hire certification body to conduct certification audit.

    Here are some articles that might be helpful to you:
    - How to make the transition from ISO 9001:2008 revision to the 2015 revision https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
    - Integrating ISO 9001 and ISO 14001 https://advisera.com/9001academy/blog/2013/11/19/integrating-iso-9001-iso-14001/
    - Is integrating ISO 9001 and OHSAS 18001 that hard? https://advisera.com/9001academy/blog/2015/02/03/integrating-iso-9001-ohsas-18001-hard/

  • Apply for ISO 9001


    Answer:

    The term "application" is not commonly used regarding ISO standard, so I assume you meant certification. There are two main steps in achieving or getting ISO 9001 certificate.

    First step is implementation of the standard, meaning that your organization need to perform actions and create documentation in order to meet requirements of the standard. The second step is to hire certification body to perform certification audit and issue your organization an ISO 9001 certificate.

    For more information see: Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/

  • People as single point of failure


    Answer:

    Your question is more focused on business continuity, so I'll describe how is this usually resolved from ISO 22301 perspective - there are a couple of strategies on how to approach this problem:
    a) Employ someone else who can replace certain people that are crucial
    b) Write very detailed procedures so that other employees can resume doing the job
    c) Make a contract with an external party that can provide you with human resources with particular skills in case that your crucial people are not available.

    See also this article: Can business continuity strategy save your money? https://advisera.com/27001academy/blog/2010/03/15/can-business-continuity-strategy-save-your-money/

  • Implementing ISO 9001 in chemical industry


    Answer:

    Usual first step is to conduct GAP analysis and determine to what extent the organization already complies with ISO 9001:2015. You can find our free GAP analysis tool here https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

    Once you determine what needs to be done, you should establish Project Plan to define activities, deadlines and other relevant information. Here you can find our free Project Plan for ISO 9001 Implementation https://advisera.com/9001academy/free-downloads//

    When you implement all activities from the project plan, you need to conduct internal audit to determine whether the QMS is compliant with the standard and initiate and conduct corrective actions to achieve full compliance. Here you can find our free onl ine ISO 9001:2015 Internal Auditor course https://advisera.com/training/iso-9001-internal-auditor-course/

    And finally, the company needs to conduct management review and hire a certification body for certification audit.

    Our documentation toolkit contains all mandatory documents required by ISO 9001:2015 along with most commonly used documents. With purchase of toolkit you will get access to video tutorials that explain how the documents are filled in. To see complete offer and all documents that are included in our toolkit, click here https://advisera.com/9001academy/iso-9001-documentation-toolkit/

  • Issue based risk assessment?


    Answer:
    You are right, I mean, you can perform an asset based risk assessment, although it is not mandatory in the new ISO 27001:2013 (for example, you can perform a process based risk assessment).

    Regarding the issue based risk assessment, I am sorry but it does not exist in ISO 27001:2013. The “issues” are related to the context and the scope of the ISMS, so your organization simply shall consider internal and external issues to determine risks and opportunities that need to be addressed, independently of the methodology for the risk assessment.

    This article can be interesting for you “Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)” : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/

    And also this one “How to identify interested parties ac cording to ISO 27001 and ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//

    And if you are interested in the development of a methodology for the risk management, this article can be also interesting for you “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

    And our online course can be also interesting for you because we give more information about the risk assessment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • Defining the scope


    Answer:
    From my point of view, if you have a client requiring the ISO 27001 implementation and certification, it is better if you talk with your client and agree with him your ISMS scope (to avoid problems).

    Anyway, if you are giving a service to your client, and you need all systems of the data center for this service, maybe the best option would be to include in the scope all systems (I suppose that these systems are managed by your company).

    This article can be interesting for you “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

    And our online course can be also interesting for you because we give more information about the ISMS scope “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • To be compliant, what is the minimum to be done?


    Answer:

    Basically, there is no difference between "being compliant with the standard" and "being ready for the certification" - so the point is you have to implement:
    1) all the mandatory documents
    2) all the non-mandatory documents you consider necessary for your company
    3) make sure all of your employees comply with all this documentation

    In our ISO 27001 Documentation Toolkit you'll find a document called "List of documents" which specifies all the documents that are mandatory, and all the documents that are optional. When you follow the steps in the toolkit, you will be able to conclude which non-mandatory documents will be necessary for you.

    It is also recommendable to go through this free online course because it will explain you how the whole standard works: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 990-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +