A
AnandR
Good Afternoon!
I having difficult in interpreting the following MRM inputs and Outputs related to ISO 9001 and ISO 27001. Help from experts is appreciated.
Thanks
Anand
ISO 9001:
MRM Inputs:
1) Changes that could affect the QMS
2) Recommendations for improvement
Recommendation for improvement, is it based on the review of all the MRM inputs?
MRM Outputs:
1) Improvement of effectiveness of QMS & Its Processes
2) Improvement of product related to customer requirements
Is the above MRM output different from the Recommendations for improvement made in MRM input?
ISO 27001:
MRM Inputs:
1) Results of ISMS audits and reviews
2) Feedback from interested parties on ISMS
3) Techniques, products or procedures, which could be used in the organization to improve the ISMS performance and effectiveness
4) Results from effectiveness measurements
In QMS, it is only the results of audit. But, in ISMS it says results of audits and reviews
Techniques, products or procedures, which could be used in the organization to improve the ISMS performance and effectiveness
Here is it meaning recommendations for improvements? Is it for bringing in new items that never exists?
MRM Outputs:
I having difficult in interpreting the following MRM inputs and Outputs related to ISO 9001 and ISO 27001. Help from experts is appreciated.
Thanks
Anand
ISO 9001:
MRM Inputs:
1) Changes that could affect the QMS
2) Recommendations for improvement
Recommendation for improvement, is it based on the review of all the MRM inputs?
MRM Outputs:
1) Improvement of effectiveness of QMS & Its Processes
2) Improvement of product related to customer requirements
Is the above MRM output different from the Recommendations for improvement made in MRM input?
ISO 27001:
MRM Inputs:
1) Results of ISMS audits and reviews
2) Feedback from interested parties on ISMS
3) Techniques, products or procedures, which could be used in the organization to improve the ISMS performance and effectiveness
4) Results from effectiveness measurements
In QMS, it is only the results of audit. But, in ISMS it says results of audits and reviews
Techniques, products or procedures, which could be used in the organization to improve the ISMS performance and effectiveness
Here is it meaning recommendations for improvements? Is it for bringing in new items that never exists?
MRM Outputs:
- Modification of procedures & controls that effect information security, as necessary, to respond to internal or external events that may impact on the ISMS, including changes to:
a)Business Requirements b) Security Requirements c) Business Processes effecting the
existing business requirements d) Regulatory or Legal Requirements
e) Contractual Obligations & f) Levels of risks and/or criteria for accepting risks - Improvements to how the effectiveness of controls is being measured