Start a new topic and get direct answers from the Expert Advice Community.CREATE NEW TOPIC +
Please select user.
There are no topics yet.
... p>• A.8.1.1 Inventory of assets, and
• A.8.1.2 Ownership of assets
... have merged into ISO 27001:2022 control:
• A.5.9 Inventory of information and other associated assets
This is an example right from the tool.
For further information about new controls introduced by ISO 27001:2022, please read:
... and you can take a look at a demo of this document at this link: https://advisera.com/27001academy/documentation/business-continuity-plan/
This article will provide you with a further explanation of Disaster Recovery:
I have some customer requirements that I want to ask if they are already included in my scope or not. One set calls out Offshore requirements. We are a virtual company and everyone works remotely. I didn't plan to separate offshore vs. domestic work. Is that typical? Please let me know if these requirements will be fulfilled: I think these would be, but I don't quite understand Incident Response vs. Incident Plan vs. Incident handling - aren't these all covered by the same Policies and Procedures and part of the overall plan? IR-1.1 Develop policies and procedures for Incident Response. IR-6.1 Report security incidents to appropriate personnel or government authorities in a timely manner. IR-8.1 Develop a comprehensive Incident Response Plan for the organization. IR-5.1 Implement mechanisms for tracking and documenting security incidents. IR-4.1 Develop an incident-handling process for the organization. Does this have to be separate? Offshore-48 Complete a security assessment of the organization's offshore location(s) and/or third party's offshore location(s) annually. Offshore-20 Requires antivirus software to be active and up to date on workstations.
Hi! I have an app that is HIPAA compliant and hosted in the US. I would like to open it up to patients in Israel and am trying to figure out what it takes to become ISO certified and what part of that is already covered by HIPAA. It is a mental health app and we store personal data, although nothing about physical health. Thanks!
I am trying to get a better understanding about the guidance on Equipment Qualification vs. Process Qualification and Process Validation. Can you refer me to the sections of the standard that speak about those topics?
... ontroller vs. processor – What are the differences?: https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
... or Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/
For courses related to these certifications, please see:
... onsultant vs. DIY approach https://info.advisera.com/27001academy/free-download/implementing-iso-27001-with-a-consultant-vs-diy-approach
These materials will also help you regarding ISO 27001 implementation:
We are looking for guidance with regards to Good Manufacturing Practice. Is this a certification that pharmaceutical companies need to apply for? How do they apply? If the company has ISO13485, can they use the GMP mark? or do they need to be registered for GMP?
ISO has certification for Organizations such as ISO 27001, do the COBIT is competitor and also have certification for Organizations like ISO?