Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Procedure for document control and ISO 27002 controls
... ISO 27001 vs ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
These materials will also help you regarding document management:
- book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free o nline training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
Difference between sites and Certificates in ISO SURVEY
... p>... ISMS scope), and a single certification may cover multiple locations, also called sites. For example, you can have an organization's HQ and its filial covered by a single ISO 27001 certificate, resulting in one certification and two sites.
This article will provide you further explanation about differences regarding certification and other related ISO terms:
- Accreditation vs. certification vs. registration in the ISO world https://advisera.com/articles/accreditation-vs-certification-vs-registration-in-the-iso-world/ -
Risk assessment and BIA
... ssessment vs. business impact analys is https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
These materials will also help you regarding risk assessment and BIA:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/ -
Implementing OHSAS 18001 and ISO 14001
Looking forward your response.
Answer:
Six months is a reasonable period for the implementation, but you can also save time by identifying common requirements of both standards and implement them at the same time. For more information bout common requirements see: ISO 14001 vs. OHSAS 18001: What is different and what is the same? https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/iso-14001-vs-ohsas-18001-what-is-different-and-what-is-the-same/
I would start with gap analysis to determine what needs to be done to achieve full compliance with the standards and then develop project plan for implementation. When developing a pr oject plan, you should assign roles and responsibilities within the project to as many people as possible to decrease the time and also to ensure that the most relevant people are involved in implementing requirements of the standard. -
Implementing a Business Impact Analysis according ISO 22301
... NFPA 1600 vs. ISO 22301 â Similarities and differences https://advisera.com/27001academy/blog/2013/11/05/nfpa-1600-vs-iso-22301-similarities-and-differences/
- ISO 22301 vs. ISO 22313 https://advisera.com/27001academy/blog/2013/05/21/iso-22301-vs-iso-22313/
2. 5 elementos que deban considerarse para la implementación de un sistema de gestión de continuidad de negocio.
(5 elements that must be considered for the implementation of a business continuity management system.)
Answer: For a successful Business Continuity Management System implementation you should consider Business continuity policy, BIA, BC Strategy, BC Plans, and Exercising & testing.
3. 3 eventos que puedan afectar la continuidad de negocio de una institución bancaria?
(3 events that may affect the business continuity of a banking institution?)
Answer: Considering the interconnected banking industry today unplanned IT and telecom outages, cyberattacks and data breaches could be on many top 10 lists of disruptive events.
4. Que actividades y aspectos consideras que son necesarios considerar para la elaboración de un BIA?
(What activities and aspects do you consider necessary to consider for the development of an BIA?)
Answer: The establishment of a BIA methodology, engagement of top management, participation of processes key users, and the use of a facilitator with experience on performing business impact analysis. This is all covered in the webinar.
5. Por ejemplo si un incendio afectó las oficinas centrales de un banco un domingo por la madrugada. La situación es tan critica que ningún empleado puede ingresar al edificio. Considerando que el banco cuenta con un plan para este tipo de incidente, según tu experiencia que recursos, estrategias y actividades pueden estar detalladas en dicho plan?
(For example, if a fire affected the central offices of a bank on a Sunday in the morning. The situation is so critical that no employee can enter the building. Considering that the bank has a plan for this type of incident, according to your experience what resources, strategies and activities can be detailed in this plan?)
Answer: Considering this scenario, a strategy that should be considered is the definition of an alternative site from where people can initiate their work on Monday. Generally bank institutions have extremely short recovery times, so this alternative should be a warm or hot site. In terms of resources and activities, without further details it is not possible to define them, but generally speaking, you should consider transportation for employees, recovering of IT systems and databases, and communication with the media.
This article will provide you further explanation about Business Impact Analysis according ISO 22301:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
This material will also help you regarding Business Impact Analysis according ISO 22301:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
BIA and risk assessment
... ssessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
These materials will also help you regarding BIA and risk assessment:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
-
Performing BIA and protecting privacy
... ISO 27001 vs. ISO 27018 â Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
- What is an Information Security Management System (ISMS) according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/23/information-security-management-system-isms-according-iso-27001/
These materials will also help you regarding business impact analysis and ISMS implementation:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Implementing Business Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Privacy and cloud computing security documents
... ISO 27001 vs. ISO 27017 â Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 â Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/ -
Procedures vs processes
In your demo, we only talk about writing procedures. I would like to know if the processes are not mandatory? You do not mention it. IF I understand the update just rest these 12 procedures? -
Risk assessment
... alitative vs. quantitative risk assessments in information security: Differences and similarities https://advisera.com/27001academy/blog/2017/03/06/qualitative-vs-quantitative-risk-assessments-in-information-security/
2 - What are the attributes of selection of risk assessment tools and what are the best risk assessment techniques needed in such critical infrastructure especially in mitigating against an insider threat because insider threat is one of the biggest problems faced with nuclear industry today?
Answer: For attributes to select a risk assessment tool you can consider orientations of ISO 31010, the ISO standard about risk assessment techniques. This standard defines 4 requirements to evaluate a tool:
- Resources required to perform the assessment in terms of time to perform, expert knowledge, data gathering and cost
- Complexity of the problem or situation to be assessed, as well as the specific methods required to be used
- The level of uncertainty that can be accepted
- If the method can offer a quantitative result
In this article you can also find additional information about selecting tools: When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/
For other tools, I suggest you to take a look at ISO 31010 (Risk management â Risk assessment techniques) at this link: https://www.iso.org/obp/ui/#iso:std:iec:31010:ed-1:v1:en
In the second part of this question, I assume you want recommendations about risk treatment techniques. Generally speaking you can consider physical and logical segregation controls, user management practices, and physical and logical monitoring to deter, prevent and detect attempts from insiders. See this article for more information: How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
3 - Where can I get your presentation on statement of applicability and risk treatment?
Answer: You can see a free demo of this documents at these links:
- Statement of Applicability https://advisera.com/27001academy/documentation/statement-of-applicability/
- Risk Treatment Plan https://advisera.com/27001academy/documentation/risk-treatment-plan/
These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/