Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1220 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk assessment
... alitative vs. quantitative risk assessments in information security: Differences and similarities https://advisera.com/27001academy/blog/2017/03/06/qualitative-vs-quantitative-risk-assessments-in-information-security/
2 - What are the attributes of selection of risk assessment tools and what are the best risk assessment techniques needed in such critical infrastructure especially in mitigating against an insider threat because insider threat is one of the biggest problems faced with nuclear industry today?
Answer: For attributes to select a risk assessment tool you can consider orientations of ISO 31010, the ISO standard about risk assessment techniques. This standard defines 4 requirements to evaluate a tool:
- Resources required to perform the assessment in terms of time to perform, expert knowledge, data gathering and cost
- Complexity of the problem or situation to be assessed, as well as the specific methods required to be used
- The level of uncertainty that can be accepted
- If the method can offer a quantitative result
In this article you can also find additional information about selecting tools: When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/
For other tools, I suggest you to take a look at ISO 31010 (Risk management â Risk assessment techniques) at this link: https://www.iso.org/obp/ui/#iso:std:iec:31010:ed-1:v1:en
In the second part of this question, I assume you want recommendations about risk treatment techniques. Generally speaking you can consider physical and logical segregation controls, user management practices, and physical and logical monitoring to deter, prevent and detect attempts from insiders. See this article for more information: How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
3 - Where can I get your presentation on statement of applicability and risk treatment?
Answer: You can see a free demo of this documents at these links:
- Statement of Applicability https://advisera.com/27001academy/documentation/statement-of-applicability/
- Risk Treatment Plan https://advisera.com/27001academy/documentation/risk-treatment-plan/
These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Presentation for ISO 9001 tansition
... isera.com/9001academy/free-download/twelve-step-transition-process-from-iso-90012008-to-the-2015-revision
The last part of the presentation should describe options for the transition, i.e. doing the transition by yourself, using consultant or some online solution. Here you can find a whitepaper that can be helpful to you:
- Implementing ISO 9001:2015 with a consultant vs. DIY approach https://info.advisera.com/9001academy/free-download/implementing-iso-9001-with-a-consultant-vs-diy-approach -
ISMS implementer and auditor
... r persons vs. organizations https://advisera.com/27001academy/iso-27001-certification/ .
In terms of competences to be successful in an ISO 27001 lead auditor or lead implementer course, more important than the years of experience is the understanding of the link between information security, technology, and business processes (e.g., someone can pass years of a professional life seeing only one aspect of IT while other professional in a couple of years can cover aspects from network infrastructure to business intelligence).
This article will provide you further explanation about ISMS implementer:
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
These materials will also help you regarding ISMS implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/ -
Mapping between ISO 27001 and ISO 27002
... ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
These materials will also help you regarding ISO 27001 and 27002:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISO 27035 and incident management
... ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
These materials wi ll also help you regarding incident management:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Incidents and Non conformities
... ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003 https://advisera.com/27001academy/blog/2016/09/05/incidents-in-iso22301-vs-iso27001-vs-iso-20000-vs-iso28003/
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
These materials will also help you regarding Incidents and Non conformities:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Processes vs. Procedures
What is the difference in the Processes versus Procedures in 14001? -
Check within the process vs. checks of product
Based on ISO 9001:2015 -
Incident vs. Event management
And Difference between Event and Incident management. -
Major incidents vs. high priority users
How you will handle major incident and P1 User parallel?