Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Is the risk assessment done before the BIA?
... /> Answer: ISO 22301 (and most of other business continuity methodologies) allow you to do it either way, and the truth is - I don't think there is a huge difference. My personal preference is to do the risk assessment first, because then you'll have a better impression of which incidents can happen while doing your business impact analysis.
You'll learn more here: Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/ -
Integrating ISO 9001 and ISO 27001
... ISO 9001 vs. ISO 27001 matrix https://info.advisera.com/9001academy/free-download/iso-9001-vs-iso-27001-matrix/
2. Second clarification is on Risk management. In the templates , Procedure_for_Addressing_Risks_and_Opportunities is about performing risk analysis for QMS level or enterprise level risk management . How to modify to cover for project management risk . Is it like project managers/QA manager use same risk methodology . And critical risk from projects gets highlighted to QA Manager and get listed in enterprise level risks? Please suggest
You can use the procedure for assessing project management risks, basically, instead of writing risks regarding context of the organization, you will assess risks for the project but those risks and not a part of the risks related to the context of the organization but for individual projects.
3) Do you have a Change control procedure in the template for 9001 ? I couldn't find one in template
We do not have such procedure because ti is not mandatory, all information about the changes are stated in the Quality Manual. Here is one article about the integration of ISO 9001 and ISO 27001, that can be helpful to you:
- How to integrate ISO 9001 and ISO 27001 https://advisera.com/9001academy/blog/2016/09/27/how-to-integrate-iso-9001-and-iso-27001/ -
Risk owners empowerment
... sk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) â where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
2) Please clarify, if whole RISK MANAGEMENT in ISO 27001 is roughly bifurcated into PLANNING and IMPLEMENTATION phases then can we say that RISK ASSESSMENT, RISK TREATMENT, RISK ASSESSMENT REPORT, SOA and RESIDUAL RISK SHEET documents fall in PLANNING phase whereas RISK TREATMENT PLAN is for IMPLEMENTATION phase?
Answer: Your assumption is partially right. Although it is not explicit anymore, ISO 27001 still follows an PDCA cycle, and some elements play different roles in different phases. All these documents you listed are outputs of the planning phase, and the risk treatment plan is an input for the implementation phase. But you should also note that they are inputs for the Performance evaluation described in the clause 9 of the standard (they provide the targets you will use to compare if your results are OK or need adjustments), and outputs from the Improvement step described in clause 10 (management decisions can demand updates in all of them).
This article will provide you further explanation about PDCA and risk assessment process:
- Has the PDCA Cycle been removed from the new ISO standards? https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/
These materials will also help you regarding risk owners and risk assessment process:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Change management vs. Release and Deployment management
I want to know the difference between change management vs release management and what is the best flow chart for both and what are the interconnected things among them -
ISO 27001 implementation and certification and ISO 9001
... 9001:2015 vs. ISO 9001:2008 matrix https://info.advisera.com/9001academy/free-download/iso-90012015-vs-iso-90012008-matrix
This article will provide you further explanation about using ISO 27001 and ISO 9001 together:
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
These materials will also help you regarding using ISO 27001 and ISO 9001 together:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 implementation: How to make it easier using ISO 9001 https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/ -
Impacts of EU GDPR
... ... bout privacy controls and EU GPDR:
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
- ISO 27001 vs. ISO 27018 â Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/ -
ISO 27017 and ISO 27018 implementation
... ISO 27001 vs. ISO 27017 â Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 â Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
These materials will also help you regarding supplier management:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
ISO 27001 Internal auditor course vs Lead auditor course
If you pass the certification iso 27001 internal auditor with success, would it be easier to take an pass the iso 27001 lead auditor? Or do you need more lessons? -
Local vs. centralized Service Desk
What are the pro's and con's of a local service desk versus centralized service desk? -
Applicability of ISO 27017/27018
... ISO 27001 vs. ISO 27017 â Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 â Standard for protecting p rivacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
- Resolving cloud security concerns by defining clear responsibilities according to ISO 27017 https://advisera.com/27001academy/blog/2016/08/23/resolving-cloud-security-concerns-by-defining-clear-responsibilities-according-to-iso-27017/