Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 9001:2015 transition regarding documents and records
... 9001:2015 vs. ISO 9001:2008 matrix https://advisera.com/9001academy/free-downloads// that gives an overview of the differences between previous and current version of the standard.
My advice to you would be to preform the GAP analysis first to determine to what extent your organization is already compliant with the new requirements of the standard and what needs to be done to achieve the full compliance. Once yu determine what needs to be done, you can plan actions to address all these requirements. Here you can find our free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/ -
Some questions about information security and virtualized environments
... ISO 27001 vs. ISO 27017 â Information security controls for cloud servicesâ : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
âISO 27001 vs. ISO 27018 â Standard for protecting privacy in the cloudâ : https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
âWhat is ISO 22301?â : https://advisera.com/27001academy/what-is-iso-22301/
âWhat is ISO 20000â : https://advisera.com/20000academy/what-is-iso-20000/
2.- From my point of view, here is very important to establish a strong access control (if the questions are in paper format, you can use a safety deposit box, or if the questions are also in digital format you can use a Single Sign On, or a LDAP server and establish privileges for the access) and maybe cipher the information can be interesting for you (this is only for the digital information, and you can use for example BitLocket, or a TrueCrypt fork, or AES crypt, etc. There are many technologies for this).
3.- Both are the same from the information security point of view: devices that you use to access to information, and it is really the important, I mean, the information. So, in this case, if you want to improve your environment try to improve how the information is accessed (for example through a secure channel), instead to change one device for another.
4.- The virtualization is another way to manage information, and there are threats/vulnerabilities specifically related to this, but if you perform a risk assessment & treatment you can reduce risks related to this environments in the same way that in others environments. So, I am sorry but the virtualization does not increase/reduce the security concerns, simply is another scenario where there are risks that you need to manage. And ISO 27001 does not have specific security controls for virtualized environments, but there are security controls for any environment (including virtualized environments): access control (A.9 of Annex A of ISO 27001:2013), cryptography (A.10), operations security (A.12), communications security (A.13), etc.
This article related to the risk assessment can be interesting for you âISO 27001 risk assessment & treatment â 6 basic stepsâ : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
And our online course can be also interesting for you because we give more information about the risk assessment & treatment âISO 27001:2013 Foundations Courseâ : https://advisera.com/training/iso-27001-foundations-course/ -
ISO 14001 vs ISO 9001 challenges in the transition
I watched your webinar presentation on ISO 9001:2015 transition and I have a questions about the slide on the main challenges. Can you explain me what is more challenging than ISO 14001 on the two points below: -
THIN CLIENTS VS. DESKTOPS
GIVEN THE CHOICE TO USE THIN-CLIENTS OR DESKTOPS, WHICH ONE WOULD YOU RECOMMEND TO HAVE A MORE SECURE ENVIRONMENT ? -
How to make ISO 9001:2015 procedures
... ... ore information, see:
- 7 steps in writing QMS policies and procedures for ISO 9001 https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/
- ISO 9001:2015 process vs. procedure â Some practical examples https://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/ -
More than one risk owner for one risk?
... sk owners vs. Asset owners in ISO 27001:2013â : https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
And our online course can be also interesting for you because we also talk about the risk owners âISO 27001:2013 Foundations Courseâ : https://advisera.com/training/iso-27001-foundations-course/ -
Approval of documents and risks
... sk owners vs. asset owners in ISO 27001:2013â : https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
Regarding your second question, if there are no risks related to the development of software because there is no development in your company, you can exclude security controls related to the development, although there are some controls that are not only related with the development that you should consider to apply: A.14.2.5 Secure system engineering principles. For more information about this control, please read this âWhat are secure engineering principles in ISO 27001:2013 control A.14.2.5?â : https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
And in your specific case, during the risk assessment & treatment, you could identify if there are risks related to the connection with the SAAS provider, and if so, controls that you can use to reduce these risks are A.14.1.2 Securing application services on public networks, and A.14.1.3 Protecting application services transactions.
Finally, our online course can be interesting for you because you can find more information about security controls âISO 27001:2013 Foundations Courseâ : https://advisera.com/training/iso-27001-foundations-course/ -
Scope for a company that provides IT services outsourcing
... ISO 27001 vs. ISO 27017 â Information security controls for cloud servicesâ : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
Finally, maybe our online course about foundations of ISO 27001 can be interesting for you âISO 27001:2013 Foundations Courseâ : https://advisera.com/training/iso-27001-foundations-course/ -
Controls for a cloud provider
... ISO 27001 vs. ISO 27017 â Information security controls for cloud servicesâ : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
And this article related to the basic logic of ISO 27001 can be also interesting for you "The basic logic of ISO 27001: How does information security work?" : https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
And also this article about handling supplier security "6-step process for handling supplier security according to ISO 27001" : https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/ -
Best practices in accessing business cloud applications
... ISO 27001 vs. ISO 27017 â Information security controls for cloud servicesâ : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
Finally, if you are interested in the security controls of ISO 27001, maybe our online course can be also interesting for you âISO 27001:2013 Foundations Courseâ : https://advisera.com/training/iso-27001-foundations-course/