Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
12.1.2 Change management vs 14.2.2 System change control procedures
-
ISO 27001 and ISO 27018
1. You cannot certify ISO 27018, because this standard is only a code of best practices (like ISO 27002), but you can use their controls for the implementation and certification of ISO 27001. On this way, first you need to implement ISO 27001 and during the risk treatment you can implement controls of ISO 27018. This article about ISO 27001 and ISO 27018 can be interesting for you "ISO 27001 vs. ISO 27018 - Standard for protecting privacy in the cloud": https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
2. ISO 27001 basically is about risks management related to the information security: You need to protect the information identifying risks and reducing them applying security controls (so can use a code of best practices for this, typically ISO 27002 which is composed by 114 security controls, but you can also use ISO 27018), and ISO 27018 is a code of best practices focused on the protection of personally identifiable information in public clouds, so you can use it to implement controls for the reduction of risks related to cloud environment.
This article about basic information of ISO 27001 can be interesting for you What is ISO 27001?: https://advisera.com/27001academy/what-is-iso-27001/
And also this article about the differences between ISO 27001 and ISO 27002 ISO 27001 vs. ISO 27002: https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
3. I am sorry but I am not sure what you mean, but as I have explained before, ISO 27018 is only a code of best practices and you cannot certify it, but you can implement it, and you can have controls focused on the protection of personally identifiable information in the public clouds, although on this way you cannot get certified and won't know how to manage risks related to the information security.
Finally, this article about the cloud computing can be interesting for you Cloud computing and ISO 27001 / BS 25999: https://advisera.com/27001academy/blog/2011/05/30/cloud-computing-and-iso-27001-bs-25999/ -
Backup policy vs. Backup procedure
I have one quick question, if I may I'm realy consused between backup policy and backup procedure? for example the backup frequency, should i specify the frequency in my policy or in procedure ? -
Keys risks for DRP
... recovery vs Business continuity : https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
You can also learn how to define the RTOs from this article "How to implement business impact analysis (BIA) according to ISO 22301" :Â https://adviser a.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
And this article can be also interesting for you "Understanding IT disaster recovery according to ISO 27031" :Â https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/ -
Mandatory documents
... ss="content-link Link" target="_blank" >https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Generally the asset owner can be for example an IT administrator, and the risk owner can be the head of the IT department. For more information about the risk owners and asset owners, please read this article ÃÂRisk owners vs. Asset owners in ISO 27001:2013ÃÂ :ÃÂ https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/ -
BCP or DRP?
... p>... s needs, what should we implement? is it BCP or DRP?ÃÂ The tool is 2 powerful machines with real time data.
ÃÂ
Answer:
I am not sure what you mean, but generally the DRP is more focused to the IT infrastructure, so from my point of view if you have an IT tool maybe can be better implement the DRP. This article can be interesting for you ÃÂDisaster recovery vs Business continuityÃÂ :ÃÂ https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/ -
How many papers to get certified?
... or Course vs. Lead Implementer Course  Which one to go for? : https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/
The best for you would be to contact some of the certification bodies in your country that provide such services, they will give you more detailed information about the course. Biggest certification bo dies are usually DNV, SGS, Bureau Veritas, and BSI - I'm sure at least one of them will be present in your country. -
Mandatory ISO 27001 documents and major nonconformity
... p>... ou:
8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/ -
Asset owner and custodians
... individual staff members can be custodians.ÃÂ
It is also important to know the term ÃÂrisk ownerÃÂ (new term introduced in the new ISO 27001:2013), which in accordance with ISO 27000:2014 is a ÃÂperson or entity with the accountability and authority to manage a risk"). If you want to know more information about asset owners and risk owners, please read this article ÃÂRisk owners vs. Asset owners in ISO 27001:2013ÃÂ :ÃÂ https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/ -
ISMS implementation project vs DLP software purchase
I am part of team of a project implimentation of an information security management system (ISMS), and we are in a phase of launch the project and our application scope is audit and monitoring the web applications. the probleme is there are two other projets is a phase of launch which are acquisition software DLP ( DATA LOSS PREVENTION) and acquisition software for source code audit , My question is :