Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
System admin requires ISO 27001 certification?
... ... ISO 27002.
Finally, these articles can be interesting for you:
"How to learn about ISO 27001 and BS 25999-2" :ÃÂ https://advisera.com/27001academy/blog/2010/11/30/how-to-learn-about-iso-27001-and-bs-25999-2/
"Lead Auditor Course vs. Lead Implementer Course - Which one to go for?" :ÃÂ https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/ -
Outsourced components
... sk owners vs. Asset owners in ISO 27001:2013Â : Â https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/Â
Answer 3: From my point of view it is better if you list the datacenter as facility asset. Here it is important to have an asset for the datacenter (type facility), because there are threats directly related to this type of asset (there are also other threats directly related to the servers), furthermore you need to ensure that your supplier contract discuss about risks and the mitigation of threats.
Answer 4: An approach can be: Identify the facility as an asset, and also the systems and information contained on it, because they are different type of assets and have different threats/vulnerabilities. Another approach can be: Identify an unique asset and assign to it all threats/vulnerabilities related to the facility, systems and information.
Finally, this article about the asset inventory can be interesting for you ÂHow to handle Asset register (Asset inventory) according to ISO 27001Â :Â https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/ -
Questions about assets
... sk owners vs. Asset owners in ISO 27001:2013Â :Â https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
Answer 3: Yes, my recommendation is to review the main steps of the implementation process to know if all are completed. This article can be useful for you ÂISO 27001 implementation checklist : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/ You can also review if you have all mandatory documents required by ISO 27001:2013, so please read this article ÂList of mandatory documents required by ISO 27001 (2013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ -
ISO 27001 training vs awareness
Ive a question concerning the clause 5.1.1 - more specifically, about the Information security awareness, education and training. This can, I realise, be specific to an organisation, however, my concern refers to the training aspect vs. awareness and education. We have been giving awareness and eduction sessions, but the training aspect i believe is something more in-depth. Does this mean establishing more physical awareness e.g. mock phishing attacks, leaving USB sticks (etc etc) around the office to see who picks it up and who plugs it in etc? -
ISO 27001 or ISO 27018?
... ISO 27001 vs ISO 27002: https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/).
So basically you have 3 options:
1) Implement ISO 27018 only - you won't get certified and won't know how to manage the security, but you will have technical controls focused on the cloud
2) Implement ISO 27001 only - you will get certified and know how to manage your security, but you won't have the technical controls focused on the cloud
3) Implement both ISO 27001 and ISO 27018 - actually it's rather easy because ISO 27018 is a complement to ISO 27001/ISO 27002, and you'll get the best out of both standards. -
Basic steps of a Gap Analysis
... ntent-link Link" target="_blank">https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
Regarding the differences between the Gap analysis and the risk assessment, basically the gap tells you how far you are from ISO 27001 requirements, while the risk assessment tells you which incidents can h appen, anyway this article can be interesting for you ÃÂISO 27001 gap analysis vs. Risk assessmentÃÂ :ÃÂ https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/ -
When to use tools for ISO 27001
... 4/toolkit-vs-conformio-which-is-more-applicable-for-my-company/" class="content-link Link" target="_blank" rel="noopener nofollow ugc">https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/
ÂDocument management in ISO 27001 & BS 25999-2Â :Â https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/ -
CISA and CISM
... ou ÂCISA vs. ISO 27001 Lead Auditor certification : https://advisera.com/27001academy/blog/2015/05/11/cisa-vs-iso-27001-lead-auditor-certification/
And also this article ÂQualifications for an ISO 27001 Internal Auditor : https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/ -
Security controls to mitigate cybersecurity threats
... ISO 27001 vs. ISO 27032 cybersecurity standard : https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/ And this free eBook can be also interesting for you Â9 Steps to Cybersecurity : https://advisera.com/books/9-steps-to-cybersecurity-managers-information-security-manual/
-
ISO 27001 and cybersecurity
... ISO 27001 vs. ISO 27032 cybersecurity standard : https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/
And of course, can be very interesting for you our free eBook Â9 Steps to Cybersecurity : https://advisera.com/books/9-steps-to-cybersecurity-managers-information-security-manual/