Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001/ISO 27002 vs COBIT
-
Implement ISO 27001
... ISO 27001 vs. ISO 27002Â :Â https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
Regarding the charge, depend on the organization where you want to implement the standard (scope, number of employees, etc), although typically the cost of the implementation for a company with 50 employees could be between $5.000 - $20.000. Anyway, this article can be interesting for you ÂHow much does ISO 27001 implementation cost? : https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/Â
Finally, this free tool can help you to calculate the duration of an ISO 27001 implementation ÂFree Calculator  Duration of ISO 27001 / ISO 22301 Implementa tion : https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/ -
DR site
... recovery vs. Business continuity : https://advisera.com/27001academy/blog/ 2010/11/04/disaster-recovery-vs-business-continuity/
And also this article about the distance of the disaster recovery can be interesting for you ÂDisaster recovery site  What is the ideal distance from primary site? : https://advisera.com/27001academy/knowledgebase/disaster-recovery-site-what-is-the-ideal-distance-from-primary-site/ -
Risk assessment - Assets or process?
... entÂ, ÂTVsÂ, ÂDesktopsÂ, and any other group of assets that can be affected by the same threats/vulnerabilities, and this approach can reduce the risk assessment considerably.Â
But also keep in mind that if you change assets/process in your risk assessment, you will need to start from 0, applying a new methodology in a complex scope.
So, if you reduce your risk assessment but the number of assets is high, and you can assume the eff ort to change the risk assessment and start from 0, my recommendation is the risk assessment based on process (it is not a problem in the ISO 27001:2013, I mean, you can use a risk assessment based on process without problem, although with the old ISO 27001:2005 you could not). If not, I think that you should maintain your current risk assessment, reducing it.
Finally, this article about the risk assessment, can be interesting for you ÂISO 27001 risk assessment: How to match assets, threats and vulnerabilities : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
And also this article about problems with defining the scope can be interesting for you ÂProblems with defining the scope in ISO 27001Â :Â https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/ -
Does ISO 27001 have any requirements that the documentation cannot leave the com
... ... ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
By the way, a company cannot get certified against ISO 27002, only against ISO 27001 - see this article: ISO 27001 vs. ISO 27002: https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/ -
How ISO 27001 / ISO 27002 applies to a cloud computing environment
... br> Finally, this article can be interesting for you ÃÂCloud computing and ISO 27001 / BS 25999ÃÂ :ÃÂ https://advisera.com/27001academy/blog/2011/05/30/cloud-computing-and-iso-27001-bs-25999/ ÃÂ
And also this article about ISO 27001/ISO 27002 ÃÂISO 27001 vs. ISO 27002ÃÂ :ÃÂ https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/ -
Differences between ISO 27001:2013 and PCI DSS
Can you explain me difference between ISO 27001:2013 and PCI DSS. Exact difference.
Answer:
There are many differences between both, but there are also many similarities. You can see them in this article PCI-DSS vs. ISO 27001 Part 1 Similarities and Differences : https://advisera.com/27001academy/knowledgebase/pci-dss/ -
Standard that requires a surveillance audit
... ... ar.ÃÂ
C - The recertification audit: It is performed only after the first initial certification audit and the surveillance audit, when the certificate expires after 3 years.
This is a cycle (A, B, C) that is repeated after the third year, but removing the first init ial certification audit.
For more information about this, please read this article ÃÂSurveillance visits vs. certification auditsÃÂ :ÃÂ https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/ -
Business Continuity vs Disaster Recovery
-
Security certifications
... u ÂCISA vs. ISO 27001 Lead Auditor certification : https://advisera.com/27001academy/blog/2015/05/11/cisa-vs-iso-27001-lead-auditor-certification/
Generally ISO 27001 Lead Auditor is more easy and can help you to know basic concepts about information security, so my recommendation is that you can start with this. In this case, please read this article ÂHow to become ISO 27001 Lead Auditor : https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
Point 2: IT auditors is more related to technology, remember for example CEH and CPTE. Regarding ISO 27001 Lead Auditor or consultants, please read this article ÂLead Auditor Course vs. Lead Implementer Course  Which one to go for? : https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/