Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Internal audit vs Gap analysis
What is difference between Fault finding and Gap analysis. Every external auditor would say that we do audit which is gap finding exercise and not fault finding exercise, I need clarity on the same. -
Assets mentioned by the owner
... sk owners vs. Asset owners in ISO 27001:2013Â : https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
Â
Finally, keep in mind that you need to perform the internal audit to review whether the assets perform as expected. If you need more information about how to make your own intern al audit checklist, please read this article ÂHow to make an Internal Audit checklist for ISO 27001 / ISO 22301Â : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/ -
Clauses and controls achieved by completing the disaster recovery plan
If you refer to the ISO 27001, you can find in the Annex A of the standard, the control domain "A.17 Information security aspects of business continuity management, which is related to the Disaster recovery. If you need more information about the Disaster recovery, please read this article Disaster recovery vs Business continuity": https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/ -
ISO 27001 and ISO 27002
... 002. Although you can see in the Annex A of the ISO 27001 all security controls of the ISO 27002 (which are audited in a ISO 27001 audit), but you can only see a brief description, in the ISO 27002 you ca n see for each control an implementation guide.ÃÂ
ÃÂ
If you want to know more about the differences between ISO 27001 and ISO 27002, please read this article ÃÂISO 27001 vs. ISO 27002":ÃÂ https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/ -
gap analysis for ISO 27001
... analysis vs. risk assessment" : https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
Â
And of course, you can use our template ÂInternal Audit Report : https://advisera.com/27001academy/documentation/internal-audit-report/ -
Disaster
... recovery vs Business continuity : https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
The RTO is the Recovery Time Objective, this means: defined time in your business which a business process must be restored after a disaster. If you need more information about this , please read: ÂHow to implement business impact analysis (BIA) according to ISO 22301Â : https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
Now, do you need to write a Business Continuity Plan? Please read this article ÂHow to write business continuity plan : https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/
Also can be interesting for you read this article ÂDisaster recovery site  What is the ideal distance from primary site? : https://advisera.com/27001academy/knowledgebase/disaster-recovery-site-what-is-the-ideal-distance-from-primary-site/ -
Clause vs related control or vice-versa
Is it possible for you to provide me with a guide re above subject? Basically, a table or an Excel file mapping Clauses vs Controls for ISO 27001:2013. Does such a thing exist? -
Some questions about ISO 27001:2013
The purpose is to define a person or entity with the accountability and authority to manage a risk (this a definition that you can find in the ISO 27000:2014). And to determine the risk owners you should aim for someone who is closely related to processes and operations where the risks have been identified. Please read this article for more information Risk owners vs. Asset owners in ISO 27001:2013: https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
Is a communication plan mandatory in the ISMS documentation ? (clause 7.4)
Answer:
No, it is not mandatory. You can find a list of mandatory documents here List of mandatory documents required by ISO 27001 (2013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/.
The objectives mentioned in clause 6.2, does it refer to the objectives in the Statement Of Applicability (e.g. : in my company, we chose the whole Annex A for our SoA)
Answer:
The objectives in ISO 27001 clause 6.2 can be set both for the whole ISMS, and/or for the control objectives in the Statement of Applicability - usually, the objectives are set at two levels: (1) the general ISMS level, and (2) at the level of security processes or security controls. See also this article: ISO 27001 control objectives Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/ -
Incident Handling Procedure and Business Continuity Plan
... terÃÂ, but we can consider that is the same or similar to a crisis or emergency. So, an incident can result in a disaster.ÃÂ
ÃÂ
Generally, Disaster is related to the concept ÃÂDisaster RecoveryÃÂ (technology), which is not the same that "Business Continuity" (whole organization). If you want to know the differences about this, please read this article ÃÂDisaster recovery vs Business Continuity":ÃÂ https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/ -
Difference between Incident and Disaster
... sterÃÂ, but we can consider that is the same or similar to a crisis or emergency. So, an incident can result in a disaster.ÃÂ
ÃÂ
Generally, Disaster is related to the concept ÃÂDisaster RecoveryÃÂ (technology), which is not the same that "Business Continuity" (whole organization). If you want to know the differences about this, please read this article ÃÂDisaster recovery vs Business Continuity":ÃÂ https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/