Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementation guidance ISO 27002
... he guideline. You do not have to apply everything that is written in ISO 27002; you have to apply only what ISO 27001 requires of you.
Unfortunately, sometimes the certification auditors look towards ISO 27002, but you can clear this out very easily with them - simply ask them whether th ey think ISO 27002 is mandatory or not.
This article will help you: ISO 27001 vs. ISO 27002: https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/ -
Information security policy vs. Acceptable use policy
What is the big difference between the Information Security Policy and the Acceptable Use Policy? -
ISO 27002 clarification
First of all, ISO/IEC 27002:2013 is not a management standard - ISO 27002 is only a guideline on how to implement the security controls from ISO 27001. See also this article: ISO 27001 vs ISO 27002: https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
ISO 27001:2013 is a management standard, and it is the only management standard in the ISO 27k series. This 2013 revision of ISO 27001 had a predecessor (2005 revision of ISO 27001), so this might have caused the confusion.
See also this article: Infographic: New ISO 27001 2013 revision What has changed? https://advisera.com/27001academy/knowledgebase/infographic-new-iso-27001-2013-revision-what-has-changed/ -
Business continuity certifications for individuals
... ... rrently it is not clear which certification can bring you more benefits because BCI and DRII are established in the market for a very long time; however ISO 22301, similar to other ISO standards, is becoming more and more predominant, so I expect that in couple of years certifications related to ISO 22301 will have the best perspective.
See also this article: Lead Auditor Course vs. Lead Implementer Course ÃÂ Which one to go for ? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/ -
KPI for IT Disaster Recovery
... ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
You'll find quite good guidelines for testing & exercising in NFPA 1600 - see also this article: NFPA 1600 vs. ISO 22301 ÃÂ Similarities and differences https://advisera.com/27001academy/blog/2013/11/05/nfpa-1600-vs-iso-22301-similarities-and-differences/ -
ISO 17799/27001/27002?
ISO 17799 has changed it's name to ISO 27002 couple of years ago - therefore, these standards were the same.
Here you'll find an explanation of differences between ISO 27001 and ISO 27002: https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
COBIT is a framework (not a standard) that is aimed at IT governance, therefore it is more IT related than ISO 27001. -
Regarding NC
ISO 27001 certification auditor is auditing against ISO 27001, therefore he/she does not raise nonconformities against ISO 27002. ISO 27002 is only a guidance, this is not a standard against which you can get certified.
See also these articles:
ISO 27001 vs. ISO 27002: https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/ -
BIA & RA Review Period
... ss impact analysis must be reviewed.
However, once a year really is the best practice because of the following:
1) If you are ISO 27001 or ISO 22301 certified, the certification auditor will want to see those reviews at each surveillance visit (which happen once a year - see this article: https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/)
2) If you perform reviews less often, then you are in a danger that your RA / BIA will become too outdated because the pace of change (especially in IT) is really quick. -
ISO 27001 how to assign risk value
... sk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
What has changed in risk assessment in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/ -
Controls and Clauses Related to BYOD
... ISO 27001 vs. ISO 27002 (https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
1)Â Â Â Â There are, sadly, no controls on BYOD (understanding Âpersonal electronic devices brought at workÂ) in ISO 27002. You canÂt easily control it. The explanation in clause 6.2.1 (Mobile device policy) in ISO 27002 would help you further.
2)Â Â Â Â The only approach from ISO 27001 is risk management and defining the adequate policy. E.g.:
No classified information will be transmitted to and from BYOD equipment.
The use of BYOD to take pictures, audio and video recording must be authorised by the management.
The company will install software on mobile devices enabling it to delete the company information remotely.
3)    Risk management approach is described in ISO 27005. The main risks are: there comes Âprofessional information on a non controlled device through received emails, photos, videos and audio recording. Then: who may access this information around the user and what if itÂs lost or stolen?
Finally, youÂre right itÂs not a mandatory control. This blog post gives the point : List of mandatory documents required by ISO 27001 (2013 revision) - https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/