Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 change process: 2013 to 2022
... ce audit, you need to align that with your certification body, so the audit plan can consider this.
Please note that organizations have a three-year period (i.e., until October 31, 2025) to make the transition to ISO 27001:2022, so you can start your transition right now, but have plenty of time to make the transition.
For further information, see:
- ISO 27001 2013 vs. 2022 revision â What has changed? https://advisera.com/27001academy/blog/2022/02/09/iso-27001-iso-27002/
-
Trying to map additions
... 7001 2013 vs. 2022 revision – What has changed? https://advisera.com/27001academy/blog/2022/02/09/iso-27001-iso-27002/
3 - It probably is required to have internal audit done against 2022 version before certification?
Answer: Your assumption is correct. You will need to perform an internal audit against the 2022 version before certification.
-
Free ISO 27001:2013 to 2022 Conversion Tool – find out what has changed
... rols:
• A.8.1.1 Inventory of assets, and
• A.8.1.2 Ownership of assets
... have merged into ISO 27001:2022 control:
• A.5.9 Inventory of information and other associated assets
This is an example right from the tool.
For further information about new controls introduced by ISO 27001:2022, please read:
- ISO 27001 2013 vs. 2022 revision – What has changed? https://advisera.com/27001academy/blog/2022/02/09/iso-27001-iso-27002/
-
BCM policy
... ... inuity Plan, and you can take a look at a demo of this document at this link: https://advisera.com/27001academy/documentation/business-continuity-plan/
This article will provide you with a further explanation of Disaster Recovery:Â
- Disaster recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
-
Offshore Requirements
I have some customer requirements that I want to ask if they are already included in my scope or not. One set calls out Offshore requirements. We are a virtual company and everyone works remotely. I didn't plan to separate offshore vs. domestic work. Is that typical? Please let me know if these requirements will be fulfilled: I think these would be, but I don't quite understand Incident Response vs. Incident Plan vs. Incident handling - aren't these all covered by the same Policies and Procedures and part of the overall plan? IR-1.1 Develop policies and procedures for Incident Response. IR-6.1 Report security incidents to appropriate personnel or government authorities in a timely manner. IR-8.1 Develop a comprehensive Incident Response Plan for the organization. IR-5.1 Implement mechanisms for tracking and documenting security incidents. IR-4.1 Develop an incident-handling process for the organization. Does this have to be separate? Offshore-48 Complete a security assessment of the organization's offshore location(s) and/or third party's offshore location(s) annually. Offshore-20 Requires antivirus software to be active and up to date on workstations.
-
HIPAA vs ISO
Hi! I have an app that is HIPAA compliant and hosted in the US. I would like to open it up to patients in Israel and am trying to figure out what it takes to become ISO certified and what part of that is already covered by HIPAA. It is a mental health app and we store personal data, although nothing about physical health. Thanks!
-
Equipment Qualification vs. Process Qualification and Process Validation
I am trying to get a better understanding about the guidance on Equipment Qualification vs. Process Qualification and Process Validation. Can you refer me to the sections of the standard that speak about those topics?
-
Required documents
... ontroller vs. processor – What are the differences?: https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
- A summary of 10 key GDPR requirements: https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
-
ISO 27001 and DORA EU
... or Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/
For courses related to these certifications, please see:
- ISO 27001:2013 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/
- ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/
-
Question about certification requirements
... onsultant vs. DIY approach https://info.advisera.com/27001academy/free-download/implementing-iso-27001-with-a-consultant-vs-diy-approach
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- Diagram of ISO 27001:2013 Implementation https://info.advisera.com/27001academy/free-download/diagram-of-iso-27001-implementation-process
- ISO 27001 Documentation Toolkit https://advisera.com/27001academy/iso-27001-documentation-toolkit/