Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
How to become ISO certified for myself
... >... popular ISO 27001 certificates are Lead Auditor and Lead Implementer - these articles will help you learn the details:
- How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
- Lead Auditor Course vs. Lead Implementer Course ÃÂ Which one to go for?ÃÂ https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/ -
Mandatory processes
... ISO 27001 vs. ISO 27002 (103): https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- MANDATORY DOCUMENTED PROCEDURES REQUIRED BY ISO 27001 (108): https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- How to maintain the ISMS after the certification (3): https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/ -
ISO 22301 Maintenance Audit requirements
In your first question I assume you refer to surveillance visits performed by certification bodies? They won't re-audit everything, just some areas of your BCMS they think are not developed enough. See also this article: Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
There is no special preparation for those surveillance visits, you just have to make sure you do everything you have written in your BCMS documentation. Here is one article that speaks about ISO 27001, but it is completely applicable to ISO 22301 as well: How to maintain the ISMS after the certification https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/
Regarding the internal audit, it doesn't really matter whether it is performed internally or by an external party as long as in this internal audit the auditor checks whether your company (1) complies with ISO 22301, and (2) complies all the policies, procedures and plans you have written in your BCMS. This article can help you: How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/ -
3rd party security policy vs. Information security policy for supplier relations
According to ISO 27K requirement (Information security policy for supplier relationship) may i know what is different between 3rd party security policy and Information security policy for supplier relationships? -
Is it an NC
... ... f training services has signed a contract with the customer where it has obliged to comply with certain requirement, then it must comply with it - otherwise this is a nonconformity.
The point is, a company must comply with all of these: ISO 27001 + laws & regulations + contractual obligations + its own policies and procedures.
This article can also help you: Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/ -
Context and scope of the ISMS / ISO 27001 v 2013
... .. n-iso-27001/
ÃÂHow to identify interested parties according to ISO 27001 and ISO 22301ÃÂ: https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
ÃÂRisk owners vs. asset owners in ISO 27001:2013ÃÂ: https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/ -
Access controlAlign IT services continuity with ISO 22301
We have received this question: "Access control - user vs technical? How do I distinguish the difference in ISO27002? This is regarding ISO27002 - section 9 Access control 9.2 vs 9.4" Answer : The rights are given to users (people) to access information (e.g. physical documents), applications, hardware and locations (buildings and rooms). The correct management of this aspect is covered by clause 9.2. Clause 9.4 covers how the access rights should be implemented in the technology to make sure the data on the computer systems (including mobile devices and telephony) are accessed according to the rules fixed by clause 9.2.Is ISO 27031 a good option to align IT services continuity (aka DRP) with ISO 22301 (BCMS)? -
Asset owner and risk owner - how exactly are the two differentiated?
... his direct boss - e.g. the Head of IT department; risk owners should be people who can resolve particular risks - e.g.:
risk of performing wrong activities because of non-existing rules - risk owner could be Head of IT department risk of performing wrong activities because of lack of training - risk owner could be Head of HR department
This article can also help you: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/ -
Question about ISO 27002
You don't have to use ISO 27002. ISO 27002 are only the guidelines that are not mandatory; you only have to comply with what is written in ISO 27001. You'll find a more detailed explanation here: ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/ -
Which assets to assess during the risk assessment
If all of these 500 applications are within the ISMS scope, they have to assess all of them. However, if you have similar applications then you do not have to perform risk assessment for each of them separately - you can treat all similar applications as a single asset during the risk assessment process.
See also these articles:
- ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
- How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/