Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Guest
For a company that has subsidiaries with different processing, is it ideal for them to have a general privacy policy or notice or entity-specific ones?
... ut selecting a certification body:
Yes, you can. This applies mostly to, for example, forms and procedures for internal audit, corrective measures, and non-compliant products.
On the following link you can find the article that compares ISO 9001 and ISO 13485:
... ... ses were not eliminated). In case they are solved as planned and there are no recurrences they will not mean a problem in the external audit. Â
Please note that ISO 27001 does not require non-conformities in internal audits to be classified. Normally non-conformities are classified during surveillance/certification audits.
For further information, see:
... ve-action-vs-preventive-action/" class="content-link Link" rel="nofollow ugc">https://advisera.com/articles/complete-guide-to-corrective-action-vs-preventive-action/ ion/
... e 26 GDPR – Joint controllers: https://advisera.com/eugdpracademy/gdpr/joint-controllers/
...
These materials will also help you regarding internal audit:
... ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
... ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/