Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Guest
... ontroller vs. processor – What are the differences? : https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
... i>PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences https://advisera.com/27001academy/knowledgebase/pci-dss/
This material will also help you regarding ISO 27001 implementation:
This article from ISACA can provide you with a comparison between ISO 27001 and PCI DSS: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-1/comparison-of-pci-dss-and-isoiec-27001-standards
All accreditation bodies need to be compliant with ISO 17011, the standard which defines the process of accreditation, so there is no such thing as a lesser certification. It is more a question of market preference or legal requirement (e.g., a law, regulation, or contract may require a specific accreditation body).
For further information, see:
Extended üretim sahası kuralları için IATF Rules revizyon 5, Annex 4’ü gözden geçirmenizi tavsiye ederim.
Özellikle extended manufacturing site için; ‘’ özerk karar vermeme yetkisine sahip olmamak’’ önemlidir ve ana üretim sahasına bağlı olmalıdır.
Bir çok ana aktivite; üst yöntim, kalite yönetim, vb gibi konular; ana saha tarafından yürütülmelidir.
Hatta, extended manufacturing site’da; sadece üretim, kalite gibi operatörlerin olmasıda isteniyor olabilir.
Bunun haricinde belgelendirme şirketiniz ile de görüşmenizi tavsiye ederim.
... restart after we have resubmitted the evidence that proves we have corrected it.
The certification audit is not resumed after the nonconformity is corrected. The auditor will verify if the nonconformity is resolved (after the official part of the certification audit is completed) and the evidence is sent to him.
For further information, see:
The IT disaster recovery refers to point 4 – Redundancies, which is covered by controls A.17.1.2 - Implementing information security continuity, and A.17.2.1 - Availability of information processing facilities.
This article will provide you a further explanation about Disaster Recovery:
... support" vs "The operation of information systems that support"
Please note that when you refer to "The information systems that support", all personnel who interacts with the information systems needs to be included in the scope (e.g., IT personnel, users, customers, etc.).
When you refer to "The operation of information systems that support", you limit the personnel who interacts with the information systems to the people who keep them running, i.e., the IT staff.
Please note that accreditation applies only to organizations that want to become certification bodies, i.e., organizations that can certify other organizations against a standard, like ISO 9001.
So, the statement is incorrect, because in that context the business should become certified not accredited.
For further information, see: