Search results for "iso17025 vs gmp"

Implementation controls

... hich provides guidance for the implementation of controls requirements defined in ISO 27001 Annex A.

Considering that, please note that ISO 27002 is not mandatory to implement ISO 27001. ISO 27002 is usually used by consultants who want to learn more about the standard.

This article will provide you with a further explanation of ISO 27001 and ISO 27002:

• ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

Data controllers

... ontroller vs. processor – What are the differences? : https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

ISO 27001 Integration

... i>PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences https://advisera.com/27001academy/knowledgebase/pci-dss/

UKAS Accreditation

All accreditation bodies need to be compliant with ISO 17011, the standard which defines the process of accreditation, so there is no such thing as a lesser certification. It is more a question of market preference or legal requirement (e.g., a law, regulation, or contract may require a specific accreditation body).  

For further information, see:

• Accreditation vs. certification vs. registration in the ISO world https://advisera.com/blog/2016/02/29/accreditation-vs-certification-vs-registration-in-the-iso-world/

Questions around templates - policies vs procedures

1. From your templates it seems like policies and procedures could be the same thing, since we don't need a change management policy if we include this as a procedure in the document Security Procedures for IT department?
2. Is it okay to only have procedures or policies for certain controls?

Extended Manufacturing Site

Extended üretim sahası kuralları için IATF Rules revizyon 5, Annex 4’ü gözden geçirmenizi tavsiye ederim. 

Özellikle extended manufacturing site için; ‘’ özerk karar vermeme yetkisine sahip olmamak’’ önemlidir ve ana üretim sahasına bağlı olmalıdır. 

Bir çok ana aktivite; üst yöntim, kalite yönetim, vb gibi konular; ana saha tarafından yürütülmelidir.  

Hatta, extended manufacturing site’da; sadece üretim, kalite gibi operatörlerin olmasıda isteniyor olabilir. 

Bunun haricinde belgelendirme şirketiniz ile de görüşmenizi tavsiye ederim. 

Advise on Project timelines for ISO 27001 Certification

... restart after we have resubmitted the evidence that proves we have corrected it.

The certification audit is not resumed after the nonconformity is corrected. The auditor will verify if the nonconformity is resolved (after the official part of the certification audit is completed) and the evidence is sent to him.

For further information, see:

• Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/

Video of A17 (ISO 27001 lead implementer course)

The IT disaster recovery refers to point 4 – Redundancies, which is covered by controls A.17.1.2 - Implementing information security continuity, and A.17.2.1 - Availability of information processing facilities.

This article will provide you a further explanation about Disaster Recovery:

• Disaster recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/

NIST 800-53 vs ISO 27001

Questions about Stage 1, and Scope

... support" vs "The operation of information systems that support"

Please note that when you refer to "The information systems that support", all personnel who interacts with the information systems needs to be included in the scope (e.g., IT personnel, users, customers, etc.).

When you refer to "The operation of information systems that support", you limit the personnel who interacts with the information systems to the people who keep them running, i.e., the IT staff.