Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Nonconformance vs Nonconformity
What is different between Nonconformance (8.7) vs Nonconformity (10.2)? Why did ISO separate 2 item in 2 differ clauses? During audit, how can you decide which is Nonconformance or Nonconformity? -
Questions for GDPR
... ontroller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
3 steps for data transfers according to GDPR https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
If you need to understand how to implement EU GDPR compliance, you may consider enrolling in our EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/ -
ISO27001 Lead Implementer Training
... or Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/
2 - Also, having passed the exam can you state you are an "ISO27001 Lead Implementer" or do you need to demonstrate some level of practice in the industry (in the same way as the CISSP and CISM qualifications) to an overarching body?
I’m assuming that by overarching body you mean “certification body”, or a similar organization that is responsible for issuing the certification (like ISC2 for CISSP and ISACA for CISM).
Considering that, depending on the organization that is responsible for the exam, there may be other requirements to fulfill to be allowed to use the title "ISO27001 Lead Implementer". To know the specific detail you need to contact directly the exam provider.
For Advisera's ISO 27001 Lead Implementer Course, there are no additional requirements but attending the workshop and passing the exam.
-
Disaster Recovery Plan
... recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
2 - I suppose our Head Software Developer who also is in charge of Server Maintenance, would that be the person to document these steps. As it is much more complex than just “copy-paste install backup.
The person to be involved in the development of a Disaster Recovery Plan will depend on the defined disruptive scenario.
For example, if the disruptive scenario involves only the loss of a server, then your Head Software Developer will be the person to be responsible for the plan. On the other hand, if the disaster involves not only the loss of the server, but also the loss of the server room, or an entire building, then you will need to involve more people, like the facility manager.
This article will provide you with further explanation about developing a plan:
- Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/
These materials will also help you regarding developing a plan:
- Writing a business continuity plan according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/27001academy/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
-
ISO 27001 implementation
... ... ticle will provide you a further explanation:
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003 https://advisera.com/27001academy/blog/2016/09/05/incidents-in-iso22301-vs-iso27001-vs-iso-20000-vs-iso28003/Â
-
Application of GDPR to emailed CVs
Good day, I completed the online GDPR course last year but still have to do my exam. As the Office Manager of a biopharmaceutical company, I receive multiple CVs from jobseekers on a weekly basis. There is no ongoing or active recruitment process. These jobseekers just take a chance and send their CVs looking for a job. What is my obligation as the DPO of this company? What do I need to do with these CVs so that we remain compliant with GDPR? Any advice would be much appreciated. -
Implementing the ISO 9001 standard for an Information Technology company
... 00-1:2011 vs. ISO 9001:2015 matrix”
- https://info.advisera.com/20000academy/free-download/iso-iec-20000-1-2011-vs-iso-9001-2015-matrix?_gl=1*ud8gcr*_ga*MTI5NjM5NjM3LjE2MjcyOTkzOTY.*_ga_4P5GYSBRB2*MTYzMTAwMDYyNi4zMS4xLjE2MzEwMDIwNTQuNjA. This document is being updated according to ISO/IEC 20000-1:2018While considering the use of ISO 9001 for software development activities, consider this support ISO/IEC/IEEE 90003:2018 - Software engineering — Guidelines for the application of ISO 9001:2015 to computer software - https://www.iso.org/standard/74348.html
- For more information about exclusion, the right ISO wording is applicability, consider the following:
- Case study: Design and development in the software industry - https://advisera.com/9001academy/blog/2017/02/08/case-study-design-and-development-in-the-software-industry/
- What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/
- Free webinar on-demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar/
- Enroll for a free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
ISO 27001 Lead Auditor exam - Doubts regarding a question
... sk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
2 - Second one is regarding "justification" of adding particular control to SoA. I do not entirely understood how to read "justification" in this question?
Could you please explain it to me?
For SoA, “justification” is the reason for which a control is deemed applicable. The whole concept of ISO 27001 is that you only need to apply a control if you have a reason (i.e., a justification) for that. This ensures that you do not expend unnecessary resources and that all your requirements are properly covered.
For example, if you implement a cryptographic technology and you do not have a relevant risk to justify the implementation of control A.10.1.1 (Policy on the use of cryptographic controls), then you are expending resources unnecessarily (in an ISO 27001 point of view).
On the other hand, if you do not have relevant risks to justify the implementation of control A.10.1.1, but you have a contractual clause with a client stipulating the use of cryptography, then you need to include reference to this contractual clause to justify the use of the control.
-
ISO 22301 toolkit - disaster recovery plan
... recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
Question #2
Is chapter four of the business continuity recovery plan template sufficient against standard clause 8.4.5? Or should I supplement my recovery plans with additional steps?
I’m assuming you are referring to the Disaster Recovery Plan template.
In this case, the information to be included in the template is sufficient to be compliant with ISO 22301 clause 8.4.5.
For further information, see:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/27001academy/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/