Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Business impact analyses questionnaire
... Please note that for Business Impact Analysis you do not need to take into account risks, only the impact of the disruption over the processes. Risk identification (so you can identify the ones with the most chance to occur) can be performed either before or after BIA, but it is a completely different and independent process.
For further information, see:
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
-
ISO 27017 and ISO 27018
You need to confirm this information with your certification body, but if the ISO 27017 ISO 27018 controls were audited during your ISO 27001 certification audit this information can be included in your customer certificate.
These articles can provide further information:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
-
Is there a difference between ISO 27002 and Annex A?
... ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
This material can also provide additional information:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/ -
Question about Scope of Work
... sk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
These materials will also help you regarding risk management:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/
-
Help us understand each other better
... te>
Answer: Please note that breaking down the internal audit into sections is valid only after the certification audit (i.e., for surveillance audits). For the certification audit, you need to have performed an internal audit over all the ISMS scope.This article will provide you a further explanation about certification and surveillance audits:
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/ -
multi location vs BIA and RA performing
Hi, I would like to perform a BIA analysis based on the Advisera form. I have read your article - How to define activities when implementing business continuity according to ISO 22301. He's great and translates a lot. However, I have a problem with the approach to analysis in my case. The company has a department which comprises 40 locations. They carry out the same activities but independently. An average of 100-150 people in one location. 1. Should I analyze the entire department at once and sum up the effects of losses (qualitative and financial) from all 40 locations? 2. Should I choose the largest location and analyze only one? 3. Or maybe I should complete 40 questionnaires? I would like my approach to be in line with good business continuity practices. How to conduct a risk analysis in this case? I understand that I need to analyze the risks for 40 locations? -
Biggest challenge when seeking EU MDR compliance
... c: EU MDR vs. MDD – What has changed? https://advisera.com/13485academy/blog/2020/11/24/infographic-eu-mdr-vs-mdd-what-has-changed/
- 8-step transition process from MDD to MDR https://info.advisera.com/13485academy/free-download/8-step-transition-process-from-mdd-to-mdr/ There is some more guidance from the MDCG group regarding legacy devices:
- MDCG 2020-6 Regulation (EU) 2017/745: Clinical evidence needed for medical devices previously CE marked under Directives 93/42/EEC or 90/385/EEC https://ec.europa.eu/health/sites/default/files/md_sector/docs/md_mdcg_2020_6_guidance_sufficient_clinical_evidence_en.pdf
- MDCG 2019-5 Registration of legacy devices in EUDAMED https://ec.europa.eu/health/sites/default/files/md_sector/docs/md_mdcg_2019_5_legacy_devices_registration_eudamed_en.pdf
- EU MDR Article 10 – General obligations of the manufacturers https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/
- EU MDR Annex 2 – technical documentation https://advisera.com/13485academy/mdr/technical-documentation/
- EU MDR Annex 3 – Technical documentation for post-market surveillance https://advisera.com/13485academy/mdr/technical-documentation-on-post-market-surveillance/
- What are the EU MDR technical documentation structure and requirements you can find? https://advisera.com/13485academy/blog/2021/04/06/what-are-the-eu-mdr-technical-documentation-structure-and-requirements/
-
Toolkit question
... ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/ -
BIA and Risk Assessement
... ssessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/2 - Also as per you answer, should I perform RA only for the process which I have in BIA? If that’s the case, should I consider RA w.r.t People , process and technologies boundaries? or should I consider operational and business risks as well?
Thanks
Answer: In case your purpose is to ensure business continuity, considering the ISO 22301 standard, which provides requirements for business continuity management, then you should apply RA only for the process which you have in BIA (which are all the processes included in the Business Continuity Management System scope).
Regarding risk categories, ISO 22301 does not prescribe which ones to apply, so you can define the ones that better fit your needs.
To see how documents compliant with ISO 22301 BIA and RA looks like, please take a look at the free demos of these toolkits:
- ISO 22301 Business Impact Analysis Toolkit https://advisera.com/27001academy/iso22301-business-impact-analysis-documentation-toolkit/
- ISO 27001/ISO 22301 Risk Assessment Toolkit https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/ -
BIA or RA
... ssessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
For more information, see:
To help you in the preparation of the technical documentation, please read the following article:
These materials will also help you regarding risk assessment and BIA: