Search results for "iso17025 vs gmp"

Integration ISO 13485 & ISO 9001

... ISO 9001 toolkit, you do not maybe need to buy the whole toolkit, only some documents according to which ISO 9001 differs from ISO 13485.

Here you can find an article regarding similarities and differences between ISO 9001 and ISO1 3485:

• Similarities and differences between ISO 9001:2015 and ISO 13485:2016 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/

Questions about scope, requirements and controls

... of Assets vs All 114 controls, it is not required. Is this correct?

Thank you very much in advance 

Your assumption is right. ISO 27001 does not require a list of Assets vs. Annex A controls. As you already perceived, this approach only creates a lot of data that won’t be very useful.

The standard’s approach for the application of controls is based on the identification of applicable legal requirements and mitigation of relevant risks. This way you keep your information at a minimum, i.e., only the basic information about assets (in the inventory of assets document), the assessed risks (in the risk assessment table), and the treated risks (in the risk assessment table).

By the way, included in your toolkit you have access to a video tutorial that can help you fill in the risk assessment and risk treatment table.

This article will provide you a further explanation about risk assessment and risk treatment:

• ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

These materials will also help you regarding assets, risk assessment, and risk treatment:

• Asset List for ISO 27001 Risk Assessment (MS Word) https://info.advisera.com/27001academy/free-download/asset-list-for-iso-27001-risk-assessment/
• Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
• Checklist of cyber threats & safeguards when working from home (PDF) https://info.advisera.com/27001academy/free-download/checklist-of-cyber-threats-and-safeguards-when-working-from-home
• Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Risk assessment

... that risk assessment should cover all business processes / activities involved in the business continuity management system?

Your understanding is correct. The risk assessment must be applied to all elements defined in the BCMS scope.

These articles will provide you a further explanation about risk assessment in business continuity:

• Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/

Setting corporate objectives and target for a large organization which has several departments

... rtunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/

Certification maintenance

... ce visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- How to maintain the ISMS after the certification https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/

how to get iso27001 certification if I have soc2 certification already?

... iso-27001-vs-soc-2/" class="content-link Link" target="_blank">https://advisera.com/27001academy/blog/21/02/02/iso-27001-vs-soc-2/

These materials will also help you regarding ISO 27001:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Assistance with the toolkit

... 4/13/gdpr-vs-ccpa-what-are-the-main-differences/" target="_blank" >https://advisera.com/eugdpracademy/blog/2020/04/13/gdpr-vs-ccpa-what-are-the-main-differences/

Instead of having a dedicated page to the Cookie Policy and linking to it from the Privacy Policy, can I just include it in the Privacy Policy?

Yes, you may insert a section of cookies in your privacy notice, especially if you installed technical and statistical cookies. You should list all of them, describe their functionality and give the data retention period.

Once ready, can I simply link to my website Privacy Policy from a Google survey I have created, rather than writing a new, specific Privacy Policy for that purpose?
Similarly, should I place this link in all the emails I send to my leads and clients?

Privacy policy and Privacy notice are different things. While the privacy policy is a document that explains how your company processes all data of your organization giving rules to your staff, the privacy notice aim is to inform data subjects about data processing.

From your question I understand that you are referring to the privacy notice being published on your website and not to the privacy police. There are no specific requirements for publishing the privacy notice, however, I would publish it on the website and make it as clear and simple as possible. Your users should not be forced to go outside your website, to a third-party website (Google) in order to read your privacy notice, because more and different data might be processed (i.e. Cookies on Google survey might be different than yours).  ¸

In the Privacy Policy side notes you wrote: "If you do not have a Data Protection Officer, you can specify another person who is in charge of personal data protection." Since I am self-employed (not a company), so I am on my own and using my name there, too, would not look very professional, would it be fine if instead of writing my name there I just use the more generic "us"? The context makes the visitor understand that "us" refers to the name+surname written at the beginning of the Privacy Policy. Similarly at 1c: "You can contact us" instead of "You can contact our Data Protection Officer".

Yes, you don’t need a Data Protection Officer for a small website.

Under section 2 (Processing of Personal Data during Your Use of Our Website), could you please explain the following terms in simple words?
- access control
- segregation of duties
- internal audit
Also, is encryption to be listed here if I only have a SSL certificate? (I do not know whether there are other ways to do encryption.

These are security measures that apply to larger organizations.
Access control means if there is any control on access (password management, control of access in the company premises, video surveillance). Clearly, it does not apply to your situation.

However, if you want to know more about implementing access control, you can find more information in this article

How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
 
Segregation of duties means if there is any policy that avoids mixing different data processing. If you are a software company you should avoid mixing data of different clients. For example, you should not mix data of newsletter subscribers with data of clients who did not give you consent for the newsletter.

Here you can find more information about segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/
 
Internal audits are procedures inside companies to verify if everything is compliant with GDPR requirements.

Here you can find more information about how to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
 

What should I write in "Confidentiality level" at the top right corner of the Privacy Policy?
And am I supposed to keep the footer, including the version number of the privacy policy and the license agreement for the template?

This template is usually stored inside a folder as a model to be used by a company. Companies generally keep and classify models and template of documents (contracts, letters, policies, etc.) with internal classification. The template is usually classified as internal use because the public version that will be published will have the same company layout (so the template file is not published, just a copy-paste of the content which is adapted to the brand identity with fonts, colors, layout of the company). 

Together with the link for the toolkit you have received access to video tutorials which show you how to fill out the documents.
 

7) I have Wordpress. Can you confirm that it is GDPR compliant? And, if so, is there a way to know which cookies WordPress sets without plugins installed?
I have read that it sets cookies to allow visitors comments, posts and for admins; should I mention them in the cookie policy, and how to find all information about them?

You can see cookies in the locket near the address bar of your browser. You can find information by just pasting their name on google. There are some services on the web like cookie bot that may help you.

Application like WordPress itself is not enough to be compliant with the GDPR - you need to set processes and responsibilities in order to be fully GDPR compliant. To see how the whole process looks like, see this article: 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/
 

Considering that my Wordpress website does not allow comments and posts, and that the users have not to login to visit it, which cookies should I list in my cookie policy of those set by Wordpress?

They all are listed under "WordPress Users Cookie" and "WordPress Commenters Cookie" at https://www.cookielawinfo.com/wordpress-cookies-list-why-they-are-used/

Some cookies may be also installed by plugin or third-parties addons like Google Analytics, or Social Media integrations, so you will need to list and verify all the cookies that have been installed in your website.

Here you may find more information about the privacy notice:
Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
If you want to know more about the EU GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Conformio and ISMS

... ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

Implementation of GDPR & ISO 27001

... ISO 27001 and ISO 20000:

• How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
• ISO 27001 vs. ISO 20000 matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix