Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Document control VS Document management
what is the difference between document control and document management?
-
Project Plan
... ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
- 3 strategic options to implement any ISO standard https://advisera.com/blog/2016/04/11/3-strategic-options-to-implement-any-iso-standard/
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
-
Major vs Minor nonconformity
Could you please let me know what is the difference between major and minor nonconformity?
Could you please provide any practice tests/incidences to rule out any nonconformity present in the scenario?
-
Business impact analysis
Please note that although connected, BIA and Risk Assessment are different processes, and this connection does not make obsolete ISO 22317:2015, which defines guidelines for business impact analysis. You can still use this standard to help develop a BIA approach.
This article will provide you a further explanation about BIA and risk assessment:
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
-
Gap analysis
... uires an overview of the situation, and the IT Risk Framework involves a deeper knowledge of risk management steps, the gap analysis would be easier to perform for a beginner.
This article will provide you a further explanation about the gap analysis and risk assessment (although the article is about ISO 27001 the concepts also apply to ISO 22301):
- ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
-
Surveillance audit
... ce visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
These materials will also help you regarding preparing for an audit:
- Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
-
Processes in Risk assessment vs. business impact analysis article
Regarding the Risk assessment vs. business impact analysis article, at https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/, what kind of processes do banks need to perform in 12 hours that would be unacceptable?
-
Number of controls for audit
... ce visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
Any thoughts or recommendations for how best to approach this would be helpful and appreciated!
The best way to approach this situation is to prepare a proper internal audit checklist for your internal audit (performing at least one internal audit is also mandatory for certification). This way you will have a good understanding of the status of your ISMS before the certification audit
This article will provide you a further explanation about internal audit:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course
-
ISO 17025 first steps
... 9001:2015 vs ISO 17025 at https://community.advisera.com/topic/iso-90012015-vs-iso-17025/ for further information on how ISO 9001 is integrated into ISO 17025 so the management requirements do not need to be re-addressed separately within ISO 17025.
Also have a look at the article ISO 17025 vs. ISO 9001 – Main differences and similarities for some more information, available at https://advisera.com/17025academy/blog/2019/07/11/iso-17025-vs-iso-9001-main-differences-and-similarities//
-
Audit checklist
... ce visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
This material will also help you regarding audits:
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
2. I am also confused about Business Continuity. Does that need to be in or not? You have taken it out in the demo.
Business continuity is not necessary to be implemented if you want to be certified only against ISO 27001, so you can delete from the Project Plan elements related to ISO 22301.
What happens with the Project Plan template is that it was designed to be used to implement both standards, and can be customized to fulfill customer's needs. In the comments included in the template you can find which text must be excluded or adjusted if you are going to implement only ISO 27001.
3. There is no section in the Project Plan for training. Should this not be part of the Project Plan?
Training as a deliverable is defined in section 3.2 (Project results) in the form of the "Training and Awareness Plan", which defines how employees will be trained to execute planned tasks, and how they will be made aware of the importance of information security.
Training for the project team can be defined in section 3.5 (Main project risks) as a treatment in case you have a risk related to untrained personnel in the project team.
For further information, see:
4. Should there not be a section on the test audit date as well?
Please note that there is no "test audit" concept in ISO 27001. What you need to perform is a full internal audit on all mandatory requirements and in all applicable controls, and the definition of audit dates will be covered when filling in the "Procedure for Internal Audit" and its support Annex "Annual Internal Audit Program".
For further information, see:
These materials can also help you regarding internal audit:
5. It seems like the Project Plan is just about completing the documents and nothing else.
First is important to note that this is a common misunderstanding.
Please note that at this stage of the project, without the definition of the ISMS scope and policy, and the definition of the controls to be implemented, there are not many things to do than completing the documents, but once you have the Statement of Applicability and the Risk Treatment Plan you will have a greater level of detail on what needs to be implemented in terms of processes and technologies.
To have a detailed idea of activities involved in the implementation, I suggest you take a look at this free downloadable material: Project checklist for ISO 27001 implementation (MS Word) https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation
This checklist can help you keep track of all steps during the ISO 27001 implementation project, starting with obtaining management support all the way through to certification audit.