Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk owner
... sk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
2. With regards to the risk categories, do you know which one a power surge or a loss of power would fall under?
Considering common definitions used for STEEPCOIL: the most adequate category for power surge and loss of power would be organizational risks because it covers risks related to structure and ownership assets responsible for the establishment and operation of a process facility (e.g., a power plant, or electricity company).
-
Appendix_1_Risk_Assessment_Table - vs. - A.8.1_Inventory_of_Assets
I have a question regarding asset list/inventory. We are creating the list of assets for the Risk Assessment and Risk Treatment process. Once that list is complete and we come up with threats and vulnerabilities for each, is there any need for a separate list of assets as in A.8.1 Inventory of Assets?
I know that you have stated that "assets are not only the information in electronic and paper form, but also software, hardware, services, people, facilities, and everything else that provides value to an organization.", so I have a question on that as well:
Our company is using a consulting group that has an online tool for managing all records and policies, but it seems to define assets stictly as devices. Also, risks are listed separately and are linked only to "category type" not to a specific detail asset. -
GDPR in software development and blockchain
We are developing a mobile app where we scan documents, ask for data in forms and use blockchain.
We want to make sure we comply with GDPR. Especially around:
-data retention, is hashing data enough?
-anonymized vs pseudonymized. Are we understanding it correctly?
-data access by personell. Is it ok that developers and database admin can see some of the data
-how to know when data is misused, mis-accessed, or breached
-are we a data processor or controller? -
ISO 14001 individual vs consultant implementation
Can I do iso 14001:2015 myself or I need any consultant?
-
ISO 20000 vs ISO 9001
We have 2 certifications: ISO 9001:2015 and ISO 20000. One of my auditors said we may use ISO 9001:2015 that covers all processes in ITIL also, can you help us with that? I mean, is it similar, what should we do? -
ISO 27017 certification process
... ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
My second question is : Can a company say that it is certified for the information security management for the cloud computing services just with the ISO 27001/27002?
ISO 27001 has enough security controls to allow an organization to be certified considering cloud computing services in its ISMS scope. You only would need to include controls from ISO 27017 if your organization has specific requirements demanding the implementation of ISO 27017 controls (e.g., laws, regulations or contracts).
This article will provide you further explanation about ISMS scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
-
Correction vs corrective action
How to identify the difference between correction and corrective in nonconformity?
-
Encrypting customer data
... ontroller vs. processor – What are the differences?: https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/The obligations of controllers towards Data Protection Authorities according to GDPR: https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/How cybersecurity solutions can help with GDPR compliance: https://advisera.com/eugdpracademy/blog/2017/11/27/how-cybersecurity-solutions-can-help-with-gdpr-compliance/
You can also find some useful information in our free online GDPR Foundation Course: https://advisera.com/training/eu-gdpr-foundations-course//
-
Quality Manual vs. QMS Document vs. Quality Plan
Looking for clarification of similarities and differences between "Quality Manual" vs. "QMS Document" vs. "Quality Plan" -
Ilac compatibility to previous versions and ISO 17025
... for accreditation bodies, produce guidance documents for assessors, regulators, laboratories and customers on the interpretation of accreditation criteria. As the 2017 edition of ISO/IEC 17025 requires decision rules to be agreed on, when a laboratory issues statements of conformity to specifications or standards; ILAC G8 was revised extensively.
The article ISO/IEC 17025:2005 vs. ISO/IEC 17025:2017 revision: What has changed?, may be of interest. Â Available at https://advisera.com/17025academy/blog/2019/11/13/iso-17025-2017-vs-iso-17025-2005-key-changes-infographic/