Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Overlapping between ISO 27001 and ISO 9001
Since 2012 all ISO management systems have a similar framework, so integrating them is a lot easier today.
You can find a comparison between ISO 27001 and ISO 9001 in this material:
- ISO 27001 vs. ISO 9001 matrix (PDF) https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix
The matrix shows relationships between clauses of ISO 27001 and ISO 9001 and gives an overview of common requirements of these two standards with tips on how to fulfill them with as little documentation as possible.
Regarding which one adds more value, ISO 9001 or SOC2, you have to evaluate which objective your organization wants to achieve, legal requirements (e.g., laws, regulations, and contracts) you must comply with, and which framework will bring them more clients.
This article will provide you further explanation about integrating management systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/
-
ISO 9001 procedures for forwarding and organizational context
... 5 process vs. procedure – Some practical examples - https://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/
- How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/
- Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
-
Questions about ISO 27001
... ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
3. if I wrote the access control policy and my scope is cloud and applications running on the cloud, and there is point in the policy applicable to some of the applications but not applicable to the rest should I add a justification for this?
Please note that the risk assessment results will provide the necessary justification for applying an access control policy to some applications and not for others (i.e., risks for some applications are deemed unacceptable and will be treated by means of an access control policy, while other applications will not have risks requiring the application of this control).
For further information, see:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
4. how can I identify controls and consequences in Risk identification?
Please note that controls are identified during risk treatment after you have identified the risks.
Regarding the identification of consequences, when using the asset-threat-vulnerability approach, you should consider the participation of personnel with knowledge on the asset, in the environment where it operates, and which depends on the asset. These are the most capable people to identify what can happen if the asset is compromised.
For further information, see:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
These materials will also help you regarding risk assessment and risk treatment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
-
GDPR Articles for the recruitment
... ep data (CVs, and other personal information) from candidates and keep track of consent giving the chance to candidates to modify the provided data.
You can find more information in this article:
- How the GDPR could impact your HR department: https://advisera.com/eugdpracademy/blog/2018/02/22/how-the-gdpr-could-impact-your-hr-department/
- Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
You can also find some useful information in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//
Here you can find our template of Employee data protection policy: https://advisera.com/eugdpracademy/documentation/employee-personal-data-protection-policy/
-
Risks and opportunities in ISO 14001
... rtunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/- Article - Risks and opportunities in ISO 14001:2015 – What they are and why they are importante - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
Environmental Management System Representative vs Internal Auditor
Can EMS Representative and Internal Auditor can be same person in a small size organization?
-
Business Continuity Plan for ISO 27001
... rom ISO 27001 Annex A) are related to ensuring the availability of information and information systems during either crisis or disaster situations, so a full Business Continuity Plan is not mandatory for this standard, and you will only need the DRP template included in your toolkit.
This article will provide you a further explanation about DRP and BCP:
- Disaster recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/
-
Data Processing Agreement
... ontroller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
- Article 28 – Processor: https://advisera.com/eugdpracademy/gdpr/processor/
- Supplier Data Processing Agreement: https://advisera.com/eugdpracademy/documentation/supplier-data-processing-agreement/
-
Machine vs process validation
I need to know the difference between machine validation and process validation. What kind of document do we need to maintain for the same?
-
Implementing 17025 from 9001
... ISO 17025 vs. ISO 9001 – Main differences and similarities https://advisera.com/17025academy/blog/2019/07/11/iso-17025-vs-iso-9001-main-differences-and-similarities//
List of mandatory documents required by ISO 17025:2017 https://advisera.com/17025academy/blog/2019/08/30/list-of-mandatory-documents-required-by-iso-170252017/
You can also download for free, the useful Diagram of ISO 17025 Implementation Process https://info.advisera.com/17025academy/free-download/diagram-of-iso-17025-implementation-process