Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Different Audits in ISO 14001
... on audits vs surveillance audits in ISO 14001: https://advisera.com/14001academy/blog/2016/07/11/certification-audits-vs-surveillance-audits-in-iso-14001/
- Article - 5 Tips to help you prepare for your ISO 14001 surveillance audit: https://advisera.com/14001academy/blog/2015/11/23/5-tips-to-help-you-prepare-for-your-iso-14001-surveillance-audit/
- Article - ISO 14001 certification: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/iso-14001-certification/
- Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- ISO 14001 Lead Implementer Course: https://advisera.com/training/iso-14001-lead-implementer-course/ -
Controlled vs. uncontrolled copies of IMS documents
If any of our interested parties asks for our IMS manuals/documents should we provide a controlled copy or uncontrolled copy? -
Risk assessment and information security audit
... ssessment vs. internal audit in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/12/08/risk-assessment-vs-internal-audit-in-iso-27001-and-iso-22301/
2. What are an advantage and a disadvantage of an external as compared to an internal audit?
Answer: Second party audits (audits performed by ext ernal personnel with non certification purposes) can bring more expertise and unbiased view for the audit process than internal audits, but on the other hand they are more expensive and the lack of internal specific knowledge may let the external auditors miss situations that are clear for internal auditors.
Third party audits (audits performed by certification bodies with certification purposes) can bring independent and word wide recognized confidence that organization fulfils the standard requirements (through certification issuing), which internal audits cannot provide, but it involves costs for certification maintenance.
These articles will provide you further explanation about types of audits:
- First-, Second- & Third-Party Audits, what are the differences? https://advisera.com/9001academy/blog/2015/02/24/first-second-third-party-audits-differences/
- Dilemmas with ISO 27001 & BS 25999-2 internal auditors https://advisera.com/27001academy/blog/2010/03/22/dilemmas-with-iso-27001-bs-25999-2-internal-auditors/ -
Corrección vs. Acción Correctiva
¿Toda no conformidad detectada en auditorías internas o externas, deben NECESARIAMENTE aplicarse ACCIONES CORRECTIVAS?, aún si con las correcciones fueron suficientes o eficaces. -
AS9100 vs AS9110 requirements
I had flown a requirement for AS9110 to one of our potential suppliers. He phoned me and told me that his AS9100 would satisfy the requirement (per his third party auditor). The supplier was NOT the Original Equipment manufacturer. Can an AS9100 be used in lieu of an AS9110 for a NON-OEM Repair? -
Risk assessment
... sk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
2. Do I have to include also the private phones of our employees (their mailbox is configured on it and an app for 2 factor authentication)
Answer: If the organization does allow employees to use their own devices to access information included in the ISMS scope, then these personal devices should be included in the risk assessment.
For more information, see: How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advi sera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
3. Do I have to include also the private PC of laptop that they use at home to connect via VPN to an online workplace where the can work from home?
Answer: Like the previous answer, if the organization does allow employees to use their own devices to access information included in the ISMS scope, then these personal devices should be included in the risk assessment.
For more information, see:How to apply information security controls in teleworking according to ISO 27001 https://advisera.com/27001academy/blog/2021/10/27/how-to-use-iso-27001-to-secure-data-when-working-remotely/ -
Becoming auditors
... nswer:
For an organization to become able to audit ISO standards it has to be compliant with ISO 17021 (the standard for organizations which want to get accredited for certifying management systems) recognized by the accreditation body of the country in which it wants to work
This article will provide you further explanation about accreditation:
- Accreditation vs. certification vs. registration in the ISO world https://advisera.com/articles/accreditation-vs-certification-vs-registration-in-the-iso-world/ -
Frequency for surveillance audits
I was going through this post - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/ Question I have is - What is the recommended frequency for surveillance audits for ISO 27001 - I know the certificate is valid for 3 years....Also, if this needs to be done annually, in year 3 do we need to do both survelliance audit and recertification audit? or one of them only needs to be done. -
Standards correlation
Answer:
Regarding the standards you've mentioned, we have available the following matrices as free downloadable material:
- ISO 27001 vs. ISO 22301 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-22301-matrix
- ISO 27001 vs. ISO 20000 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix
- ISO 27001 vs. ISO 9001 matrix https://info.advisera.com/9001academy/free-download/iso-9001-vs-iso-27001-matrix
- ISO 14001:2015 vs. ISO 9001:2015 matrix https://info.advisera.com/14001academy/free-download/iso-4001-2015-vs-iso-9001-2015-matrix -
Relationship between ISO 20000 and ISO 270011
I suggest you to take a look a these materials: - ISO 27001 vs. ISO 20000 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix - How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/ - How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/