Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Maintenance of records
We received this question:
Recorded Sessions from CCTVs, how long are they required to be kept for? How far back are they to be backed up for ISO 27001, ISO 22301 and PCI all respectively please? -
Internal audit results
... > - Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
These materials will also help you regarding non conformities:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 INTERNAL AUDITOR COURSE https://advisera.com/training/iso-27001-internal-auditor-course/ -
Information security resources
... p>... nt, audit, etc.)
These articles will help also you with queries:
- How to learn about ISO 27001 and BS 25999-2 https://advisera.com/27001academy/blog/2010/11/30/how-to-learn-about-iso-27001-and-bs-25999-2/
- Lead Auditor Course vs. Lead Implementer Course â Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/ -
Supporting services
... p>... are provided by the same (part of the ) organization as customer facing services, then there is no point in looking for the customer of the supporting services.
But, if supporting services are provided by external organization or some other department inside the same organization - then there is a customer of the supporting services.
Read the article "
ITIL Customer-facing vs. supporting services" https://advisera.com/20000academy/blog/2014/05/27/itil-customer-facing-vs-supporting-services/ to learn more. -
ISO 27017 controls
For explanations about some ISO 27017 controls I suggest you these articles:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- Resolving cloud security concerns by defining clear responsibilities according to ISO 27017 https://advisera.com/27001academy/blog/2016/08/23/resolving-cloud-security-concerns-by-defining-clear-responsibilities-according-to-iso-27017/
- Network segregation in cloud environments according to ISO 27017 https://advisera.com/27001academy/blog/2016/09/26/network-segregation-in-cloud-environments-according-to-iso-27017/
- How to use ISO 27017 to manage legal risks related to geographical location https://advisera.com/27001academy/blog/2016/09/19/how-to-use-iso27017-to-manage-legal-risks-related-to-geographical-location/ -
Challenges on risk assessment and treatment
... alitative vs. quantitative risk assessments in information security: Differences and similarities https ://advisera.com/27001academy/blog/2017/03/06/qualitative-vs-quantitative-risk-assessments-in-information-security/
2. How to write the findings and recommendations in the assessment report with the overall risk rating and security ranking?
Answer: ISO 27001 does not require the findings of the assessment report to be linked directly with overall risk rating and security ranking (in fact include this correlation would result in a report excessively complex with little added value).
Regarding recommendations, for each finding the consultant should provide at least one or two recommendations on how to handle the situation (e.g., controls to minimize probability and/or impact of a risk occurring)
3. Kindly do let me know how to update the overall score and risk rating (Highlighted in Red box)
Answer: If by the the overall score and risk rating you mean the level of risk associated to the findings identified in the assessment, then the way to improve the score and the rating is to introduce controls which will decrease the risk, by handling the findings. -
ISO 27001 implementation
... onsultant vs. DIY approach https://info.advisera.com/27001academy/free-download/implementing-iso-27001-with-a-consultant-vs-diy-approach
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Integrating ISO 20000 and ISO 27001
... ... O 27001 and ISO 20000 integration:
- How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
- ISO 27001 vs. ISO 20000 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix -
VAPT, cybersecurity and ISO 27001
... ISO 27001 vs. ISO 27032 cybersecurity standard https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/
These articles will provide you further explanation about ISO 27001 controls:
- The basic logic of ISO 27001: How does in formation security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/ -
ISMS implementation
... onsultant vs. DIY approach https://info.advisera.com/27001academy/free-download/implementing-iso-27001-with-a-consultant-vs-diy-approach
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/Which department to select?
The departments or organizational units to be included in such a project will depend on the information to be protected and the business objectives, so there is no definitive answer to this question.
These articles will provide you further explanation about ISMS scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/