Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results for "iso17025 vs gmp"
1219 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Lead auditor and lead implementer
... or Course vs. Lead Implementer Course â Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/
This material will also help you regarding ISO 27001 personnel certifications:
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/ -
Root cause analysis in AS9100D
... ... s, but you can then determine if you need to take action to eliminate the cause of the nonconformity. Again, if your customer is requiring you to perform full root cause analysis on a problem you will not have a choice.
For more information on the corrective action process in AS9100 Rev D see this article: https://advisera.com/9100academy/knowledgebase/corrective-actions-vs-continual-improvement-in-as9100/ -
Controller vs processor
My company has insurance coverage of our employees (Health insurance). I am wondering if the insurance company is to be considered a controller or processor? -
Setting up a network
... ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
Technically speaking, you should consider:
- Identification of which traffic must come in and out of this network, so you can configure the rules for the security pe rimeter (e.g., through an outbound firewall)
- Identification of which traffic should flow inside the network, so you can configure how the elements should be segregated (e.g., to segregate networks accessed by visitors, by embassy's employees in general, and by embassy's high staff).
- In case of use of wireless networks, what would be the rules for use and access.
These articles will provide you further explanation about ISO 27001 and network security:
- How to manage the security of network services according to ISO 27001 A.13.1.2 https://advisera.com/27001academy/blog/2017/02/13/how-to-manage-the-security-of-network-services-according-to-iso-27001-a-13-1-2/
- How to manage network security according to ISO 27001 A.13.1 https://advisera.com/27001academy/blog/2016/06/27/how-to-manage-network-security-according-to-iso-27001-a-13-1/
- Requirements to implement network segregation according to ISO 27001 control A.13.1.3 https://advisera.com/27001academy/blog/2015/11/02/requirements-to-implement-network-segregation-according-to-iso-27001-control-a-13-1-3/ -
List of evidences / artefacts
... analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
- Risk assessment vs. internal audit in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/12/08/risk-assessment-vs-internal-audit-in-iso-27001-and-iso-22301/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/ -
ISO 9001 Use of Quality Tools
... /iso-9001-vs-six-sigma-how-they-compare-and-how-they-are-different/" class="content-link Link" target="_blank">https://advisera.com/9001academy/knowledgebase/iso-9001-vs-six-sigma-how-they-compare-and-how-they-are-different/ and https://advisera.com/9001academy/blog/2014/07/22/iso-9001-vs-lean-compare-different-2/
-
interested parties
Dear ccruz, thank you *very* much for your extensive reply and pointing to the “who influences”. This gives me the criterion to decide which interested parties to consider. Thank you.
In formulating my question about internal vs. external “influencers” I was looking for defining the intern part of the question. Most people understand the internal interested parties as those within the organization. In one case, I have seen considering the suppliers, the organization and the customers as the internal interested parties. I found this last a quite interesting approach, that is based, I suppose, on the criterion “who can be controlled”.
In my field (development aid), SWOT is often a requirement from the customer and as such is well known from the technical staff, hence difficult to be avoided. IF SWOT is well known, very few knows the prerequisite to get the content of the SWOT matrix but only once I have seen an extended matrix, that induces me to think that there is methodology to draw deduction from the matrix. Does someone point me to a detailed explanation on how to use a swot matrix?
Have a nice day! -
Data processor
... . a protection impact assessmentâ folder as well. The rest of the documents can be used by both controllers and processors alike.
However, if you are a company established in the EU and have employees that makes you a controller in terms of the data of your employees.
To find out more about controllers and processors you can check out our article âÂÂEU GDPR controller vs. processor â What are the differences?â https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/ -
Standard for BCM
... ISO 22301 vs. ISO 22313 https://advisera.com/27001academy/blog/2013/05/21/iso-22301-vs-iso-22313/
- Understanding IT disaster recovery according to ISO 27031 https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/
- NF PA 1600 vs. ISO 22301 â Similarities and differences https://advisera.com/27001academy/blog/2013/11/05/nfpa-1600-vs-iso-22301-similarities-and-differences/
2- The requirements state what SHOULD be done and not HOW to do it right?
Answer: Your assumption is partially correct. ISO 22301, like other ISO management standards, has mandatory requirements (associated to the words must/shall) and also optional requirements (associated to the words may/should), and these only define what must/should be done, and not how. This is like this way to allow each organization to freely define how to implement the requirements.
This material will also help you regarding BCM:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Is ISO 27002 acquisition necessary?
... ... O 27001 and ISO 27002:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/