Expert Advice Community

Guest

Necessity to include specific user

  Quote
Guest
Guest user Created:   Sep 19, 2022 Last commented:   Sep 19, 2022

Necessity to include specific user

Hi, as an IT Security Engineer I am the "Project Manager" for our company (as a role in Conformio). We have a senior project manager at our company as a consultant for ISO27001. He is sporadically consulted on our documents due to his experience in ISO certification. Do we need to include him in our Conformio and documentation or not with regard to the ISO27001 standard or not?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 19, 2022

In case he is providing only sporadic consultation about the documents and does not have specific roles and/or activities to perform regarding your ISMS documentation, he does not need to be included as a user in Conformio.

Regarding ISO 27001, as consultant, you only need to ensure that any relevant performed action or made decision involving this person is recorded. In this case you have two alternatives:
1 – include this person as user in Conformio, so you can use Conformio to assign, track and record activities assigned to him (e.g., ask him to review a document).
2 – in case he is not a Conformio’s user, you need to send documents you want him to review and update to Conformio his answers (e.g., an email, a meeting minute, etc.).

Please note that you do not need to define any role in the ISMS documents to have this consultant as Conformio’s user (in this case he will only be common user).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 18, 2022

Sep 18, 2022