Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
PIMS
What is the best way to be adopted in an attempt to establish an effective PIMS based on ISO 27001 and ISO 27018 and perhaps consider ISO 27701
-
Risk owner
Assign ownership and accountabilities for strategic, aggregated, dynamic risks
-
Skipping certain blocks in the document templates
Dear Dejan,
We started working with Conformio, and first of all: I think it’s very useful! Thank you for it.
I just have a question: I noticed all document templates have a block with “code, version, date of version etc” and later on a block with “change history”. This doesn’t make sense to me, since we are already using Conformio as a document management system where these things are already properly documented for each file. Can I remove these in my documents?
I am asking this because I want to make our documents as short as possible, so our employees actually do read them (the more unnecessary info the more distraction and I’m afraid they will scroll rather than really read). Therefore, I would also like to skip the “reference documents”. Is that allowed too?
Thanks for your advice.
-
Assets and Risks
Is it a fairly standard procedure, when considering risk assessment to follow this idea:
List all the assets which will include buildings, Servers, Networks, HR data, payroll data, Pension data, training records etc
Apply a standard set of threats to each and every asset regardless of whether it's a physical asset or an information asset (e.g. Environmental, deliberate external asset compromise, deliberate internal, accidental internal, loss of staff etc.) (In this example we'd apply the 5 threats to each asset to generate the risks i.e. the 7 assets listed would yield 35 Risks
Score the risks and generate the treatment plan
Is it overkill to least each data type? Should we just list the threats against the 3 or 4 data classification types as well as the physical assets.Any advice greatly appreciated.