Take the ISO 9001 course exam and get the
ISO 14001, ISO 13485, or ISO 45001 course exam for free
LIMITED-TIME OFFER – ENDS SEPTEMBER 29, 2022

Tag: "conformio" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Conformio risk register, confused by some of the threat mappings for Human Resources

    The Conformio risk register defines the following
    • Threat is what kind of negative thing can happen to your asset because the vulnerability exists.
    The mapping path is Asset to Vulnerabilty to Threat Asset: Employees with specific expertiese ( system admin, security experts ) Vulnerability: Replacement person does not exist or is inadequate Threat:  Earthquake / Fire / Flood / Storm ? Of the 12 items listed, only 2 seem reasonable - breach of contracts and information disclosure Seems like this mapping needs some work, or am I misunderstanding something ?