left-svg
Bonus expert support worth 500 EUR
with the EU GDPR Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Tag: "Product: Conformio" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Mapping of requirements categories to ISO 27001 Compliance controls (Conformio)

    b-next has a customer that requires that a quarterly Penetration test. We believe this requirement is related to Operation of information technology in the dropdown. So far so good, however we believe it also is related to ISO27001 control 18.2.3 Technical compliance review, however there is no corresponding option in the dropdown to choose a Compliance type of category for this requirement. Is this an omission? Or, to what dropdown item should we map this requirement so that it shows up in the appropriate area of the SoA?
  • Mapping of requirements categories to ISO 27001 Human Resource controls (Conformio)

    We have a customer that requires that *** employees are submitted to background checks, etc. This correlates to ISO 27001 Clause 7, Human Resource Security. However, there does not really seem to be a matching category in the “To what area is this requirement related?” dropdown list. Is this an omission? Or, to what dropdown item should we map this requirement so that it shows up in the appropriate area of the SoA?
  • More questions on Additions to Conformio

    Can you perhaps enlighten me as to how to segregate departments in the Audit Process. I have a client that has 11 departments each with their own set of Risks, and they would like to know if they need to read through the entire Risk Treatment plan so as to identify Risks that are applicable to their specific Business unit.
  • ISO 27001 question

    We got feedback from the auditor that we need to have the document code included in all documents. Is this mandatory based on the standard?
  • ISO 27001 external audit for rest of employees

    As part of ISO 27001 external audit and apart from the security awareness training, we would like to inquiry on topics the auditor will be interviewing the rest of *** employees (the ones who are not currently set up to be members of the ISMS in Conformio). Currently, we are a bit concerned about what questions the auditor might be asking employees and some directions from you would be much useful.
  • Standard Forms

    Where in Conformio can I find templates? I am looking for a template to address the requirements in 27002 12.1.2.
  • Conformio - Managing Records kept on the basis of any document

    Hello All, We notice that there is no way for us to fully editing the Controls for record protection under managing records kept of any document generated in Conformio. Currently, it only shows and limits to a specific personal and we need to remove that. Please find example below: https://prnt.sc/SRwXNZhPW5Nl The following word only cannot be removed and as you can also notice, it limits to a specific personal rather than a group of personnel which is what we aim for really.
  • Questions about Conformio

    1 - Of the items listed as mandatory for 27001, do they all have to be in place at stage 1 or is it okay to have a select listing completed and others WIP? 2 - Also, could you give me an indication of the costs involved with Conformio please? Does Conformio only cover 27001 or does it cover other standards as well? I am currently responsible for the compliance and regulatory affairs of 2 companies whom I have taken through ISO13485, and I manage and maintain both their QMS arrangements, audits, NC’s, suppliers etc. 3 - I am currently seeking to add 27001 certification for both and have a project team in place to identify where the existing QMS requires additional items to be ready for 27001 – currently doing risk threat analysis and controls id to enable completion Statement of Applicability – I will be using the same compliance company as we do for 13485 and have provisionally booked stage 1 for September – additionally, one business creates non-medical digital assets in addition to medical devices, so am seeking 9001 there also. Pretty full on as you can imagine. BSI are constantly mailing me pushing their Compliance navigator tool, but I think we are too small (70 people between both) and would use too little to justify the costs they’re quoting – is Conformio a similar tool? 4 - Also, would you have or have knowledge of anywhere that I might be able to find a regulatory roadmap for medical devices across different regions? ( Seems to be a bit of a minefield and each country seems to have regulations relating to clinical risk management etc in place which must be met in addition to MDR etc). Sorry for early morning brain dump -hopefully makes sense.
  • How to record external issues (not legal or contractual) in Conformio

    In the Conformio ‘Register of requirements’ it is possible to add requirements of types ‘Contractual Agreement’ or ‘Legal/regulatory requirement’, but not any other external/internal issues as stated in ISO 27001. Our organization for example has an office in Ukraine and we would like to add an availability requirement regarding the people and company infrastructure there. How should we record that requirement in Conformio?
  • Approving Residual Risk in Conformio

    Can you please advise if we should click the "Approve Residual Risk" during the final(Approval) phase of filling up the Risk Register module, even if all the identified "Risk Treatment Controls" items are not yet in place or implemented?
Page 1 of 6 pages