Learn in small groups from top experts and real-life examples

Tag: "Product: Conformio" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Corporate using of Conformio

    Thank you for the following… I’m already testing the 30 days trial Conformio platform, it look’s very interesting! I have one question related to the corporate using of Conformio, I work in a mid-size company that has 2 different business units, if I want to implement ISO 27001 for both business units in a different timeline, Do I need to purchase 2 licenses of Conformio? or just with one license Can I manage the ISO 27001 implementation for both? For example, one this year and the other in 2023? Those B.U. are not different companies, but they have different structure with different IT departments for example and different interested parties for the ISO 27001 certification accomplishment.
  • Conformio - Justification in SoA

    In the statement of Applicability, I can see preselected controls based on the risks. I’m adding additional controls as well. There is a ‘justification’ box here. Is it mandatory to type why I’m adding these extra controls?
  • Scope in Conformio

    Thank you for offering assistance. We have started gathering interested parties and requirements. 

    We are struggling with the scope of this list. 

    For example, ISO9001 covers the “local community” as an interested party…. But I presume this is not applicable here because they have no interest in our ISMS and our ability to prevent a breach. If it is limited to people who have an interest in our ISMS and our ability to prevent a breach then it would be easier. 

    Our client may have concerns about our ability to keep the documentation and passwords that we possess on our systems safe from a breach.

    But services we provide to them to keep them/their systems and data safe from a breach are not in scope I believe…? But we need to clarify that. 

    Any guidance you can offer would be greatly appreciated.

  • Conformio - setting up people and departments

    The project sponsor is not supposed to be involved (Project Plan para 3.4.1) – is that critical? We’re a small company where the MD will be very much driving this. If necessary, I could choose our chairman but our MD would be better in practice.
  • Conformio - Company Settings and Users

    1 - When completing the Risk Register are we choosing the Assets / Threats and Vulnerabilities without any controls in place?  We are then to add existing controls into the Treatment Plan? 2 - Also, in terms of an asset register for 27001 Compliance, is the asset list deemed sufficient on Conformio or should we have an asset list that details each asset a user has along with an asset tag? User A – Mobile001, Laptop001, Tablet001 User B – Mobile002 Etc etc