Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Scope in Conformio
Thank you for offering assistance. We have started gathering interested parties and requirements.
We are struggling with the scope of this list.
For example, ISO9001 covers the “local community” as an interested party…. But I presume this is not applicable here because they have no interest in our ISMS and our ability to prevent a breach. If it is limited to people who have an interest in our ISMS and our ability to prevent a breach then it would be easier.
Our client may have concerns about our ability to keep the documentation and passwords that we possess on our systems safe from a breach.
But services we provide to them to keep them/their systems and data safe from a breach are not in scope I believe…? But we need to clarify that.
Any guidance you can offer would be greatly appreciated.
-
Conformio - setting up people and departments
The project sponsor is not supposed to be involved (Project Plan para 3.4.1) – is that critical? We’re a small company where the MD will be very much driving this. If necessary, I could choose our chairman but our MD would be better in practice. -
Changing risk scale in Conformio
Could you provide more clarification about why a scale from 1-3 was used for the risks instead of 1-5? -
Conformio - Company Settings and Users
1 - When completing the Risk Register are we choosing the Assets / Threats and Vulnerabilities without any controls in place? We are then to add existing controls into the Treatment Plan? 2 - Also, in terms of an asset register for 27001 Compliance, is the asset list deemed sufficient on Conformio or should we have an asset list that details each asset a user has along with an asset tag? User A – Mobile001, Laptop001, Tablet001 User B – Mobile002 Etc etc -
ISO 27001 Conformio expert question
So, at the moment, I cannot see any documents populated under the Documents module of the software. I assume it's because this is a trial account but will have all the necessary documents available once we purchase the full version. Is this where all the ISMS manual sections (e.g., Context of the organisation, Leadership, Planning, Support etc.) would be housed because the flow of items on the homepage of the software doesn't necessarily have you working to complete the ISMS manual first I don't think. -
Conformio number of documents
I wanted to know why does it seem that the Conformio site has less documents than the template documents? it seems like it's missing a lot of information. Does it cover all of the Annex parts and has all the templates? -
Conformio – adding responsibilities
How would I know which steps to assign to say Marketing, HR or Finance? -
Recurring task in Conformio
It does seem strange though…..The task is to publish procedures for the description, but it has to be done every 10 x days. I would have though once published, then at least annually would be ok… Appreciate your feedback. -
CONFORMIO - Assets management
Please be so kind to clarify: given the fact that risk assessment in Conformio can be conducted based on groups of assets how we can assess each individual asset in Conformio? The same issue is applicable also for threats, vulnerabilities, likelihood, etc. Thank you in advance for the reply. -
Conformio and ISMS
Sorry bother you so much, I've implemented the 9K, 14K and 18K a few times already but it's the first time on 27K. So I've got another question for you. I'm trying to achieve the 27001, 27017 and 27018 at the same time, which are the main ones for any SaaS company. So for instance, the Information Security Policy is mandatory for all of them, however when I open the doc we have in the platform it seems not to cover 27017 and 27018. So my question is, should I request those specific docs straight for you? If we you guys have it as well. There aren't many docs but they are important for the ISMS compliance. Thanks one more time for your amazing help/work.