Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Conformio - setting up people and departments
The project sponsor is not supposed to be involved (Project Plan para 3.4.1) – is that critical? We’re a small company where the MD will be very much driving this. If necessary, I could choose our chairman but our MD would be better in practice. -
Changing risk scale in Conformio
Could you provide more clarification about why a scale from 1-3 was used for the risks instead of 1-5? -
Conformio - Company Settings and Users
1 - When completing the Risk Register are we choosing the Assets / Threats and Vulnerabilities without any controls in place? We are then to add existing controls into the Treatment Plan? 2 - Also, in terms of an asset register for 27001 Compliance, is the asset list deemed sufficient on Conformio or should we have an asset list that details each asset a user has along with an asset tag? User A – Mobile001, Laptop001, Tablet001 User B – Mobile002 Etc etc -
ISO 27001 Conformio expert question
So, at the moment, I cannot see any documents populated under the Documents module of the software. I assume it's because this is a trial account but will have all the necessary documents available once we purchase the full version. Is this where all the ISMS manual sections (e.g., Context of the organisation, Leadership, Planning, Support etc.) would be housed because the flow of items on the homepage of the software doesn't necessarily have you working to complete the ISMS manual first I don't think. -
Conformio number of documents
I wanted to know why does it seem that the Conformio site has less documents than the template documents? it seems like it's missing a lot of information. Does it cover all of the Annex parts and has all the templates? -
Conformio – adding responsibilities
How would I know which steps to assign to say Marketing, HR or Finance? -
Recurring task in Conformio
It does seem strange though…..The task is to publish procedures for the description, but it has to be done every 10 x days. I would have though once published, then at least annually would be ok… Appreciate your feedback. -
CONFORMIO - Assets management
Please be so kind to clarify: given the fact that risk assessment in Conformio can be conducted based on groups of assets how we can assess each individual asset in Conformio? The same issue is applicable also for threats, vulnerabilities, likelihood, etc. Thank you in advance for the reply. -
Conformio and ISMS
Sorry bother you so much, I've implemented the 9K, 14K and 18K a few times already but it's the first time on 27K. So I've got another question for you. I'm trying to achieve the 27001, 27017 and 27018 at the same time, which are the main ones for any SaaS company. So for instance, the Information Security Policy is mandatory for all of them, however when I open the doc we have in the platform it seems not to cover 27017 and 27018. So my question is, should I request those specific docs straight for you? If we you guys have it as well. There aren't many docs but they are important for the ISMS compliance. Thanks one more time for your amazing help/work. -
Conformio documentation access
I'd like to see a few docs with you that I am in need of but couldn't find. Please find the list below. - Policy on the use of encryption - Operating procedures for IT management - Secure system engineering principles - Business continuity procedure - Cloud Security policy - Policy for data privacy in the cloud - Statement of acceptance of ISMS document I got this list from a doc of yours called "List_of_documents_ISO_27001_ISO_27017_ISO_27018_Cloud-EN.pdf", and most of them are mandatory for the ISMS from 27001 and a couple of them for 27017/27018. All the other docs I needed I was able to find in the platform. If you can help me with that would be great.