Tag: "Product: Conformio" - Expert Advice Community

Procedure for document and record control

We are actually working on the document ’PROCEDURE FOR DOCUMENT AND RECORD CONTROL’

For ***, I am guessing whether it can be Conformio Platform or not.

Each external document that is necessary for the planning and operation of the ISMS must be recorded in the *** or in the *** according to their form. The *** and the *** must contain the following information: sender, document name, and date of receipt.

The person who receives such external documents in paper or other physical forms (e.g., through regular mail or as courier parcels) must make a record in the ***. The person who receives external documents in electronic form (e.g., through email) must record them in the ***.

Question : I would like to know if we can use Conformio instead of CRM ( which makes no sense in the case)

Code of Conduct

Hi Team, can you please let me know how I can create our Code of Conduct please? thanks.

Sample document

We have recently completed a sample document; however, is there a document equivalent to create within Conformio that may have a different style or format?

ISO sign off on staff policy

ISO 27001 requires that staff sign off on policies that have been distributed to them and that are applicable to them.
 
I couldn’t find a mechanism in Conformio that provides a mechanism for this.

Can you please let me know how to handle this requirement?

Register of requirements: Granularity of entries

Regarding the Conformio Register of requirements: I don't understand how granular the entries should be (recommended or required by the ISO27001:2022 standard). We have a lot of contracts with different customers but the contracts themselves have the same content. Should we create a new entry for every customer contract or would it be sufficient to create a general entry for all contracts with the same content? Or should we even create a new entry for every requirement of each contract of every customer?

Gap analysis results

We have recently undergone a Gap Analysis with NQA ready for our ISO certification, and some significant failings were discovered during the process.

The key bits were the difficulty in identifying / linking documentation to clauses, missing clauses without explanation and missing information on areas provided.

Firstly, as part of our gap analysis, the processes followed within Conformio did not provide any documentation to Clause 4 of the standard, nor did we get any system assistance in completing these clauses. There was no interested parties section beyond the contractual and legal requirements, thus we were unable to evidence clause 4.2.

Secondly, the Risk Assessments failed to provide a CIA category for any risks. We are told this is mandatory and as such, the Risk Register provided does not meet the requirements of ISO.

ISMS scope

Regarding the ISMS Scope Document, For the location, we are a remote company with a virtual address, we have an address for our data center, and if we should include it. Also, what should we exclude? we give laptops to our employees

Record Control Table and Approved Supplier List

Do we have to keep a record control table and approved supplier lists? Please advise.

Specific Documents

Hi team, I am sending this message to ask you which documents will be for clauses 4.1, 5.1, 6.1.1, 6.1.2, and 9.1.? I have done all the documents provided by Conformio but I can't find the documents above. Please support me on this issue.

Clause 4.1 in Conformio

How to satisfy ISO 27001 standard clause 4.1 in Conformio? Please advise.