Tag: "Product: Conformio" - Expert Advice Community

Code of Conduct

Hi Team, can you please let me know how I can create our Code of Conduct please? thanks.

Sample document

We have recently completed a sample document; however, is there a document equivalent to create within Conformio that may have a different style or format?

ISO sign off on staff policy

ISO 27001 requires that staff sign off on policies that have been distributed to them and that are applicable to them.
 
I couldn’t find a mechanism in Conformio that provides a mechanism for this.

Can you please let me know how to handle this requirement?

Register of requirements: Granularity of entries

Regarding the Conformio Register of requirements: I don't understand how granular the entries should be (recommended or required by the ISO27001:2022 standard). We have a lot of contracts with different customers but the contracts themselves have the same content. Should we create a new entry for every customer contract or would it be sufficient to create a general entry for all contracts with the same content? Or should we even create a new entry for every requirement of each contract of every customer?

Gap analysis results

We have recently undergone a Gap Analysis with NQA ready for our ISO certification, and some significant failings were discovered during the process.

The key bits were the difficulty in identifying / linking documentation to clauses, missing clauses without explanation and missing information on areas provided.

Firstly, as part of our gap analysis, the processes followed within Conformio did not provide any documentation to Clause 4 of the standard, nor did we get any system assistance in completing these clauses. There was no interested parties section beyond the contractual and legal requirements, thus we were unable to evidence clause 4.2.

Secondly, the Risk Assessments failed to provide a CIA category for any risks. We are told this is mandatory and as such, the Risk Register provided does not meet the requirements of ISO.

ISMS scope

Regarding the ISMS Scope Document, For the location, we are a remote company with a virtual address, we have an address for our data center, and if we should include it. Also, what should we exclude? we give laptops to our employees

Record Control Table and Approved Supplier List

Do we have to keep a record control table and approved supplier lists? Please advise.

Specific Documents

Hi team, I am sending this message to ask you which documents will be for clauses 4.1, 5.1, 6.1.1, 6.1.2, and 9.1.? I have done all the documents provided by Conformio but I can't find the documents above. Please support me on this issue.

Clause 4.1 in Conformio

How to satisfy ISO 27001 standard clause 4.1 in Conformio? Please advise.

IT Security Policy too narrow

We are using the wizard to create the IT Security Policy, and we found that the context in the IT Security policy is too short and seems that it cannot meet the requirements of ISO 27001. For example, the context in the IT Security policy didn't make any references to SOA controls. How would you advise how we can complete the IT Security policy according to the ISO 27001 standard?