SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Tag: "Product: Conformio" - Expert Advice Community

Home / Product: Conformio

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1916
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Category:
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Conformio question

    I have a question - should I and can I write specific assets in Conformio i.e. in case of asset "Operating systems" do we use Operating systems or do we write Windows operating system and make this more specific?

  • Conformio expert questions

    1. In the Project Plan document under section 3.4.3. the document is referencing a project team, however later on the title of the table is "Participants in the project". There is an inconsistency in the understanding of who are the members of the project team as there can be more participants in the project than the team members, especially if it is a larger company. Can you please clarify this section for me in this document?

    2. We are a very small company and we do not have Head of IT department, but only the Senior IT technician and two IT support guys. In Conformio I can only define one IT support job title for one of the guys, but I cannot give the same job title to the second IT support person even though both of them have the same job title in our company. Can you explain why this is so?

    3. We want to declare all printed documents as unreliable and therefore uncontrolled, but we were not able to find a way to do that in the Procedure for document and record control. Can you advise how we can add this statement in this document or where we can add this statement?

  • Risk Register Team work question

    I have one more question, I am preparing a review of mandatory documents for our ISO certification and I am using Advisera checklist to make sure we comply. 

    I have noticed that the checklist is slightly different to the steps I'm working on in Conformio. Would you please be so kind and let me know, where can I find documents marked in red in the screenshot below? Thank you in advance!

    Documents I can prepare in Conformio: https://i.imgur.com/dddfECG.png

    Documents listed as mandatory, red dots highlight the ones I am unsure where to find them.
    https://i.imgur.com/lgFtGY1.png

  • Conformio expert question

    1. How to handle legal and contractual requirements and what clauses require this in the standard? 2. Is it required that the person who is doing the Audit needs to have training in Internal Auditing and ISO 27001?

  • ISO 27001 / Conformio questions

    1. Can I as the Project Manager of the ISO 27001 also conduct the Internal Audit? Or should this be done by someone who is not as involved in the project implementation? 2. When should the first Management review be conducted? At the end when we have all of the documents, or while we are implementing the policies and procedures? I am asking this because there are some items that have first occurrence set as one month after the start of the project so now I am afraid that I was supposed to do this from the beginning.

  • Questions about ISO 27001 controls in Conformio

    1. We have a question about this Time synchronization control - the control in Conformio says to use accurate time clocks and synchronize them automatically. We have a system in place to synchronize clocks and our laptops that the emloyees use are also synchronized via google services. We would like to understand if we should write a policy about this and what can we expect during the audit? Will the auditor ask to see how we do this for all clocks and laptops or will he ask for a random one? Would this also be applicable to tablets? This is the task I am referring to https://prnt.sc/KaIKTGeAtuK3 (control A12.4.4) 2. We have similar questions around the task "Make sure all computers use anti-malware" related to control A 12.2.1 - what would the auditor check in relation to this and do we need a written policy on how we handle this in our organization? 3. Also, the standard uses the word elements to be considered and they give 10 recommendations? Are these recommendations or do we need do everything that is listed?

  • Question about Conformio project results

    Why are the mandatory documents reflected here https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision not mentioned in Conformio project results? If Conformio project results are not mandatory, why do we need it?

  • Conformio Questions

    *In the Procedure for Document and Record Control under #5- Managing records kept on the basis of this document: in the table under "Record Name", what goes there? We will be storing any external records pertaining to our ISMS in a folder on Confluence. What about the "Storage Location" - does that need to be a link or just "Confluence Folder" noted?

  • Conformio risk register

    I have a few questions regarding Conformio (trial). 1. First, a question about risk management methodology (the process) could you elaborate the logic behind that, is it different than in your toolkits (RA and RT) tables? Because, I haven’t used the vulnerability - threat approach, I am confused that you must choose applicable control to vulnerability and then again to threat? Or, are these applicable controls, controls which are already implemented safeguards in our environment? and we have to consider them when we do risk evaluation (the next step, these controls are already included in the risk level)? 2. Can you adjust controls also (make your own), or are there ISO A-attachments related controls only? 3. I can’t seem to adjust residual risk manually (after I have added controls appropriate to treat the risk), why is that?

  • Conformio

    1. ISO 27001:2022 How will the new ISO 27001:2022 affect Conformio and created policy documents? Is it wise to already aim for certification against the new standard? Does it make sense to already start implementing the new version and not the old one? 2. ISO 27001 marketing In a video accessible from Conformio, there's a statement that the time for the project manager is 0,5 day/week. That seems like too little to me if it also assumes doing consulting and guiding the organization through the certification process, such as reading, preparing, reviewing and approving documents, or performing the risk assessment and drafting implementation plans for controls. Also such statements undermine the work of project managers and consultants. What is the use of being a Lead Implementer or of all the information on your website if e.g. a secretary could run the project?
Page 8 of 12 pages