Add Further Reference Documents
Hi firstly, thank you for creating a great product. We have a few further reference documents that we would like to include as part of the ISMS. These are related to our regulatory requirements, we should include the Australian Governments Information Security Manual (ISM) and Right Fit for Risk (RFFR). Can I please confirm the best way to add these two key documents?
Assign topic to the user
You can address these requirements in your ISMS by including the ISM and the RFRR as legal requirements in the Register of Requirements module.
In addition to including these requirements in the Register of Requirements, you need to implement the security controls related to them. These will be automatically identified in the Statement of Applicability when you define the information in the “To what area is this requirement related?” field in the Register of Requirements module for each entry.
Considering the ISM, suggested areas are “Specifying mandatory safeguards” or “Identification of stakeholders and security requirements”.
Considering the RFFR, the suggested area is “Risk Management”.
Comment as guest or Sign in
Sep 02, 2022