Please can you advise with regards to the following;
In Conformio Risk Register I am able to add Risks – which are specific to a client
If the Control is from an alternative Source for example ISO 31000, can this control be added to Control ID defined in SoA?
If this is not possible how would I be able to manage All Risks in the organisation through Conformio if ISO 27001 is the only source of Controls?
At this moment it is not possible to include other sources of controls besides ISO 27001 Annex A in the risk register.
ISO 27001 Annex A is a comprehensive set of controls, and if we know which control you are planning to use, we may be able to link to an equivalent control from ISO 27001 Annex A.
In case there is no possible relation to Annex A controls, a workaround would be for you to upload to Conformio document information which risk (i.e., asset, vulnerability, threat, risk value) will be treated by controls not related to ISO 27001 Annex A, also stating the residual risk.