left-svg
Bonus expert support worth $500
with the ISO 27001 Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Expert Advice Community

Guest

Additions to Conformio

  Quote
Guest
Guest user Created:   Jun 23, 2022 Last commented:   Jun 23, 2022

Additions to Conformio

Please can you advise with regards to the following; 

In Conformio Risk Register I am able to add Risks – which are specific to a client 

If the Control is from an alternative Source for example ISO 31000, can this control be added to Control ID defined in SoA? 

If this is not possible how would I be able to manage All Risks in the organisation through Conformio if ISO 27001 is the only source of Controls?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 23, 2022

First of all, we are sorry for this situation.

At this moment it is not possible to include other sources of controls besides ISO 27001 Annex A in the risk register.

ISO 27001 Annex A is a comprehensive set of controls, and if we know which control you are planning to use, we may be able to link to an equivalent control from ISO 27001 Annex A.

In case there is no possible relation to Annex A controls, a workaround would be for you to upload to Conformio document information which risk (i.e., asset, vulnerability, threat, risk value) will be treated by controls not related to ISO 27001 Annex A, also stating the residual risk.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 23, 2022

Jun 23, 2022