Guest user Created: Jun 23, 2022 Last commented: Jun 23, 2022

Additions to Conformio

Please can you advise with regards to the following; In Conformio Risk Register I am able to add Risks – which are specific to a client If the Control is from an alternative Source for example ISO 31000, can this control be added to Control ID defined in SoA? If this is not possible how would I be able to manage All Risks in the organisation through Conformio if ISO 27001 is the only source of Controls?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jun 23, 2022

First of all, we are sorry for this situation.

At this moment it is not possible to include other sources of controls besides ISO 27001 Annex A in the risk register.

ISO 27001 Annex A is a comprehensive set of controls, and if we know which control you are planning to use, we may be able to link to an equivalent control from ISO 27001 Annex A.

In case there is no possible relation to Annex A controls, a workaround would be for you to upload to Conformio document information which risk (i.e., asset, vulnerability, threat, risk value) will be treated by controls not related to ISO 27001 Annex A, also stating the residual risk.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 23, 2022

Expert Advice Community