Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Automated SoA

  Quote
Created:   Apr 24, 2023 Last commented:   Apr 27, 2023

Automated SoA

I am a bit confused.. 🙃

How do you go about versioning and labelling when using a tool like Conformio? Or is it not relevant in this case any more? Everywhere I look it says SoA has to be a document with the version control, classification label, etc. on it. In case of an online database this would not be the case.

But how do auditors react to this fact? Is it fully ok to use 21 century inventions like this? 🧐

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 27, 2023

Please note that version control is handled automatically by Conformio. Each time you approve a document (a new one or an update) Conformio automatically increases its version. You can follow up on the versioning of ISMS documents by accessing the link “Documents” sub-folder “Policies and procedures” located in the left-side panel.

In case of information related to some of the Conformio modules, like Statement of Applicability and Internal audit module, once the related activities are performed (e.g., SoA or Internal audit program is approved) the document is automatically generated together with its version number and stored in the folder “Documents” sub-folder “Lists reports statement and plans”.

The information classification labeling setting is defined when initially configuring Conformio (you can review this setting by accessing the “Company Setting & Users >> Project settings” link, located in the left-side panel).

Versioning is required by clause 7.5.3 of the standard because it would be hard to follow what has changed if there was no version control. Labeling is defined in control A.5.13 Labelling of information and can be excluded if you feel this is not appropriate for your company.

In both situations Conformio complies with ISO 27001 requirements, so auditors won’t have reasons to negatively react to these implementations.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 24, 2023

Apr 27, 2023

Suggested Topics