Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Conformio - Company Settings and Users

  Quote
Guest
Guest user Created:   Aug 31, 2021 Last commented:   Aug 31, 2021

Conformio - Company Settings and Users

1 - When completing the Risk Register are we choosing the Assets / Threats and Vulnerabilities without any controls in place?  We are then to add existing controls into the Treatment Plan?

2 - Also, in terms of an asset register for 27001 Compliance, is the asset list deemed sufficient on Conformio or should we have an asset list that details each asset a user has along with an asset tag?

User A – Mobile001, Laptop001, Tablet001
User B – Mobile002
Etc

etc

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 31, 2021

1 - When completing the Risk Register are we choosing the Assets / Threats and Vulnerabilities without any controls in place?  We are then to add existing controls into the Treatment Plan?

Your understanding is partially correct. Existing controls are identified during the risk treatment step (the same way they are identified for non-implemented controls) and identified as implemented in the Statement of Applicability, so they are not referred to in the Risk Treatment Plan.

2 - Also, in terms of an asset register for 27001 Compliance, is the asset list deemed sufficient on Conformio or should we have an asset list that details each asset a user has along with an asset tag?

User A – Mobile001, Laptop001, Tablet001
User B – Mobile002
Etc
etc

For ISO 27001 compliance purposes the asset register provider by Conformio is sufficient. In general, asset control in terms of individual users is required for IT operations. For information security operations it is enough to know which role is responsible for the asset (e.g., employee, manager, developer, etc.).


This article will provide you a further explanation about the asset register:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 31, 2021

Aug 31, 2021

Suggested Topics