Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Conformio dashboard

  Quote
Guest
Guest user Created:   Apr 21, 2020 Last commented:   Apr 21, 2020

Conformio dashboard

I need a bit more clarity with some actions on the conformio dashboard.

1. What does " Determine required communication" mean and how do we show compliance

2. How do we show compliance to the "introduce no-blame security culture"

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 21, 2020

1. What does " Determine required communication" mean and how do we show compliance

Answer: ISO 27001, clause 7.4, requires a definition of internal and external communications needs relevant to the ISMS (e.g., what to communicate, to whom, when, by whom, etc.), but since the standard does not prescribe how to implement that, organizations are free to chose the approach that better fits them.

Depending on the size of the organization and its security objectives, the communication needs may be fully documented as a separate document or simply stated in a few sentences within other policies, procedures, and plans (the last one is the approach adopted in our toolkits).

This article will provide you further explanation about communication plan:
- How to create a Communication Plan according to ISO 27001 https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/

2. How do we show compliance to the "introduce no-blame security culture"


Answer: Please note that "introduce no-blame security culture" is not a standard's requirement, but a good practice to support leadership and commitment  (e.g., to direct and support persons to contribute to the effectiveness of the ISMS); 

Ways to demonstrate that this culture is implemented is by evidencing nonconformities and security incidents reported by employees, because this will show that employees are not afraid to report those even if they are the once that have caused them.

This article will provide you further explanation about communication plan:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 21, 2020

Apr 21, 2020

Suggested Topics