Expert Advice Community

Guest

Conformio expert questions

  Quote
Guest
Guest user Created:   May 15, 2022 Last commented:   May 15, 2022

Conformio expert questions

1. In the Project Plan document under section 3.4.3. the document is referencing a project team, however later on the title of the table is "Participants in the project". There is an inconsistency in the understanding of who are the members of the project team as there can be more participants in the project than the team members, especially if it is a larger company. Can you please clarify this section for me in this document?

2. We are a very small company and we do not have Head of IT department, but only the Senior IT technician and two IT support guys. In Conformio I can only define one IT support job title for one of the guys, but I cannot give the same job title to the second IT support person even though both of them have the same job title in our company. Can you explain why this is so?

3. We want to declare all printed documents as unreliable and therefore uncontrolled, but we were not able to find a way to do that in the Procedure for document and record control. Can you advise how we can add this statement in this document or where we can add this statement?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 15, 2022

1. In the Project Plan document under section 3.4.3. the document is referencing a project team, however later on the title of the table is "Participants in the project". There is an inconsistency in the understanding of who are the members of the project team as there can be more participants in the project than the team members, especially if it is a larger company. Can you please clarify this section for me in this document? 

Answer: Please note that the project team, in general, refers to people involved in the tasks of the project, while participants cover not only the project people but also people who provide knowledge about the organization’s processes and information (e.g., key users), and decision-makers (e.g., managers and department heads). Is a good practice to identify the last ones early in the project to ensure engagement with the project.

Considering that, you use the table "Participants in the project" in the Project Plan Document as it is to include members of the project team as well as the other relevant users for the project.

For further information, see:
- RACI matrix for ISO 27001 implementation project https://advisera.com/27001academy/blog/2018/11/05/raci-matrix-for-iso-27001-implementation-project/

2. We are a very small company and we do not have Head of IT department, but only the Senior IT technician and two IT support guys. In Conformio I can only define one IT support job title for one of the guys, but I cannot give the same job title to the second IT support person even though both of them have the same job title in our company. Can you explain why this is so?

Answer: Defining the same job title to different persons is not allowed to prevent conflict of responsibilities in the responsibility matrix (if two persons have the same job title it is not clear who needs to perform a task attributed to this job title). As an alternative, you can differ the job titles by a number (e.g., IT support 01 and IT support 02).

3. We want to declare all printed documents as unreliable and therefore uncontrolled, but we were not able to find a way to do that in the Procedure for document and record control. Can you advise how we can add this statement in this document or where we can add this statement?

Answer: Currently it is not possible to define treatment for uncontrolled documents in the Procedure for Document and Record Control. As an alternative solution, you can develop a simple procedure to document this rule (e.g., a Procedure for Labeling Uncontrolled Documents), or a simpler solution would be not to define written rules for paper documents, and apply the Procedure for Document and Record Controls only for the digital documents.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 15, 2022

May 15, 2022

Suggested Topics

Guest user Created:   Feb 04, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Expert question

Guest user Created:   Jul 17, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope definition

Guest user Created:   Jul 04, 2022 ISO 27001 & 22301
Replies: 1
0 0

Is Conformio for us?