Conformio questions

1. Can I treat the Project Plan as a statement of intention? If we do not meet the deadlines, we have set in the Project Plan, would this be a problem during certification?

Answer: The purpose of the project plan is to clearly define several elements (e.g., the objective of the project, documents to be written, deadlines, roles, and responsibilities, etc.), so yes - project plan can be used as a statement of intention. On a general level, the top-level objectives are also a statement of intention.

ISO 27001 does not require a project plan to be documented (it is a supporting document for the implementation, not for the ISMS itself), so if you do not meet initial deadlines this will not be a problem during the certification (the project plan always can be updated to reflect the real progress of the implementation). 

For further information, see:
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
- How to use Scrum for the ISO 27001 implementation project https://advisera.com/27001academy/blog/2017/03/27/how-to-use-scrum-for-the-iso-27001-implementation-project/

2. At the end of each document in the wizard, there is a set review cycle of 6 months or 12 months depending on the document. Why is this set in such a way and could I change it?

Answer: 6 months and 12 months are the most frequent review periods adopted by organizations. ISO 27001 does not prescribe document review time, so organizations can define them as they fit their needs.

You can change the review period according to your needs by adjusting the document review period field in the document properties tab when you are creating it.

For further information, see:
- How to manage documents according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/