Expert Advice Community

Guest

Conformio questions

  Quote
Guest
Guest user Created:   Sep 21, 2021 Last commented:   Sep 21, 2021

Conformio questions

1. Can I treat the Project Plan as a statement of intention? If we do not meet the deadlines we have set in the Project Plan, would this be a problem during certification?

2. At the end of each document in the wizard, there is a set review cycle of 6 months or  12 months depending on the document. Why is this set in such a way and could I change it?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 21, 2021

1. Can I treat the Project Plan as a statement of intention? If we do not meet the deadlines, we have set in the Project Plan, would this be a problem during certification?

Answer: The purpose of the project plan is to clearly define several elements (e.g., the objective of the project, documents to be written, deadlines, roles, and responsibilities, etc.), so yes - project plan can be used as a statement of intention. On a general level, the top-level objectives are also a statement of intention.

ISO 27001 does not require a project plan to be documented (it is a supporting document for the implementation, not for the ISMS itself), so if you do not meet initial deadlines this will not be a problem during the certification (the project plan always can be updated to reflect the real progress of the implementation). 

For further information, see:
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
- How to use Scrum for the ISO 27001 implementation project https://advisera.com/27001academy/blog/2017/03/27/how-to-use-scrum-for-the-iso-27001-implementation-project/

2. At the end of each document in the wizard, there is a set review cycle of 6 months or 12 months depending on the document. Why is this set in such a way and could I change it?

Answer: 6 months and 12 months are the most frequent review periods adopted by organizations. ISO 27001 does not prescribe document review time, so organizations can define them as they fit their needs.

You can change the review period according to your needs by adjusting the document review period field in the document properties tab when you are creating it.

For further information, see:
- How to manage documents according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 21, 2021

Sep 21, 2021

Suggested Topics