SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Conformio

  Quote
Guest
Guest user Created:   Feb 16, 2022 Last commented:   Feb 16, 2022

Conformio

1. ISO 27001:2022 How will the new ISO 27001:2022 affect Conformio and created policy documents? Is it wise to already aim for certification against the new standard? Does it make sense to already start implementing the new version and not the old one? 2. ISO 27001 marketing In a video accessible from Conformio, there's a statement that the time for the project manager is 0,5 day/week. That seems like too little to me if it also assumes doing consulting and guiding the organization through the certification process, such as reading, preparing, reviewing and approving documents, or performing the risk assessment and drafting implementation plans for controls. Also such statements undermine the work of project managers and consultants. What is the use of being a Lead Implementer or of all the information on your website if e.g. a secretary could run the project?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 16, 2022

1. ISO 27001:2022
How will the new ISO 27001:2022 affect Conformio and created policy documents? Is it wise to already aim for certification against the new standard? Does it make sense to already start implementing the new version and not the old one?

We will start developing an update of both the documents and SoA as soon as the new changes are published and aligned with the ISO 27001. 

A new version of ISO 27001 is expected to be released by the second half of 2022, reflecting the changes of the new ISO 27002 in its Annex A, so you should go for the existing set of controls if you plan to finish the implementation in the next 3 to 6 months. Otherwise, you should go for the new set of controls, to avoid reworking on adapting implemented controls to the new version of ISO 27001 Annex A.

In case your organization is already certified, there will be a transition time before the new ISO 27001 becomes mandatory (generally the transition time is 2 years), so immediate certification against the new standard will not be necessary.

For further information, see:

2. ISO 27001 marketing
In a video accessible from Conformio, there's a statement that the time for the project manager is 0,5 day/week. That seems like too little to me if it also assumes doing consulting and guiding the organization through the certification process, such as reading, preparing, reviewing and approving documents, or performing the risk assessment and drafting implementation plans for controls. Also such statements undermine the work of project managers and consultants. What is the use of being a Lead Implementer or of all the information on your website if e.g. a secretary could run the project?

Please note that Advisera’s approach with Conformio and documentation toolkits is to allow organizations to implement the ISMS by themselves (documents are almost 90% complete and required minimal customization to cover organizations’ needs), so the main role of the project manager in this scenario is to review organizations’ teams work and make corrections when needed.

The role of the consultant with the Lead Implementer course is useful when an organization asks for a more customized implementation of ISO 27001.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 16, 2022

Feb 16, 2022

Suggested Topics

Guest user Created:   May 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

Conformio question

Guest user Created:   May 15, 2022 ISO 27001 & 22301
Replies: 1
0 0

Conformio expert questions

Guest user Created:   May 09, 2022 ISO 27001 & 22301
Replies: 1
0 0

Conformio expert question