SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

ISO 27001 / Conformio questions

  Quote
Guest
Guest user Created:   Feb 08, 2022 Last commented:   Feb 08, 2022

ISO 27001 / Conformio questions

1. How should we treat the risk assessment process? Should we consider all the risks within our company and go over a bit or should we be more conservative? For example, should we consider our CEO being on leave as a risk while doing the risk assessment? 2. In terms of SoA should we mark all the controls as applicable? How should we approach this?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 08, 2022

1. How should we treat the risk assessment process? Should we consider all the risks within our company and go over a bit or should we be more conservative? For example, should we consider our CEO being on leave as a risk while doing the risk assessment?

Considering the Conformio platform, first, you need to define your Risk Assessment and Risk Treatment Methodology. In the document provided by Conformio, you will define the risk acceptance criteria, i.e., when identified and analyzed risks must be treated. Conformio automatically determines which risks need to be treated based on the acceptance criteria you define.

For further information, see:

2. In terms of SoA should we mark all the controls as applicable? How should we approach this?

Considering the Conformio platform, Conformio automatically marks controls applicable based on the results of risk assessment and legal requirements.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 08, 2022

Feb 08, 2022

Suggested Topics