More questions on Additions to Conformio
Assign topic to the user
First is important to note that setting multiple internal audits to cover smaller parts of the ISMS scope with each one is worthy only for larger companies. For smaller ones, the most efficient approach is to perform a single audit.
Regarding the identification of risks in the Risk Treatment document, besides the risks from its own unit it should consider at least the risks from other units that refers to assets the business unit is responsible for.
For example, if a HR unit has a risk related to an IT asset, then the IT unit should read this risk.
Comment as guest or Sign in
Jun 16, 2022