Guest user Created: Jun 17, 2022 Last commented: Jun 17, 2022

More questions on Additions to Conformio

Can you perhaps enlighten me as to how to segregate departments in the Audit Process. I have a client that has 11 departments each with their own set of Risks, and they would like to know if they need to read through the entire Risk Treatment plan so as to identify Risks that are applicable to their specific Business unit.

Tags: Product: Conformio

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jun 17, 2022

First is important to note that setting multiple internal audits to cover smaller parts of the ISMS scope with each one is worthy only for larger companies. For smaller ones, the most efficient approach is to perform a single audit.

Regarding the identification of risks in the Risk Treatment document, besides the risks from its own unit it should consider at least the risks from other units that refers to assets the business unit is responsible for.

For example, if a HR unit has a risk related to an IT asset, then the IT unit should read this risk.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 16, 2022

Expert Advice Community