Expert Advice Community

Guest

More questions on Additions to Conformio

  Quote
Guest
Guest user Created:   Jun 17, 2022 Last commented:   Jun 17, 2022

More questions on Additions to Conformio

Can you perhaps enlighten me as to how to segregate departments in the Audit Process. I have a client that has 11 departments each with their own set of Risks, and they would like to know if they need to read through the entire Risk Treatment plan so as to identify Risks that are applicable to their specific Business unit.

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 17, 2022

First is important to note that setting multiple internal audits to cover smaller parts of the ISMS scope with each one is worthy only for larger companies. For smaller ones, the most efficient approach is to perform a single audit.

Regarding the identification of risks in the Risk Treatment document, besides the risks from its own unit it should consider at least the risks from other units that refers to assets the business unit is responsible for.

For example, if a HR unit has a risk related to an IT asset, then the IT unit should read this risk.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 16, 2022

Jun 16, 2022

Suggested Topics

Guest user Created:   Dec 06, 2022 ISO 27001 & 22301
Replies: 1
0 0

Assets

Guest user Created:   Dec 06, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Auditor Question