Necessity to include specific user
Hi, as an IT Security Engineer I am the "Project Manager" for our company (as a role in Conformio). We have a senior project manager at our company as a consultant for ISO27001. He is sporadically consulted on our documents due to his experience in ISO certification. Do we need to include him in our Conformio and documentation or not with regard to the ISO27001 standard or not?
Assign topic to the user
In case he is providing only sporadic consultation about the documents and does not have specific roles and/or activities to perform regarding your ISMS documentation, he does not need to be included as a user in Conformio.
Regarding ISO 27001, as consultant, you only need to ensure that any relevant performed action or made decision involving this person is recorded. In this case you have two alternatives:
1 – include this person as user in Conformio, so you can use Conformio to assign, track and record activities assigned to him (e.g., ask him to review a document).
2 – in case he is not a Conformio’s user, you need to send documents you want him to review and update to Conformio his answers (e.g., an email, a meeting minute, etc.).
Please note that you do not need to define any role in the ISMS documents to have this consultant as Conformio’s user (in this case he will only be common user).
Comment as guest or Sign in
Sep 18, 2022