SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Question about Conformio project results

  Quote
Guest
Guest user Created:   Mar 08, 2022 Last commented:   Mar 08, 2022

Question about Conformio project results

Why are the mandatory documents reflected here https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision not mentioned in Conformio project results? If Conformio project results are not mandatory, why do we need it?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 08, 2022

1 - Why are the mandatory documents reflected here https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision not mentioned in Conformio project results?

Answer: I’m assuming you are referring to the Project Plan document.

Considering that, please note that in the project results section (3.2) we have two paragraphs:

“During the ISMS implementation project, the following documents (some of which contain appendices that are not expressly stated here) will be delivered:”

In this paragraph, the mentioned “…appendices that are not expressly stated…” refer to some of the mandatory documents. For example, the Internal audit program is an appendix of the Procedure for Internal Audit.

“Policies and procedures that describe specific security activities will be determined only after the Statement of Applicability is completed. Detailed timing for those security policies and procedures will be determined in the Risk Treatment Plan.”

This paragraph covers the remaining mandatory documents that are not explicitly mentioned. Some documents are only mandatory if related controls are applicable, and this information you can have only during project execution. So, until you have this information you cannot state some documents explicitly as project results.  

 

2 - If Conformio project results are not mandatory, why do we need it?

Answer: Project plan document is used to help you evaluate project progress, since they provide a measurable way to check performed activities.

For example, if you have 17 steps in your project, and you already have delivered 7 of them, you can roughly evaluate that 40% of the project has been completed.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 08, 2022

Mar 08, 2022

Suggested Topics

Guest user Created:   May 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

Conformio question

Guest user Created:   May 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

Toolkit questions

Guest user Created:   May 15, 2022 ISO 27001 & 22301
Replies: 1
0 0

Conformio expert questions