Question about Conformio project results
Assign topic to the user
1 - Why are the mandatory documents reflected here https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision not mentioned in Conformio project results?
Answer: I’m assuming you are referring to the Project Plan document.
Considering that, please note that in the project results section (3.2) we have two paragraphs:
“During the ISMS implementation project, the following documents (some of which contain appendices that are not expressly stated here) will be delivered:”
In this paragraph, the mentioned “…appendices that are not expressly stated…” refer to some of the mandatory documents. For example, the Internal audit program is an appendix of the Procedure for Internal Audit.
“Policies and procedures that describe specific security activities will be determined only after the Statement of Applicability is completed. Detailed timing for those security policies and procedures will be determined in the Risk Treatment Plan.”
This paragraph covers the remaining mandatory documents that are not explicitly mentioned. Some documents are only mandatory if related controls are applicable, and this information you can have only during project execution. So, until you have this information you cannot state some documents explicitly as project results.
2 - If Conformio project results are not mandatory, why do we need it?
Answer: Project plan document is used to help you evaluate project progress, since they provide a measurable way to check performed activities.
For example, if you have 17 steps in your project, and you already have delivered 7 of them, you can roughly evaluate that 40% of the project has been completed.
Comment as guest or Sign in
Mar 08, 2022