Risk Register Team work question
I have one more question, I am preparing a review of mandatory documents for our ISO certification and I am using Advisera checklist to make sure we comply.
I have noticed that the checklist is slightly different to the steps I'm working on in Conformio. Would you please be so kind and let me know, where can I find documents marked in red in the screenshot below? Thank you in advance!
Documents I can prepare in Conformio: 
Documents listed as mandatory, red dots highlight the ones I am unsure where to find them.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
The information about these controls can be located as follow:
- Definition of security roles and responsibilities (clauses A.7.1.2 and A.13.2.4): security roles and responsibilities are defined alongside all documents implemented for the ISMS. You can see a summary of this information by accessing the “Responsibility Matrix” link in the left side panel of Conformio Screen.
- Inventory of assets: Conformio enables you to draw up the list of assets during the risk assessment process by suggesting a checklist of potential assets you can find in your company. The inventory of assets is part of the Risk Register Module
- Acceptable use of assets (clause A.8.1.3): this control is implemented by means of the IT Security Policy
- Access Control Policy: this control is implemented by means of the Access Control Policy
- Operating Procedures for IT department: this control is implemented by means of the Security Procedures for the IT Department
- Secure system engineering principles (clause A.14.2.5): this control is implemented by means of the Secure Development Policy
- Supplier Security Policy: this control is implemented by means of the Supplier Security Policy
- Incident Management Procedure: this control is implemented by means of the Incident Register
- Business continuity procedures (clause A.17.1.2): this control is implemented by means of the Disaster Recovery Plan document
- Legal, regulatory, and contractual requirements: this control is implemented by means of the Register of Requirements module
Approved documents can be found by accessing the “Documents” link in the left side panel of Conformio Screen.
Please note that the documents “IT Security Policy”, “Access Control Policy”, "Security Procedures for IT Departments", "Secure Development Policy", "Supplier Security Policy" and "Disaster Recovery Plan" are added after completion of the Statement of Applicability step, as justification for the controls they are related to. Please take a look at the following help video for more information: https://vimeo.com/showcase/6734609/video/472957258
Comment as guest or Sign in
May 12, 2022