Expert Advice Community

Guest

Risk Register Team work question

  Quote
Guest
Guest user Created:   May 12, 2022 Last commented:   May 12, 2022

Risk Register Team work question

I have one more question, I am preparing a review of mandatory documents for our ISO certification and I am using Advisera checklist to make sure we comply. 

I have noticed that the checklist is slightly different to the steps I'm working on in Conformio. Would you please be so kind and let me know, where can I find documents marked in red in the screenshot below? Thank you in advance!

Documents I can prepare in Conformio: https://i.imgur.com/dddfECG.png

Documents listed as mandatory, red dots highlight the ones I am unsure where to find them.
https://i.imgur.com/lgFtGY1.png

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

Expert
Rhand Leal May 12, 2022

The information about these controls can be located as follow:

  • Definition of security roles and responsibilities (clauses A.7.1.2 and A.13.2.4): security roles and responsibilities are defined alongside all documents implemented for the ISMS. You can see a summary of this information by accessing the “Responsibility Matrix” link in the left side panel of Conformio Screen.
  • Inventory of assets: Conformio enables you to draw up the list of assets during the risk assessment process by suggesting a checklist of potential assets you can find in your company. The inventory of assets is part of the Risk Register Module
  • Acceptable use of assets (clause A.8.1.3): this control is implemented by means of the IT Security Policy
  • Access Control Policy: this control is implemented by means of the Access Control Policy
  • Operating Procedures for IT department: this control is implemented by means of the Security Procedures for the IT Department
  • Secure system engineering principles (clause A.14.2.5): this control is implemented by means of the Secure Development Policy
  • Supplier Security Policy: this control is implemented by means of the Supplier Security Policy
  • Incident Management Procedure: this control is implemented by means of the Incident Register
  • Business continuity procedures (clause A.17.1.2): this control is implemented by means of the Disaster Recovery Plan document
  • Legal, regulatory, and contractual requirements: this control is implemented by means of the Register of Requirements module

Approved documents can be found by accessing the “Documents” link in the left side panel of Conformio Screen.

Please note that the documents “IT Security Policy”, “Access Control Policy”, "Security Procedures for IT Departments", "Secure Development Policy", "Supplier Security Policy" and "Disaster Recovery Plan" are added after completion of the Statement of Applicability step, as justification for the controls they are related to. Please take a look at the following help video for more information: https://vimeo.com/showcase/6734609/video/472957258

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 12, 2022

May 12, 2022

Suggested Topics