I’m currently trailing the use of your Conformio platform in our environment.
We are a managed service provider, offering hosting of specific financial consolidation platforms as IaaS through cloud providers (more specifically, ***).
I understand that ISO27001 documentation is very specific to a case organization, but I also believe a large part of the documentation to be … “standard”. If I were to remove the specific software platforms that we host and consult on, we are just another *** Provider. Do you have sample artefacts, such as risk registers or statements of applicability, that apply to organizations like that?
Please note that is our policy does not offer such sample artifacts.
This is so because even organizations of the same industry and using the same IaaS provider have unique objectives and risk appetites, so the use of such sample artifacts can mislead organizations into adopting a security profile that does not fit their needs.
These genetic papers can provide you an idea about a filled in risk register:
Please note that you can schedule a call with our ISO 27001 expert, where he can give some tips on how to adapt Risk register, Statement of Applicability and your documents to your specific circumstances.
Additionally, since Conformio can automatically suggests threats, vulnerabilities, and applicable documents based on the specific assets you enter, you can use the examples provided in the abovementioned papers to see how the process goes through the platform.