Conformio gives pre-defined SO's
a. Is it possible to create customized SO's ?
b. For predefined SO's 'Decrease the costs of complying with information security & privacy regulations by x% because of ISO 27001 implementation' what is the meaning ? Where is the guidance/ metrics to measure this ?
c. Is there a specific reason why only these many predefined SO's are provided ?
Looking forward to your kind response.
Thanks & Regards
Mayank
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
a. Is it possible to create customized SO's ?
Answer: At current moment it is not possible to create customized security objectives beyond those presented by Conformio.
Please note that allowing customized security objectives to be defined would make unfeasible to take advantage of Conformio’s automated features to correlate ISMS results to them.
b. For predefined SO's 'Decrease the costs of complying with information security & privacy regulations by x% because of ISO 27001 implementation' what is the meaning ? Where is the guidance/ metrics to measure this ?
Answer: Please note that ISO 27001 provides a systematic way to implement security controls, so you can implement controls in the exact measure to fulfill your needs (e.g., legal, operational, contractual, etc.).
Without a systematic approach, you may be oversizing security measures, unnecessarily increasing costs, and this security objective is about achieving this saving.
When you implement ISO 27001, you will most probably decrease the costs of complying with some cybersecurity or privacy regulations - for example, by implementing ISO 27001 you will reduce the costs of GDPR compliance by 50% because there is a big overlap between these two frameworks.
You can find the guidance about the overlap in these materials:
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
- Comparison of HIPAA compliance and ISO 27001 certification https://advisera.com/27001academy/blog/2021/01/27/hipaa-compliance-vs-iso-27001/
- Comparison of SOC 2 and ISO 27001 certification https://advisera.com/27001academy/blog/2021/02/02/iso-27001-vs-soc-2/
c. Is there a specific reason why only these many predefined SO's are provided ?
Answer: The security objectives provide by Conformio are of the most common kinds adopted by organizations.
For further information, see:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
Oct 07, 2021