Automate the entire risk assessment and risk treatment process with the Risk Register. Conformio automatically suggests the assets, related vulnerabilities, and threats, as well as the most appropriate controls for risk treatment; is also calculates the residual risk.
Once the risk owners accept all residual risks and the entire risk assessment process is finished, the Risk Assessment and Risk Treatment Report is created automatically.
Document Management System
Get access to your ISO 27001 project documents at any time with the Document Management System. Files generated via the document wizard, documents that you upload to Conformio, and reports generated by Conformio – they are all securely stored in one place.
You will be able to define the access rights to each document based on the status of the document and the role of the user, and also synchronize your documents with the easy Dropbox integration.
Easy-to-use matrix of users and their responsibilities, actions, and tasks that should be performed in order to implement and maintain the ISO 27001 standard in your company. You can set reminders for different tasks to make sure that all tasks are performed in a timely manner.
Statement of Applicability
Conformio provides a list of all 114 security controls suggested by ISO 27001 and suggests the ones that could be applicable to your company, along with the documents and tasks that need to be performed in order to implement those security controls.
You will be able to decide which controls are applicable to your company and assign the actions required to become compliant with the ISO 27001 standard. Once you finish the process, a report will be generated in PDF format.
Register of Legal, Regulatory and Contractual Requirements
This register lists all the regulations and third-party agreements that your company should comply with in order to implement and maintain ISO 27001. Conformio provides you with a list of some basic security and privacy laws and regulations for some of the countries.
Once you include all the legal, regulatory, and contractual requirements, Conformio will generate the report in PDF format.
Define the training plan for your company and assign the training needed for each employee. You will be able to keep track of all the employees and their training progress in one place.
Once the training plan is defined and approved, Conformio will automatically generate the Training Plan document in PDF format.
Get an overview of all the tasks and actions that need to be performed in order to implement and maintain the ISO 27001 standard in your company. Conformio displays all the important information with detailed and easy-to-understand dashboards.
The Project Status Dashboard provides information about the progress of the compliance steps, along with the needed resources and their status. The Compliance Dashboard provides information on the progress of the compliance and how ready your company is for the certification audit. The Performance Dashboard provides information about the fulfillment of objectives and the performance of day-to-day activities while maintaining compliance with ISO 27001.
Internal Audit Module
Easily schedule, prepare, and perform the audit with adjustable checklists. Conformio provides a suggested audit checklist that is adapted to the specifics in your policies and procedures, and you can adapt the checklist according to your preferences.
You will be able to prepare the audit report and attach any relevant audit information or evidence to the report. Once the audit is completed, the audit report will be generated in PDF format and automatically stored in the Conformio Document Management System.
Nonconformities & Corrective Action Module
Many companies underestimate the effort needed to maintain the Information Security Management System once it gets certified. One of the maintenance tasks is to define all the nonconformities and corrective actions, along with the tasks for resolving nonconformities – you can easily do that through Conformio. For each nonconformity, you will be able to add a description, set the deadline, and assign the responsible person.
A corrective action or task for resolving a nonconformity will be created automatically and assigned to the person responsible for resolving the task.
Another important task to maintain the ISO 27001 certification is to handle the entire incident “lifecycle” – Conformio will help you do that with the Incident Register. Conformio allows you to add any important details about the incident and related risks, include any attachments needed as evidence of the incident, and assign appropriate corrective actions. Once the incident is registered, the task will be assigned to the person who needs to resolve it.