As the ISO 27001 implementation can be tedious, Conformio introduces the Implementation steps.
The Implementation steps guide you through all the mandatory and most relevant documents to help you simplify the implementation process and obtain the certification quickly and effectively.
Through the Implementation steps, you can assign each step to a relevant user of your Conformio, who can then fill out the documents in the steps, send them for review, approval, and corrections needed, withdraw the document, and collaborate with the rest of the implementation team.
Main Goals of Implementation Steps
The main goal of the Implementation steps is to guide you through the series of steps consisting of document wizards and different registers and modules. Once the steps are completed, Conformio will generate all the necessary documents for the certification process.
Conformio provides you with the most necessary steps and documents, while others are added depending on your organization’s size, amount of risks, and ISMS scope itself.
What is displayed in the Implementation Steps?
In the main overview menu of the Implementation steps, you can see the following:
- Steps Completed: Shows the information about the steps completed. The first number represents the number of finished steps, and the second number indicates the overall number of steps. The number of steps will change once you have completed SoA, as in this step, a number of additional steps will be added considering the applicable controls and their implementation methods.
- In which section of the implementation process are you currently: Each section has its own steps and documents you need to prepare.
-
- Project Preparation
- Risk Management
- Security Documentation
- Preparation for the External Audit
- Maintenance
-
- Progress of the particular step: Each step will have a distinct color, notifying you of the progress that has been made about it. Green color marks the finished step (after clicking Finish Step), blue color marks a step in progress and white color marks a step that has not yet started.
CONFORMIO in the English Language
- the following section only applies to Conformio users who are using the English language;
- for German, scroll to the end of the English section;
Implementation Steps
Every step in the Implementation steps consists of:
- A title that relates to specific documents and registers relevant to the implementation of ISO 27001 (e. g. the Risk Register);
- Color Icon: Green, blue, or white;
- A View Step / Arrow button to open additional settings and information about each step.
- Clicking on the arrow or the title will navigate you to the step overview
Step Performer
By default, the owner of all steps is the user holding the Project Manager role.
However, both the Project Manager and the Admin can:
- View and edit each step;
- Assign ownership of a specific step to different regular users via the step properties;
“View Step” Overview
By clicking the View Step button, you will open the step that consists of:
- Basic information about the step;
- Document/register information (status, version, last update, author);
- The step deadline;
- Document Wizard;
- Option to upload your own document created outside of Conformio;
- Awareness and Training;
- Technology, Human Resources, and Finance;
- Finish step.
Document Wizard
The Document Wizard guides you through all the mandatory and most relevant documents by navigating you with specific questions through the sections that need to be customized. The Document Wizard reduces the time required for completing the documents, distributing them to all the relevant people, and being prepared for the certification audit in a fraction of the time and cost.
If you do not want to use Document Wizard, you can upload your own documents. However, we advise finishing working on the document via the Document Wizard.
Uploading your own documents
Conformio allows you to upload any file type (doc,x .xlsx, pdf, etc.), but previewing the uploaded file is only possible if the file is uploaded in pdf format.
To upload your own documents created outside of Conformio, follow the steps:
- Open the desired step;
- Navigate to the Would you like to use the Conformio wizard for developing this document? part and choose the option “No;
- Click the Change File button and then click Choose File to upload the document.
Awareness and Training
After the document is completed, reviewed, and approved, you can assign additional Awareness and Training to members of your Conformio account to give them additional insights into this specific document to execute their responsibilities better. This is not mandatory and will not impact your ability to finish the step.
Technology, Human Resources, and Finance
You can assign if and how much of the additional resources are needed to implement a specific document or register.
These are not mandatory to be selected here, as you can assign the resources in the Statement of Applicability if the step in question is selected as an implementation method.
If resources are defined in the Risk Treatment Plan, they will automatically be listed in the step here and vice-versa.
If you define recourses before completing the Risk Treatment Plan, they will automatically be added to it when you are ready to complete it.
Finish Step
By clicking the Finish Step, button after the document is generated and approved, the document progress will go to 100%, and you can move to the next step in the Implementation steps.
If you are unable to click the Finish Step button, something in that particular step is unfinished, and you should go back to the step and recheck everything.
CONFORMIO in the German Language
- the following section applies to users of the German Language
Every step in the Implementation steps consists of:
- A title that relates to specific documents and registers relevant to the implementation of ISO 27001 (e. g. the Risk Register);
- Color Icon: Green, blue, or white;
- A View Step / Arrow button to open additional settings and information about each step.
- Clicking on the arrow or the title will navigate you to the step overview
Step Performer
By default, the owner of all steps is the user holding the Project Manager role.
However, both the Project Manager and the Admin can:
- View and edit each step;
- Assign ownership of a specific step to different regular users via the step properties;
“View Step” Overview
By clicking the View Step button, you will open the step that consists of:
- Basic information about the step;
- Document/register information (status, version, last update, author);
- The step deadline;
- Document Wizard;
- Option to upload your own document created outside of Conformio;
- Awareness and Training;
- Technology, Human Resources, and Finance;
- Finish step.
By clicking the ÖFFNEN SIE DEN DOKUMENTENASSISTENTEN you will be transferred to the German Document Wizard. It is different from the English one and allows you more customization overall with the documents.
Awareness and Training
After the document is completed, reviewed, and approved, you can assign additional Awareness and Training to members of your Conformio account to give them additional insights into this specific document to execute their responsibilities better. This is not mandatory and will not impact your ability to finish the step.
Technology, Human Resources, and Finance
You can assign if and how much of the additional resources are needed to implement a specific document or register.
These are not mandatory to be selected here, as you can assign the resources in the Statement of Applicability if the step in question is selected as an implementation method.
If resources are defined in the Risk Treatment Plan, they will automatically be listed in the step here and vice-versa.
If you define recourses before completing the Risk Treatment Plan, they will automatically be added to it when you are ready to complete it.
Finish Step
By clicking the Finish Step, button after the document is generated and approved, the document progress will go to 100%, and you can move to the next step in the Implementation steps.
If you are unable to click the Finish Step button, something in that particular step is unfinished, and you should go back to the step and recheck everything.
Frequently Asked Questions:
1. Do we have to assign Training and Resources for every step?
No. Training is completely optional, but it is advised that if some users require additional Training – that Training should then be assigned to them. This can be monitored through the Training Module. Resources are not needed at this time, but they will be automatically added if they are defined in the Risk Treatment Plan within the Statement of Applicability.
2. Can the documents be formatted according to our company-wide style requirements?
Documents cannot be formatted by custom styles outside of Conformio at the moment.