Forum Discussion
ISO/IEC 27001 ISMS in SharePoint Online - Mapping controls to risks
After some guidance on an approach to the following challenge please... I'd like to extend the very basic functionality of a simple risk register SP list by recording existing or required ISO 270...
Clause9 I think you would need to do this with Power Apps with the 93 controls, the control environments and the controls selected as separate lists as your data source. It could be done either as a Power Apps customised form in your "main" list (the controls selected?) or as a standalone app. The 93 controls would be checkboxes or toggles, probably checkboxes, and you'd add a save button to the form to patch what is selected to the relevant lists.
If you can post a few screenshots with examples of the data I couldshow you better how to build it.
Rob
Los Gallardos
Intranet, SharePoint and Power Platform Manager (and classic 1967 Morris Traveller driver)
Hi Rob, really sorry for the lack of response to your post; good old O365 filter blocked the message informing me that I had a response and I havent visited my email quarantine page since the Christmas break!! Anyhoo, have now seen it....
Re PowerApps customised form - sounds great but I've no idea what this would look like or how it would work so any guidance would be greatly appreciated.
As far as a screen shot of as-is, not sure if this would help as I dont have anything worth referencing. There's a simple multi-line text column for a description of the current controls (e.g. "We carry out pre-employment screening, all personnel have contracts of employment") but nothing (yet) for recording the actual controls selected from (in this case) Annex A of ISO 27001 (e.g. A.6.1 - Screening, A.6.2 - Terms and conditions of employment) that would align with the text-based description.
Any guidance or tips would be really useful...
Re PowerApps customised form - sounds great but I've no idea what this would look like or how it would work so any guidance would be greatly appreciated.
As far as a screen shot of as-is, not sure if this would help as I dont have anything worth referencing. There's a simple multi-line text column for a description of the current controls (e.g. "We carry out pre-employment screening, all personnel have contracts of employment") but nothing (yet) for recording the actual controls selected from (in this case) Annex A of ISO 27001 (e.g. A.6.1 - Screening, A.6.2 - Terms and conditions of employment) that would align with the text-based description.
Any guidance or tips would be really useful...