Forum Discussion
ISO/IEC 27001 ISMS in SharePoint Online - Mapping controls to risks
After some guidance on an approach to the following challenge please... I'd like to extend the very basic functionality of a simple risk register SP list by recording existing or required ISO 270...
Isn't this as easy as creating a separate list with all Annex A controls and then in the risk register you create a Lookup column pointing to the Controls list. You can have it as a multi-select.
I suppose this covers your need?
BTW I'm currently managing our ISMS on top of SharePoint in order to keep track of all ISO27001 requirements. I feel that a lot of companies want to have the same and therefore I'm thinking of launching a commercial template framework that can help companies to immediately kick-off a certification project out of the box.
Would anybody be interested in paying for such template package?
I suppose this covers your need?
BTW I'm currently managing our ISMS on top of SharePoint in order to keep track of all ISO27001 requirements. I feel that a lot of companies want to have the same and therefore I'm thinking of launching a commercial template framework that can help companies to immediately kick-off a certification project out of the box.
Would anybody be interested in paying for such template package?
I'm in the process of looking at moving from my older excel templates to something a bit more usable within SP. I'm also involved in a project looking at mapping other standards too, as part of defining security standards relevant to education settings ... so whatever I have within SP needs to be able to flow out to external resources.
- PowerAutomate is pretty useful for flowing actions / data out of SP to other resources - there's a bunch of connectors to other systems if simple email isnt sufficient.
As far as mapping to other standards, I'm sure you're aware that there's already heaps of resources available for mapping controls - just be aware that many these mappings forget that ISO 27001 is more than just the controls in Annex A. The management system processes in clauses 4 - 10 also need to be mapped...