How to automate a page (report) that summaries changes on other pages?

Some background:

When I joined my company I was told I would be in charge of their ISO 27001, which is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.

That is quite a mouthful, but very important to get right, especially in the eyes of our customers who trust us with their data.

Okay I thought, I can do this, until I saw what it entailed - roughly 73 Microsoft Word documents of varying file sizes and page lengths, stored on a server somewhere. Each document was written for a corporate sized company, so would need to be amended specifically for our smaller company. Looking beyond the documents I saw a lot of problems especially around version control, document ownership, multiple people editing documents, the sharing nightmare that is email and file attachments, backups and auditing, not to mention how I could standardise fonts, headings, tables, paragraphs etc. Also some ISO pages were not for everyone, as some documents were for Management eyes only.

Hello Confluence:

Confluence solved almost every single problem I predicted and I'll show you how I created the best automated report summary for both Management and myself as Information Security Manager.

First let me run through some of the benefits of using Confluence for this project:

  • All pages are on the cloud, which means easily accessible from any location without having to log into the company VPN or server. 
  • Pages can be easily shared with groups or individuals in your organisation. 
  • Pages can be easily linked to other pages through hyperlinks or anchors. 
  • Pages can contain videos, charts and images, which can in turn be clicked on. 
  • Groups or individuals can watch page(s).
  • Groups or individuals can edit page(s) if they have permission. 
  • Pages can be easily restricted in a few clicks. 
  • Pages can be easily saved for later or saved in draft or published. 
  • If someone makes a mistake on a page, pages have version control and can be easily restored to previous versions.
  • Pages can have inline comments making auditing a breeze.
  • Pages can have comments added with mentions of names or groups making collaboration and communication a doddle.
  • Pages have history showing everyone involved in the page. 
  • Pages can easily be converted to PDF or Word. 
  • Word Documents can easily be imported into Confluence. 
  • The WYSIWYG editor is a breeze to use and personally I find it a lot better than the word ribbon. 
  • Confluence has a large macro base by default offering tons of useful features and it ties in wonderfully well with other Atlassian products such as Jira Service Desk or Jira Core, not to mention Trello boards. 

Setting up the ISO pages:

Over a couple of months I imported all the ISO Word documents into Confluence and went about standardising the pages so that they looked and felt the same. I envisaged I would be creating further pages, so created two ISO templates, one for Management related ISO pages and one for everyone else.

On the Management summary report landing page I created a 'New ISO for management' button off the back of the ISO Management template. Below the button I wanted the report to show who had worked on the various ISO pages, when the work had taken place, what comments had been left and if any target dates or actions that needed to be followed up. 

The problem I encountered with the Management summary report:

  • How do I pull the title, version number, last updated by, updated date, comments into the report for each of the pages I wanted to display? This was a big problem. Not having a solution would mean the report would have to be a manual affair and when there are 70+ documents this is a painful task, which I did for a couple of months. This was made worse if any of those documents were changed.

Old way.png

The solution:

Here is the solution in two parts.

  1. On the individual ISO pages:
    1. Set up a Page Properties macro.
    2. Set the macro to hidden
    3. In the window of the macro; create a table with however many rows needed. In my example I've got eleven rows and on each row has the following heading: Title, Version, Audit Month, Auditor, Owner, Status, On Wiki, Restricted, Target Date, Comments and Updated Date.
    4. Fill in the information for each row 
      1. I instructed our three ISO page owners and auditors, to update the 'comments' section within the hidden page properties macro if they made changes to the page. 
      2. Set a label for the page (in my example I used 'iso').
      3. Publish the page.
        Page Properties hidden = true.png
  2. On the Summary Report Page for Management;
    1. Setup a Page Properties Report macro.
    2. Label = iso.
    3. In space = Current space.
    4. With parent = ISO for Management.
    5. Under Options - columns to show I included all the row titles listed in step 1 (e.g. Title, Version, Audit Month, Auditor, Owner, Status, On Wiki, Restricted, Target Date, Comments, Updated Date).
    6. Number of items to display = 99.
    7. Sort by = Title.
    8. Show comments count = checked.
    9. Show likes count = checked.
    10. Saved the macro. 

  3. The result is a Page Summary Report that is clean, orderly and most importantly "automated" which contain all the key information for management or whoever needs to quickly see what is going on. It is a thing of beauty. 

Summary Report Page.png

Do let me know if you have any questions or comments, I would be happy to help out if you have something similar to tackle. 

Mike

4 comments

Iz P January 13, 2021

@Mike Bowen great content! That might be a stupid question but I am thinking about versioning documents in Confluence. ISO requires version control. Sometimes, however, typos or other minor changes are corrected in the document which do not affect the substantive content. Confluence makes a new version of document after every little change. When changing the version, you must authorize the change and notify stakeholders. How did you handle it? 

I wonder if we should introduce manual version control (manual mark) so that I only change version when there is a significant document change. 

Mike Bowen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 14, 2021

Hi @Iz P 

Good timing with your question, as yesterday was our annual external ISO27001 audit, the second audit I've been involved in using the ISM system that I built in Confluence. 

This was the second auditor who has seen my ISO system and was blown away by its features, efficiency, and having everything in one place.

The auditor wants to see that you have a handle on your documentation and what better way to show them an audit programme page with all your documents listed with document title, unique code, latest version, and the date the document was updated

It rules out them asking you each time "Is this the latest version?". 

ISM.jpg

No question is stupid... 

RE: When changing the version, you must authorize the change and notify stakeholders. How did you handle it? 

Yes, confluence makes a new version for every change made, but so what? That is your ISMS strength. 

How often really are you making minor changes to grammar? 

In my hidden page properties section at the top, I or whoever has the ability to make changes must always add a comment when anything changes on the page. For example:

  • fixed grammar, or
  • made some minor changes to a paragraph or
  • added a link to another page or
  • removed/added/modified some text.

These page properties comments then update another page automatically with all the changes. I recommend our Stakeholders to watch this page as it is a high-level view of all the ISO documents in our system. 

In our company, there is no need to let stakeholders know unless it is a major change to a process or protocol, in which case you would probably arrange stakeholders meeting at some point, to discuss what was is to be changed, add action notes and meeting minutes and then go ahead and make the changes. This is all part of ISMS and you'll have procedure documents such as the Management Review Agenda that will highlight this.  

Also, don't forget, every document in your ISMS will need to be audited internally and signed off, before your yearly external audit. These audits can be monthly/quarterly/yearly/you decide.

That is how I do it, and from the feedback from the external auditor yesterday, it is entirely up to you on how one goes about making the changes, document, improve and communicate the changes, and most importantly keep your information safe and secure. 

I hope that helps. 

Mike

Ibra Alayah
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 7, 2021

 H @Mike Bowen I'm really interested to know more about how to automate a page that summaries change on other pages? and also need support related to the automation process for ISO 27001 standard. in the Swedish language? 

 

appreciate your support 

Ibrahim

Sofia Kargioti _QC Analytics_
Contributor
July 14, 2023

Hello @Mike Bowen , thanks for mentioning and using our QC Documents app and the great content!

@Iz P the QC Read & Understood app lets you choose a different version strategy that can be really helpful when making minor changes to a Confluence page. You can also have a look in an article I wrote last year called "Different Version Control strategies within Confluence Cloud". 

Hope this helps any reader that comes accross this very interesting post 🙂

Best,

Sofia

Like Vakalos Mixalis likes this

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events