Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,559,294
Community Members
 
Community Events
184
Community Groups

How to automate a page (report) that summaries changes on other pages?

Edited
Mike Bowen
Mike Bowen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Nov 26, 2019

Some background:

When I joined my company I was told I would be in charge of their ISO 27001, which is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.

That is quite a mouthful, but very important to get right, especially in the eyes of our customers who trust us with their data.

Okay I thought, I can do this, until I saw what it entailed - roughly 73 Microsoft Word documents of varying file sizes and page lengths, stored on a server somewhere. Each document was written for a corporate sized company, so would need to be amended specifically for our smaller company. Looking beyond the documents I saw a lot of problems especially around version control, document ownership, multiple people editing documents, the sharing nightmare that is email and file attachments, backups and auditing, not to mention how I could standardise fonts, headings, tables, paragraphs etc. Also some ISO pages were not for everyone, as some documents were for Management eyes only.

Hello Confluence:

Confluence solved almost every single problem I predicted and I'll show you how I created the best automated report summary for both Management and myself as Information Security Manager.

First let me run through some of the benefits of using Confluence for this project:

  • All pages are on the cloud, which means easily accessible from any location without having to log into the company VPN or server. 
  • Pages can be easily shared with groups or individuals in your organisation. 
  • Pages can be easily linked to other pages through hyperlinks or anchors. 
  • Pages can contain videos, charts and images, which can in turn be clicked on. 
  • Groups or individuals can watch page(s).
  • Groups or individuals can edit page(s) if they have permission. 
  • Pages can be easily restricted in a few clicks. 
  • Pages can be easily saved for later or saved in draft or published. 
  • If someone makes a mistake on a page, pages have version control and can be easily restored to previous versions.
  • Pages can have inline comments making auditing a breeze.
  • Pages can have comments added with mentions of names or groups making collaboration and communication a doddle.
  • Pages have history showing everyone involved in the page. 
  • Pages can easily be converted to PDF or Word. 
  • Word Documents can easily be imported into Confluence. 
  • The WYSIWYG editor is a breeze to use and personally I find it a lot better than the word ribbon. 
  • Confluence has a large macro base by default offering tons of useful features and it ties in wonderfully well with other Atlassian products such as Jira Service Desk or Jira Core, not to mention Trello boards. 

Setting up the ISO pages:

Over a couple of months I imported all the ISO Word documents into Confluence and went about standardising the pages so that they looked and felt the same. I envisaged I would be creating further pages, so created two ISO templates, one for Management related ISO pages and one for everyone else.

On the Management summary report landing page I created a 'New ISO for management' button off the back of the ISO Management template. Below the button I wanted the report to show who had worked on the various ISO pages, when the work had taken place, what comments had been left and if any target dates or actions that needed to be followed up. 

The problem I encountered with the Management summary report:

  • How do I pull the title, version number, last updated by, updated date, comments into the report for each of the pages I wanted to display? This was a big problem. Not having a solution would mean the report would have to be a manual affair and when there are 70+ documents this is a painful task, which I did for a couple of months. This was made worse if any of those documents were changed.

Old way.png

The solution:

Here is the solution in two parts.

  1. On the individual ISO pages:
    1. Set up a Page Properties macro.
    2. Set the macro to hidden
    3. In the window of the macro; create a table with however many rows needed. In my example I've got eleven rows and on each row has the following heading: Title, Version, Audit Month, Auditor, Owner, Status, On Wiki, Restricted, Target Date, Comments and Updated Date.
    4. Fill in the information for each row 
      1. I instructed our three ISO page owners and auditors, to update the 'comments' section within the hidden page properties macro if they made changes to the page. 
      2. Set a label for the page (in my example I used 'iso').
      3. Publish the page.
        Page Properties hidden = true.png
  2. On the Summary Report Page for Management;
    1. Setup a Page Properties Report macro.
    2. Label = iso.
    3. In space = Current space.
    4. With parent = ISO for Management.
    5. Under Options - columns to show I included all the row titles listed in step 1 (e.g. Title, Version, Audit Month, Auditor, Owner, Status, On Wiki, Restricted, Target Date, Comments, Updated Date).
    6. Number of items to display = 99.
    7. Sort by = Title.
    8. Show comments count = checked.
    9. Show likes count = checked.
    10. Saved the macro. 

  3. The result is a Page Summary Report that is clean, orderly and most importantly "automated" which contain all the key information for management or whoever needs to quickly see what is going on. It is a thing of beauty. 

Summary Report Page.png

Do let me know if you have any questions or comments, I would be happy to help out if you have something similar to tackle. 

Mike

Comment
Watch
Like # people like this
2276 views

3 comments

Iz P
Iz P Jan 13, 2021

@Mike Bowen great content! That might be a stupid question but I am thinking about versioning documents in Confluence. ISO requires version control. Sometimes, however, typos or other minor changes are corrected in the document which do not affect the substantive content. Confluence makes a new version of document after every little change. When changing the version, you must authorize the change and notify stakeholders. How did you handle it? 

I wonder if we should introduce manual version control (manual mark) so that I only change version when there is a significant document change. 

Like
MN
MN Jan 13, 2021

Hi!

It seems like you need Comala apps (workflows + publishing) for document management workflows. We use it for medtech qms-s where we have similar requirements. 

cheers,

Margus

SoftComply

Like
James Conway
James Conway
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Jan 25, 2021

Thanks @MN for the mention and @Mike Bowen for explaining your process in this post and comment.

@Iz P the approach that @Mike Bowen explained is valid. If you wanted to automate notifying stakeholders of changes and getting authorisation, you could look at Comala Document Management on the Atlassian Marketplace (https://marketplace.atlassian.com/apps/142/comala-document-management?hosting=cloud&tab=overview). If you have any questions, please do not hesitate to contact me here or contact us via https://support.comalatech.com

All the best

James
Senior Product Manager

Like Ibra Alayah likes this
Reply
Mike Bowen
Mike Bowen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Jan 14, 2021 • edited

Hi @Iz P 

Good timing with your question, as yesterday was our annual external ISO27001 audit, the second audit I've been involved in using the ISM system that I built in Confluence. 

This was the second auditor who has seen my ISO system and was blown away by its features, efficiency, and having everything in one place.

The auditor wants to see that you have a handle on your documentation and what better way to show them an audit programme page with all your documents listed with document title, unique code, latest version, and the date the document was updated

It rules out them asking you each time "Is this the latest version?". 

ISM.jpg

No question is stupid... 

RE: When changing the version, you must authorize the change and notify stakeholders. How did you handle it? 

Yes, confluence makes a new version for every change made, but so what? That is your ISMS strength. 

How often really are you making minor changes to grammar? 

In my hidden page properties section at the top, I or whoever has the ability to make changes must always add a comment when anything changes on the page. For example:

  • fixed grammar, or
  • made some minor changes to a paragraph or
  • added a link to another page or
  • removed/added/modified some text.

These page properties comments then update another page automatically with all the changes. I recommend our Stakeholders to watch this page as it is a high-level view of all the ISO documents in our system. 

In our company, there is no need to let stakeholders know unless it is a major change to a process or protocol, in which case you would probably arrange stakeholders meeting at some point, to discuss what was is to be changed, add action notes and meeting minutes and then go ahead and make the changes. This is all part of ISMS and you'll have procedure documents such as the Management Review Agenda that will highlight this.  

Also, don't forget, every document in your ISMS will need to be audited internally and signed off, before your yearly external audit. These audits can be monthly/quarterly/yearly/you decide.

That is how I do it, and from the feedback from the external auditor yesterday, it is entirely up to you on how one goes about making the changes, document, improve and communicate the changes, and most importantly keep your information safe and secure. 

I hope that helps. 

Mike

Like
Reply
Ibra Alayah
Ibra Alayah Feb 07, 2021

 H @Mike Bowen I'm really interested to know more about how to automate a page that summaries change on other pages? and also need support related to the automation process for ISO 27001 standard. in the Swedish language? 

 

appreciate your support 

Ibrahim

Like
Reply

Comment

Log in or Sign up to comment
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

See all events