Hi Atlassian community,
we are currently in audits for getting certified for ISO 27001 with Confluence as our ISMS.
We therefore need to make Confluence ISO ready based on the feedback we have gotten from the auditor. The main feedback was that every newly published version should have a comment, which is currently not possible due to ([CONFCLOUD-6373] Option for making page-publish/edit comments mandatory - Create and track feature requests for Atlassian products.)
We are looking into the following app that seems promising: Workflows for Confluence - Document Management & Approvals | Atlassian Marketplace
I however still wanted to ask some questions the community that are or were in the same situation to use Confluence as their ISMS for ISO 27001.
What kind of changes have you done in Confluence to get ISO 27001 ready (structure, content and technical)?
Which kind of Confluence built-in functionality do you use?
What kind of Marketplace apps have you added for this use-case?
I also need to mention that we are having Confluence Standard, which could potentially limit on what we can do, but even if you are using Premium functionality then this is good to know.
Thanks in advance for any kind of response!
Cheers
Simon
As fo recommended apps, to implement a continuous process that runs in the background, and categorize your pages to custom statuses using flexible conditions, the Better Content Archiving is super-useful.
It focuses on workflows, not on manual ones, but automated ones. It offers reports, notifications and automations for the different statuses.
Learn more about its feature set, it may be an option to consider!
Hello @Simon Sahli
Confluence is a good choice for an ISMS as part of ISO 27001 certification. However, you will probably need a plugin to extend the feature set and address the ISO requirements.
Point 7.5.2 of ISO 27001 describes two main aspects: "When creating and updating documented information, the organization shall ensure appropriate review and approval for suitability and adequacy."
Our app, Breeze, covers both of these aspects (plus more, such as data exports and audit logs), and many of our customers use it for ISO 27001 certification.
You can install it from the Atlassian Marketplace and try it for free, or schedule a demo with me to see how it works and how it addresses the particular requirements of ISO 27001.
All the best,
Adrian from B1NARY (we are the developers of Breeze)
,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.