Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Hi there, 

I'm looking for some help to direct me to folks that have created an ISMS using confluence, or something that is 'pre canned' that we can customise. 

Any assistance is appreciated.



4 answers

0 votes
Kat Marketplace Partner Dec 01, 2019

Have you had any luck @Robert McAdam? My online search lead me to your post and the website

Thanks Kat, I have looked in depth at and seeing if there were any others that were available. So far, they look like the only ones. 

Hi Robert, 

My company bought an ISO 27001 package, which consisted of roughly 100+ Word and Excel templates, some tens of pages long, while others a few paragraphs long.

Last year along with a colleague we were responsible for editing everything, changing the file owners, tags and labels, sharing them with people within the organisation over email and ensuring processes were place. It was an extremely tiring, a messy process, with a lot of files in various folders, multiple versions of documents, a lot of hard work. I wouldn't recommend it on anyone. 

This year I moved everything into Confluence, which was relatively easy to do with the Import Word document function and copy and paste, which sometimes is a lot easier because Word has a lot of unnecessary formatting. The big job really is:

  • getting the document wording in line with your companies security policies, 
  • getting pages that are related to each other linked up, or anchored for easy clicking, 
  • getting the documents standardised and formatted, 
  • allowing the auditors to see who has done what when?  
  • allowing the auditors to see versioning, owners and auditors of the pages and reports,
  • applying the security standards to your employees, teams and organisation etc. 

If you are going to do it yourself consider this 'must have' plugin, which will make your life a lot easier with all of the above. Sadly I only discovered this plugin in the last month, thus wasted a lot of time updating audit report pages manually. 

  • QC Documents for Confluence Cloud

  • SubSpace Navigation for Confluence

I am happy to share a few tips and tricks on how to do the pages, how to build the reports, etc.

In fact I did a post not so long ago titled How to automate a page (report) that summaries changes on other pages? on this very topic and one can see where I have used the QC plugin to maximise the potential of automation.

Here is example ISO Audit report page I created that is entirely automated, linked to every ISO page and it pulls in information as pages are updated. 

isf08 - internal 2019 audit report.png


The other plugin I mentioned is 'SubSpace Navigation for Confluence', this is a menu system, which I am using to show important documentation. I've found folk remember stuff a lot more if they:

  • know where to find it (hence a quick pull down menu). 
  • Likewise our managers  are only interested in their pages (again a quick pull down menu, with content only they can see is very useful). 

Here is an example of the menu in action for ISO 27001.

ISO 27001 Menu.png 

- Mike

Like # people like this

Hi @Robert McAdam, a partner of ours just released a plugin to help getting ISO 27001 certified.

Probably you already found your solution but maybe others may find this to be a useful alternative.

Here is the link to ISMS for Confluence on the Atlassian Marketplace:

Feel free to contact them if you have further questions.

@Mike Bowen appreciate its been a while, I noted the work you done on the ISO docs was something I was looking at - only just thinking of building something.  But wanted to touch base if your open to it for any guidance ?

@mike_mcdonald May I suggest you also take a look at my ready-to-run Confluence solution?


@Maurice Pasman Thanks is there a demo, as summarised looking to get the basics and ideas at this stage, functionality, accessibility etc.

@mike_mcdonald I believe this will already give you a good impression: ?

I am already in contact with @Robert McAdam but for all other people that stumble upon this question: I am the owner of Instant 27001 :-).

My solution is designed and sold as ready-to-run, as it contains not only the templates, but also all canned examples, written with small business in mind. So no need to sift through hundreds of lengthy Word and Excel files.

No plugins required, plain vanilla Confluence will do!

We are interested in implementation . Requested a demo 

Like Maurice Pasman likes this
Bas Brey I'm New Here Jul 09, 2021

@Maurice Pasman does it also have an operational planning? So that you can generate (recurring) tasks? 

It comes with an operational planning, but that is still a static page.

The most pragmatic approach is to take that planning an automate using recurring appointments in your team calendar.

Or, look at the Instant 27001 Jira Companion if you want to automate things from within the Atlassian stack :-).

That might be a stupid question but I am thinking about versioning documents in Confluence. ISO requires version control. Sometimes, however, typos or other minor changes are corrected in the document which do not affect the substantive content. Confluence makes a new version of document after every little change. When changing the version, you must authorize the change and notify stakeholders. How did you handle it? 

I wonder if we should introduce manual version control (manual mark) so that I only change version when there is a significant document change. 

Hi @Iz P , 

Our Scroll Documents app can help you here if you're looking for manual version control. (Just to be open, I work for the vendor of this app).

With Scroll Documents, you can save versions / snapshots of a page (or even multiple pages) whenever your team needs to. This feature isn't tied to Confluence's page versioning, so you can still make those minor changes between versions and they won't affect the major versions that you control. 

If you have any questions, we'd be happy to help or show you a demo of the app. Just get in touch with us:


Shannon (K15t)

The version controls system in Confluence suffices for ISO.

Yes, if you correct a typo a new version number will be assigned, but you can show the differences between the versions to the auditor, as proof that it did not have to be re-approved.

So while external version control or workflow apps may prove additional value to an organization, they are not required for ISO compliance.

(Source: I am an ISO auditor myself, and Instant 27001 has been certified hundreds of times so far without issues :-)

Like Iz P likes this

@Maurice Pasman Thank you! So, I'll manually mark the revision on the document and use a Confluence version control only to proof compliance (show that change didn't have to be reapproved). 

Like Maurice Pasman likes this

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

👁‍🗨 Confluence Team planning dashboard_Atlympics 🌈

Hi Atlassian's, How is your journey with #Atlympics 2021 so far....excited! Me too, same excitement. Here's my typical team planning and vision dashboard which I used to share to my management and ...

119 views 1 5
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you