My company bought an ISO 27001 package, which consisted of roughly 100+ Word and Excel templates, some tens of pages long, while others a few paragraphs long.
Last year along with a colleague we were responsible for editing everything, changing the file owners, tags and labels, sharing them with people within the organisation over email and ensuring processes were place. It was an extremely tiring, a messy process, with a lot of files in various folders, multiple versions of documents, a lot of hard work. I wouldn't recommend it on anyone.
This year I moved everything into Confluence, which was relatively easy to do with the Import Word document function and copy and paste, which sometimes is a lot easier because Word has a lot of unnecessary formatting. The big job really is:
If you are going to do it yourself consider this 'must have' plugin, which will make your life a lot easier with all of the above. Sadly I only discovered this plugin in the last month, thus wasted a lot of time updating audit report pages manually.
I am happy to share a few tips and tricks on how to do the pages, how to build the reports, etc.
In fact I did a post not so long ago titled How to automate a page (report) that summaries changes on other pages? on this very topic and one can see where I have used the QC plugin to maximise the potential of automation.
Here is example ISO Audit report page I created that is entirely automated, linked to every ISO page and it pulls in information as pages are updated.
The other plugin I mentioned is 'SubSpace Navigation for Confluence', this is a menu system, which I am using to show important documentation. I've found folk remember stuff a lot more if they:
Here is an example of the menu in action for ISO 27001.
Hi @Robert McAdam, a partner of ours just released a plugin to help getting ISO 27001 certified.
Probably you already found your solution but maybe others may find this to be a useful alternative.
Here is the link to ISMS for Confluence on the Atlassian Marketplace: https://marketplace.atlassian.com/apps/1223742/isms-for-confluence?hosting=server&tab=overview
Feel free to contact them if you have further questions.
I am already in contact with @Robert McAdam but for all other people that stumble upon this question: I am the owner of Instant 27001 :-).
My solution is designed and sold as ready-to-run, as it contains not only the templates, but also all canned examples, written with small business in mind. So no need to sift through hundreds of lengthy Word and Excel files.
No plugins required, plain vanilla Confluence will do!
It comes with an operational planning, but that is still a static page.
The most pragmatic approach is to take that planning an automate using recurring appointments in your team calendar.
Or, look at the Instant 27001 Jira Companion if you want to automate things from within the Atlassian stack :-).
That might be a stupid question but I am thinking about versioning documents in Confluence. ISO requires version control. Sometimes, however, typos or other minor changes are corrected in the document which do not affect the substantive content. Confluence makes a new version of document after every little change. When changing the version, you must authorize the change and notify stakeholders. How did you handle it?
I wonder if we should introduce manual version control (manual mark) so that I only change version when there is a significant document change.
Hi @Iz P ,
Our Scroll Documents app can help you here if you're looking for manual version control. (Just to be open, I work for the vendor of this app).
With Scroll Documents, you can save versions / snapshots of a page (or even multiple pages) whenever your team needs to. This feature isn't tied to Confluence's page versioning, so you can still make those minor changes between versions and they won't affect the major versions that you control.
If you have any questions, we'd be happy to help or show you a demo of the app. Just get in touch with us: email@example.com.
The version controls system in Confluence suffices for ISO.
Yes, if you correct a typo a new version number will be assigned, but you can show the differences between the versions to the auditor, as proof that it did not have to be re-approved.
So while external version control or workflow apps may prove additional value to an organization, they are not required for ISO compliance.
(Source: I am an ISO auditor myself, and Instant 27001 has been certified hundreds of times so far without issues :-)
Hi Atlassian's, How is your journey with #Atlympics 2021 so far....excited! Me too, same excitement. Here's my typical team planning and vision dashboard which I used to share to my management and ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events