Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

ISO 27001 ISMS

Robert McAdam
Robert McAdam
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 27, 2019

Hi there, 

I'm looking for some help to direct me to folks that have created an ISMS using confluence, or something that is 'pre canned' that we can customise. 

Any assistance is appreciated.

cheers

Rob

Answer
Watch
Like Armando Leite likes this
11640 views

5 answers

3 votes
Sofia Kargioti _QC Analytics_
Sofia Kargioti _QC Analytics_
Contributor
July 14, 2023

Hello @Robert McAdam 

I hope everything is well!

Maybe you already found the solution that you were looking for, but if not maybe you would be interested in our ready-to-use ISO/IEC 27001:2022 Template for Confluence Cloud which you can find on our store.

Last year we got certified with ISO 27001 by using this exact template (with some customizations according to our needs of course) and we decided to help other companies ensure their compliance with the standard's requirements as well.

You can also have a look at this article I wrote in the community regarding our ready-to-use space templates, or contact us for any additional help you may need.

I hope this helps you or any other readers that stumble upon your question 🙂

Kind regards,

Sofia

Reply
1 vote
Iz P
Iz P January 13, 2021

That might be a stupid question but I am thinking about versioning documents in Confluence. ISO requires version control. Sometimes, however, typos or other minor changes are corrected in the document which do not affect the substantive content. Confluence makes a new version of document after every little change. When changing the version, you must authorize the change and notify stakeholders. How did you handle it? 

I wonder if we should introduce manual version control (manual mark) so that I only change version when there is a significant document change. 

View More Comments
Shannon Meehan _K15t_
Shannon Meehan _K15t_
Atlassian Partner
January 13, 2021

Hi @Iz P , 

Our Scroll Documents app can help you here if you're looking for manual version control. (Just to be open, I work for the vendor of this app).

With Scroll Documents, you can save versions / snapshots of a page (or even multiple pages) whenever your team needs to. This feature isn't tied to Confluence's page versioning, so you can still make those minor changes between versions and they won't affect the major versions that you control. 

If you have any questions, we'd be happy to help or show you a demo of the app. Just get in touch with us: hello@k15t.com.

Cheers, 

Shannon (K15t)

Like
Maurice Pasman
Maurice Pasman
Contributor
January 13, 2021

The version controls system in Confluence suffices for ISO.

Yes, if you correct a typo a new version number will be assigned, but you can show the differences between the versions to the auditor, as proof that it did not have to be re-approved.

So while external version control or workflow apps may prove additional value to an organization, they are not required for ISO compliance.

(Source: I am an ISO auditor myself, and Instant 27001 has been certified hundreds of times so far without issues :-)

Like Iz P likes this
Iz P
Iz P January 14, 2021

@Maurice Pasman Thank you! So, I'll manually mark the revision on the document and use a Confluence version control only to proof compliance (show that change didn't have to be reapproved). 

Like Maurice Pasman likes this
Reply
1 vote
Robert McAdam
Robert McAdam
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 1, 2019

Thanks Kat, I have looked in depth at instant27001.com and seeing if there were any others that were available. So far, they look like the only ones. 

View More Comments
Mike Bowen
Mike Bowen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 2, 2019

Hi Robert, 

My company bought an ISO 27001 package, which consisted of roughly 100+ Word and Excel templates, some tens of pages long, while others a few paragraphs long.

Last year along with a colleague we were responsible for editing everything, changing the file owners, tags and labels, sharing them with people within the organisation over email and ensuring processes were place. It was an extremely tiring, a messy process, with a lot of files in various folders, multiple versions of documents, a lot of hard work. I wouldn't recommend it on anyone. 

This year I moved everything into Confluence, which was relatively easy to do with the Import Word document function and copy and paste, which sometimes is a lot easier because Word has a lot of unnecessary formatting. The big job really is:

  • getting the document wording in line with your companies security policies, 
  • getting pages that are related to each other linked up, or anchored for easy clicking, 
  • getting the documents standardised and formatted, 
  • allowing the auditors to see who has done what when?  
  • allowing the auditors to see versioning, owners and auditors of the pages and reports,
  • applying the security standards to your employees, teams and organisation etc. 

If you are going to do it yourself consider this 'must have' plugin, which will make your life a lot easier with all of the above. Sadly I only discovered this plugin in the last month, thus wasted a lot of time updating audit report pages manually. 

  • QC Documents for Confluence Cloud

  • SubSpace Navigation for Confluence

I am happy to share a few tips and tricks on how to do the pages, how to build the reports, etc.

In fact I did a post not so long ago titled How to automate a page (report) that summaries changes on other pages? on this very topic and one can see where I have used the QC plugin to maximise the potential of automation.

Here is example ISO Audit report page I created that is entirely automated, linked to every ISO page and it pulls in information as pages are updated. 

isf08 - internal 2019 audit report.png

 

The other plugin I mentioned is 'SubSpace Navigation for Confluence', this is a menu system, which I am using to show important documentation. I've found folk remember stuff a lot more if they:

  • know where to find it (hence a quick pull down menu). 
  • Likewise our managers  are only interested in their pages (again a quick pull down menu, with content only they can see is very useful). 

Here is an example of the menu in action for ISO 27001.

ISO 27001 Menu.png 

- Mike

Like # people like this
Thor
Thor
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 27, 2021

Hi @Robert McAdam, a partner of ours just released a plugin to help getting ISO 27001 certified.

Probably you already found your solution but maybe others may find this to be a useful alternative.

Here is the link to ISMS for Confluence on the Atlassian Marketplace: https://marketplace.atlassian.com/apps/1223742/isms-for-confluence?hosting=server&tab=overview

Feel free to contact them if you have further questions.

Like
Deleted user August 3, 2021

@Mike Bowen appreciate its been a while, I noted the work you done on the ISO docs was something I was looking at - only just thinking of building something.  But wanted to touch base if your open to it for any guidance ?

Like
Maurice Pasman
Maurice Pasman
Contributor
August 3, 2021

@[deleted] May I suggest you also take a look at my ready-to-run Confluence solution?

https://instant27001.com/

Thanks!

Like
Deleted user August 3, 2021

@Maurice Pasman Thanks is there a demo, as summarised looking to get the basics and ideas at this stage, functionality, accessibility etc.

Like
Maurice Pasman
Maurice Pasman
Contributor
August 3, 2021

@[deleted] I believe this will already give you a good impression: https://instant27001.com/walkthrough/ ?

Like
Mike Bowen
Mike Bowen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 5, 2021

Hi @[deleted] 

I am always willing to help or offer advice. If you wish to get in touch, you can reach me at mruntappd@gmail.com (that is not my direct email address, but I monitor the mailbox).

I don't want to step on anyone toes here, but getting the ISO 27001 platform to where it is today, having passed three ISO 27001 certifications, did take me quite a lot of work (as I kept thinking of ways to improve it), so if there is an easier way out there, by all means, explore it.

As Jira Administrator at my company, I had all the permissions available to me to explore all the options and to take my time doing the system. My only wish is that I also had control over the budget because there are some great plugins out there that would have helped me a great deal. 

Kind regards,

Mike 

Like
Timothy Baynes
Timothy Baynes August 12, 2023

Mike, thanks for your posts here. Other than the two plugins you mention above, are there any others you would have liked, with more budget?

Like
Reply
0 votes
Maurice Pasman
Maurice Pasman
Contributor
March 12, 2020

I am already in contact with @Robert McAdam but for all other people that stumble upon this question: I am the owner of Instant 27001 :-).

My solution is designed and sold as ready-to-run, as it contains not only the templates, but also all canned examples, written with small business in mind. So no need to sift through hundreds of lengthy Word and Excel files.

No plugins required, plain vanilla Confluence will do!

View More Comments
Pushpendra Paliwal
Pushpendra Paliwal
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 25, 2020

We are interested in implementation . Requested a demo 

Like Maurice Pasman likes this
Bas Brey
Bas Brey
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 9, 2021

@Maurice Pasman does it also have an operational planning? So that you can generate (recurring) tasks? 

Like
Maurice Pasman
Maurice Pasman
Contributor
July 9, 2021

It comes with an operational planning, but that is still a static page.

The most pragmatic approach is to take that planning an automate using recurring appointments in your team calendar.

Or, look at the Instant 27001 Jira Companion if you want to automate things from within the Atlassian stack :-).

Like
Reply
0 votes
Kat Warner
Kat Warner
Atlassian Partner
December 1, 2019

Have you had any luck @Robert McAdam? My online search lead me to your post and the website https://instant27001.com/.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events