From Scattered Excel Files to One Connected System
Three Vendors Compared. One Stood Out.
When Robert Kerssies joined DHD as security officer in June 2023, he inherited an information security setup scattered across disconnected files and channels: "As a newcomer, I had no overview of the Excel and Word files and Teams channels that were linked together. I was used to working with an online ISMS at my previous employer. I suggested that we look for an online ISMS that could integrate with our existing Information Security Handbook in our SharePoint environment."
"DHD ran a brief market analysis comparing three vendors." The verdict was clear: "ISOPlanner™ offered so much more functionality and benefits that they quickly stood out. So, I said to the other organisation that I thought they did a nice job, but that ISOPlanner™ was the cream of the crop."
Implemented in 3 Months
Implementing new software usually takes three to six months before everyone is on board. ISOPlanner™ was no exception: "Information security is not something that just one person does. Fortunately, we had already done a lot of preliminary work, we were already compliant according to the old standard. With Purasec as a consultant, and templates and sample documents from Instant27001, I was able to implement ISOPlanner™ quite easily in 3 months. With the occasional toll at my laptop, because I was working on ISOPlanner™ for weeks. Because you have to put in the time yourself."
Everything Linked, Nothing Overlooked
Robert continues:"It has to be very simple. With ISOPlanner™ you link everything together, forming a kind of domino effect. If you tap a standard, you know that the measure is also correct… you don't have to double-check everything. You build your own dashboard and customise everything yourself. That gave me an overview and many insights.
It also gave us a sudden insight into measures that we thought we had implemented well…we were doing something, but it wasn't written down in the policies. Because everything is in one central place, that information is much faster available."
One Management Environment in SharePoint
DHD chose to link its existing manual in SharePoint to ISOPlanner™. Robert continues: "All I do now is reference SharePoint pages in the measures. The moment I modify my SharePoint page, the measure automatically adapts as well."
An ISMS Held to the Highest Standard
"It provides a lot of confidence that you are carefully handling sensitive data. The standard offers the freedom to set up the ISMS to your own needs. Since we collect a lot of sensitive healthcare data from and share data with hospital care, it's important to take this responsibility seriously. ISOPlanner™ fits well with this ambition. We feel it is important to show this care not only during an audit but also every day. In the end, we build software and dashboards, we work with Power BI and Azure…Then your ISMS should also be of the highest standard."
Easy Onboarding, Greater Involvement
With most colleagues involved only once or twice a year, easy access keeps them engaged. An onboarding event for DHD employees is scheduled soon: "Most colleagues only have to act once or twice a year. Still, it is very nice that I can give everyone online access to documents to show how everything is set up. That increases involvement and, in the long run, it contributes to our professionalism. It also provides more insight, for example into the number and type of incidents… I'd rather have 100 reports and 10 incidents than 10 reports and 1 incident. Because otherwise, we don't learn anything. An incident should never be a stick to beat with. Rather offer people a safe environment to make mistakes and learn from them. Never waste a good incident."
Room to Spar
Robert concludes: "ISOPlanner™ gives us space to spar. It is still a young and dynamic organisation, one that listens to customer experiences and acts on feedback. So that, too, is very nice."
