Workflow Integration (Power Automate, Zapier)
Automate Processes At Your Own Pace
With our tight integration with Power Automate and Zapier, you can start processes like incident handling and supplier assessment but also automatically collect evidence. An example would be to collect evidence for database backup retentions. Let’s say you have written a database backup policy, stating that backups must be kept for specific time periods.
If you host your databases on AWS or Azure, you can periodically collect information about their retention periods using a workflow. The collected information is probably a JSON snippet which ISOPlanner understands as valid evidence after approval. You can create a recurring task in ISOPlanner that starts the workflow and checks if the collected evidence matches the approved version. If it matches, the result is stored in a KPI over time, so you see it on the dashboard of the related ISO controls, risks and objectives. If it does not match, you can configure that your incident management process is started.
This can be supported by another workflow that routes the incident to the IT department for investigation. For example by creating a ticket and sending a message to Microsoft Teams or Slack. This way you can automate almost everything, and at your own pace.
KPIs & Objective Management
Simply Support Decision Making
Setting objectives at an organizational level and measuring their performance is a good practice to support decision making. With ISOPlanner you can create objectives, relate them to processes, risks and controls and start measuring them using KPIs. KPIs are the ‘data fields’ that hold data over time. You can store any number of data points in various formats.
For example, the number of malfunctions in a production line, your NPS score, or the number of security vulnerabilities found in your infrastructure. The sky is the limit. With a few clicks, a workflow can save data from most external systems into a KPI in ISOPlanner. Each objective has its own dashboard to visualize this data in various graphs over time.
Evidence Collection & Management
Secure And Independent Evidence Collection
Automated collection of evidence is what many solutions provide, including ISOPlanner. We think our advantage is that we don’t access your systems and advice to only store statistical data in ISOPlanner. Only the workflow platforms (Power Automate, Zapier) access your systems and you have full control over authorization and what data is read.
Another drawback of other systems is that they make direct connections to, for example your HR system. Any bugs in those integrations, of which the code is not transparent or open source, may go unnoticed.
Our way of integrating makes use of the workflow platforms in which you can control the data flow and fully test it yourself. This architecture leads to the benefit of being able to automate everything without being dependent on the release cycle of proprietary software.
Tailored Data Collection
In ISOPlanner you can create custom forms to collect data in tasks. You can create a form by adding KPI’s to it. And additional fields like attachments and context. Attachments can be documents that are uploaded to SharePoint to a predefined location. Context fields are relationships with other entities in ISOPlanner like assets, risks, controls and processes. For example, you can create a form for laptop inspection with fields to check if Bitlocker is enabled and antivirus is up to date.
Of course, these manual inspections can be automated using Microsoft Intune or other monitoring system. But you may also want to check the serial number on the back which cannot be automated. ISOPlanner supports these use cases by allowing forms to be partly automated. Or you may want to create a form with fields to analyse an incident: root cause, scope and preventive actions can be free text fields which you can analyse for patterns using AI.
Forms can be assigned to a task and the task assigned to a colleague in their Outlook calendar.
I often worked with Excel sheets and checklists, where entering and checking all tasks was time-consuming. We are very satisfied with ISOPlanner: it maps out what you do, how you monitor and execute it. For us it is the Ferrari of information security management systems!
Tanja de Haan
We started using ISOPlanner in January for ISO-27001 certification and the audit took place in September. Little preparation was required for this audit because everything was properly recorded so employees were able to adequately answer questions from the auditor.
Intersoftware & FinData
Credit Collection Services Group
See ISOPlanner in action
Book a live demo or start your free trial.