Full Compliance Management
Simply Manage Assets By Using Containers
In many frameworks about security, like ISO 27001, assets are the basis for risk management. Having a robust asset inventory is vital. Assets in ISOPlanner are in fact ‘groups of similar assets’ like laptops, office spaces, alarm systems, cabinets and data entities.
For example, you can create a data asset ‘customer credit card number’. You can link the appropriate classifications to this asset. In this case you want to make sure that you choose a classification which enforces ‘encryption at rest’ for example.
The actual credit card numbers are in your database (the container) and this database is on your server (the container), and this server is…. Well, you get the point. Assets can be put in containers and the classifications can be automatically calculated on containers.
Easily Collaborate With Risk Owners
With several stages, from identifying to reviewing and accepting, collaborating with different risk owners becomes easy. The risk score model is configurable and each risk can be treated as to avoid, transfer, mitigate or accept. Controls to mitigate can be easily selected or created.
The dashboard drills down into the control status to surface increased risk due to failed tasks or KPI threshold alerts. Several reports and a heatmap provide the information you need to be in control.
Staying In Control While Scaling Up
Controls are very important to mitigate your risks. ISOPlanner lets you clearly define what is expected for each control and who is responsible. Execution of the controls is done through tasks. Tasks can be assigned, scheduled in Outlook and tracked so that colleagues know what to do.
Tasks can also be automated for controls that are repetitive. Using Power Automate, you can start with a few and grow at your own pace so that compliancy scales with your organization!
Multiple Standard Support
Integrate Standards To Simply Update Changes
If you’re certified for more than one ISO standard, ISOPlanner adds even more value. With ISOPlanner you manage multiple ISO standards, taking overlap into account. And we ensure that you always stay up-to-date with changes. You can combine overlapping parts of a standard into your own requirements. For example, ‘Leadership’ in ISO 9001 and ISO 27001.
Every standard has a fixed set of requirements and controls as defined by iso.org. But you can define custom standards as well. For example, for investors or other stakeholders that require additional privacy rules.
Maintain Ownership Of Your Documents
ISOPlanner uses SharePoint for document management. This way, your organization always remains the owner and the (classified) documents remain in your own tenant. This makes our solution not only safer but also better from a business continuity perspective.
With our smart integration, documents are presented seamlessly in ISOPlanner where needed. Also, versions and approvals are handled with ease!
Gain Structure And Create A Process Overview
Many organizations and consultants in the compliance field find the ‘process’ a good starting point to talk about assets and risks and finding the link to the operation.
In ISOPlanner, you can create a hierarchy of processes, with properties like owner, status and related documentation. This serves as a basis for connecting other elements like risks, controls and tasks.
Each process can contain a dashboard on which KPIs can be shown, for example to measure process performance or incidents.
Simply Generate Traceable DPIA Events
To be GDPR compliant, you will need a processing register. ISOPlanner simply uses SharePoint to create and manage this register.
Creating a Data Protection Impact Assessment (DPIA) can be thought of as a process. Any process can be modelled as a series of requirements and tasks, contained in an event. With a few clicks, you can create your own Event Template for a DPIA and as many as you want for multiple types. You can even implement a Power Automate workflow to guide the execution and collaborate with other people on the resulting document using Microsoft Word or Teams.
In many cases, the DPIA is requested based on an organizational or IT change. For example a major change in processing customer data. This change request process, the resulting risks and other output, can be linked to the DPIA event so that the end result is fully traceable and auditable.
Organizational Unit Management
Easily Distribute Centrally Managed Policies
Within ISOPlanner, you can create a hierarchy of organizational units. The top level unit represents your Microsoft Azure tenant and below, you can create separate ISOPlanner environments for units (departments or legal entities) that need to be compliant with their own frameworks.
Each unit is separately authorized and has a separate configuration. But can integrate with a centralized SharePoint environment, useful for distribution of centrally managed policies, manuals and so on.
Supply Chain Management
Visualize Chains And Dependencies
Supply chain weakness is one of the greatest security risks for any organisation. With tight integration with the Asset Management module, ISOPlanner helps you visualize the chains and dependencies between suppliers and assets.
Next to this, you can upload contracts and other relevant documents.
I often worked with Excel sheets and checklists, where entering and checking all tasks was time-consuming. We are very satisfied with ISOPlanner: it maps out what you do, how you monitor and execute it. For us it is the Ferrari of information security management systems!
Tanja de Haan
We started using ISOPlanner in January for ISO-27001 certification and the audit took place in September. Little preparation was required for this audit because everything was properly recorded so employees were able to adequately answer questions from the auditor.
Intersoftware & FinData
Credit Collection Services Group
See ISOPlanner in action
Book a live demo or start your free trial.