There are two ways to ensure that you keep your information safe. You can do it yourself and diligently check for potential threats, or hire a professional company like ISO27001 who will take care of everything in an organised manner on behalf of the business as well as provide peace-of-mind from legal consequences relating to breaches.
So Tech Engine Australia would like to introduce you to a new product we are proud to be offering in partnership with instant27001.com.
What is a management system?
“A management system is the way in which an organization manages the inter-related parts of its business in order to achieve its objectives and to create a culture that engages in a continuous cycle of self-evaluation, correction and improvement of operations and processes through heightened employee awareness and management leadership and commitment.”
The two best known management systems are the Quality Management System (QMS) for ISO 9001 and the Information Security Management System (ISMS) for ISO 27001.
Although a management system by itself is not a software tool, it is highly recommended to use some kind of system to structure the required documents and provide an overview.
This is where Instant 27001 comes in.
What is Instant 27001?
Instant 27001 is a ready-to-run ISMS, with all documents required by the standard. All content has been written from an IT small organisation’s perspective to ensure that they are able to read it and understand what needs doing in order for their company be compliant – just adjust our material accordingly!
You can do all that at your own pace, thus getting your organisation ready for certification one step at a time.
After implementation, you can even decide to postpone certification to a later date. This gives your organisation time to adjust to new ways of working. Even without a certificate, ISO 27001 has proven to be useful to many organisations.
The Process
What is Confluence?
Confluence is content collaboration software that changes how modern teams work. Customers in Europe will be very happy to know Atlassian is ISO 27001 certified and is fully GDPR compliant.
How do I get Confluence?
Instant 27001 is delivered as a space backup, ready to be imported in your own Atlassian Confluence environment.
If you are not already using Confluence, there are two options that Tech Engine Australia recommend:
- Cloud (free) – The easiest way to get started is the free version of the cloud proposition. While it offers the same features, it lacks the possibility to define permissions on space level. This means that users have either no, or admin access to the spaces. There is no read-only option.
- Cloud (standard) – The paid version of the cloud proposition offers additional support and the option to set detailed permissions on a space level. You will be billed monthly based on the amount of active users, at $5 per month.
How to get certified?
After you are done implementing Instant 27001, your are ready for certification by an accredited certification body.
On the web site of the International Accreditation Forum you can find your local accreditation body who, in turn, should publish a list with accredited certification bodies (registrars).
How much time does it take?
In our experience, the IT service providers we’ve worked with are already operating according to industry best practices. They’re following procedure and have policies in place – a few things they might not be documenting though! But all you need is some proof that their procedures actually work for them.
Instant 27001 takes your organization and builds a management system against it, with simple policies and procedures to back you up. Go through the supplied risk register to make sure nothing is missing – then get started!
The average time spent on an ISO 27001 implementation using Instant 27001 lies between 10 to 20 days*. Apply yourself just one day per week, and the implementation can be done within 3 months.
Lots of information there for you to digest. If you have any questions, we would love to answer them. Contact Us Here.