Are you app ‘appy or app fatigued? …Forget multiple tools, now there is just one place to get all your information security, data privacy, and compliance work done well.
For every App I download I’m aware of the security risks. On top of that, there’s the responsibility to ensure they are kept updated with the latest versions.
The recent major vulnerability found in the WebEx browser extension*, that caused Google and Mozilla to remove it from their web stores, was a case in point. Whilst, strictly speaking, it’s an Extension rather than an App, there are of course, risks with anything we download or open from an external source.
Thankfully, with this recent vulnerability, our trusty team of experts at Alliantist quickly identified it and, equally as quickly, used our ISMS Staff Communications Group to task a version update to all relevant staff.
Of course, we all rely on App’s to help us get our work done well.
Downloading from trusted suppliers like Google and Cisco is one thing, but in many cases, we have only product reviews and download numbers to reassure us of its’ credibility. Even then there is no guarantee that the best security processes have been followed in product design.
And, it doesn’t end there! There’s a vast array of software tools to help us all perform multiple functions and even external resources we download or open to help us.
All this validation and updating is time-consuming stuff so you better be sure of the products’ value in making your life easier!
So, what’s the solution?
Limit the number of Apps, Extensions and external resources you download or open by carefully choosing products that give you multiple tools to get your job done well.
Choose products from trusted sources and, where possible, look for credibility in the form of externally accredited systems. Something like a UKAS (ANAB for the US) ISO 27001 information security standard includes auditable policies on security in the system development and support processes.
Ensure regular reviews and ‘pruning’ of Apps and Extensions no longer in use. If you’ve obtained Cyber Essentials then you’ll know this forms part of basic cyber security requirements.
Have a system in place for identifying and effectively managing and communicating vulnerabilities.
Ensure your chosen solution includes automatic updates that will fix identified security vulnerabilities.
An accredited, multi-tool for information security management
Whilst there are various products available to perform one or some of the functions or requirements of an ISMS, until now there have been few single, affordable and accredited solutions for implementing and maintaining the complete ISMS.
Now there is one secure and integrated cloud solution for getting all your work done easily and effectively in one place – Alliantist’s ISMS.online.
At Alliantist we have a strong heritage in information security. Our company, products, and services are all ISO 27001 UKAS accredited. It means we consider security within all our design and production processes. We manage information security throughout our supply chain. Key suppliers, such as our data-centres hold the same or equivalent standards as us.
ISMS.online has such rich functionality, tools, policies and processes built-in that it makes the job simpler and less resource intensive. Other than (a much smaller amount of) staff time, you’ll need little else to run your ISMS and other compliance requirements:
‘Policies & controls’ – no need to download or open external ISO 27001 toolkits, UKAS accredited policies are already included in ISMS.online.
‘Groups’ – for simple sharing and communication. Create as many user groups as needed, the entire organisation, departments, project teams, even external key suppliers. It makes communicating, alerting and tasking around information security simple yet effective from one secure online environment.
‘Projects’ – for structured change and complex collaboration. Limitless opportunities to use or adapt pre-built templates such as ISO 27001, GDPR, NIST, PCI:DSS, SSAE 16, Cyber Essentials, HR, audits, management reviews and business continuity planning. Or easily build your own for SMART, agile working with information security considerations, as required by ISO 27001, built-in.
‘Tracks’ – for tracking simple work with a consistent process. Great for you and your team to visualise small pieces of work through customisable work processes (it’s how we’re tracking the WebEx vulnerability!). We’ve already built tracks for security incident management, corrective actions and continual improvements, and subject access requests (SAR). Assign, set reviews and deadlines and capture and evidence actions, with links to relevant policies, to satisfy you and your auditors. 12.6.1.
‘Accounts’ – for effective supply chain management. A private and secure place to collaborate with colleagues around managing key supplier or customer relationships. Hold important, information security relevant, information such as contracts, SLA’s, key contacts including Data Protection & Privacy Officer details. Set KPI’s, evidence contract reviews and manage change, all from one place.
‘Tools’ – to support good decision making. We’ve taken risk management way beyond the humble spreadsheet and included tools for ISO 27001 Confidentiality, Integrity, Accessibility (CIA) Impact and Likelihood analysis, applicable legislation and interested parties management. Everything you need to identify, evaluate, treat and evidence risk without managing a single spreadsheet…unless you want to download reports of course!
Integrating your ISMS in one secure and accredited place makes sense. Save time in selection, access one single environment to get all your work done well, reduce duplication and repetition. Collaborate with team members, engage staff and plan for continual improvement.
We’ll take care of the system security and updates, allowing you to focus on securing yours.
Find out why ISMS.online is the only tool you need for effective information security and data privacy management
Julia Heron is the ISMS Solutions Specialist for ISMS.online and is responsible for customer adoption and success.