Adopt, Adapt, Add Philosophy
We have given you many actionable ISO 27001 policies and controls (and GDPR too if you have subscribed to our GDPR package). They differ from traditional ISO 27001 document toolkits in that the ISMS.online software features and tools mean you also have the processes for managing as described in the policy itself. This means that, out-of-the-box, you can Adopt a lot of what we have included, saving you an immense amount of time, money, and enable you to achieve your goals far more quickly.
There are occasions when it does not make sense to Adopt what we have done. Your business goals might be slightly different, your organisation, culture and practice may differ too. It is very important that this is your management system, your management standard. We are just aiming to get you where you need to get to a lot quicker, without the elephant traps that we and others have fallen into.
So there will be occasions when you may want to Adapt the materials we have included. For example, if you wanted to Adapt your approach to Information Security Incident Management, you may choose to Adapt the policy we have given you and then customise the incident management tool itself or use your own tracking tools.
Then there are areas on the platform where we are leaving it to you to Add your own policies or controls. These typically are for your own unique technical controls, such as your encryption or access control policies. In these cases we have given you some tips to consider and, if you have subscribed to our ISO 27001 Virtual Coach package, you will also have expert guidance on how to meet the requirement.