Safely move on from COVID-19

ISMS Software Solutions - The Key Considerations

10 characteristics of the best software for your ISMS
A credible software solution, combined with the people involved, makes the whole more easily trusted by powerful stakeholders. Good software will speed time to success, improve visibility, ease coordination, reduce risk, and lower the total cost of ownership.
Selecting the right solution also helps to address confidence and capability issues for the people who are new to information security and are involved in an ISMS for the first time. Furthermore, good technology will save time and help to mitigate constraints in capacity.

It’s easy enough to throw up a wiki page, drop documents into a shared drive, build a website, market a service, or cobble some code together to solve part of the problem. However, not all ISMS software is fit for purpose, especially over time.

That’s why we’ve put together this selection checklist for comparison of providers.

So what does good look like when selecting an ISMS software solution?

The best ISMS software will demonstrate all of the 
following 10 Characteristics

1 ‘All-in-one-place’ working

People are busy, they don’t have time to use and learn multiple systems. The costs of search, knowledge management, coordination and contracting all increase with multiple systems. In addition, organisations may not be able to afford or want the integration of multiple systems due to cost/risk/time/complexity.

Ensure the software comes configured with all the features and functionality for the standards and regulations you want to achieve. Factor in flexibility for future-proofing too

2. Security for the ISMS software

Some of the information you will hold in your ISMS is very sensitive.  Avoid confidentiality, integrity or availability threats being exploited from weak security in the software solution.

Look for credentials in the software application and the provider such as: 

  • UKAS certified ISO 27001 application, organisation and supply chain
  • Independent penetration test certificate/s for the application and its infrastructure 
  • GDPR compliance confidence to ICO levels
  • User permissions controls & privacy settings
  • 2 factor authentication
  • Organisation security settings options
  • Insurance in the event things go wrong

Ensure that any software supplier has its own independent credentials and is not relying solely on a third party such as a data centre to suggest it has achieved a security certification such as ISO 27001 itself.

In addition to the above credentials, an ISMS that offers Single Sign-On (SSO) will facilitate an organisation’s secure login procedures. With SSO, password guidance can be easily followed by staff as it is only necessary to remember a single password. SSO can be combined with identity security techniques that are set up with your identity provider, such as two-factor authentication (2FA) in order to apply a multi-level authentication system to the ISMS.

3. Always Accessible

Your ISMS should be available to authorised parties securely, when and where they want it (with back up and support when needed).

Making your ISMS available at all times from any (secure) location will allow you to:

  • work where and when you want to speed up achievement of goals
  • demonstrate trust in your ISMS during customer meetings
  • manage the ISMS in real time when needed e.g following a security incident or triggering a business continuity plan

4. Easy to use

Not everyone is a full-time expert and people move on. This means a reliance on one person for the management system puts the business at risk. Infrequent use of complicated management systems for some stakeholders means higher costs of use and, more likely, noncompliance with processes

Ensure your chosen platform is simple to manage regardless of who is involved and how often.

5. Structured for success

With lots of work involved in an ISMS, having a structure to follow and discipline in the planning & delivery of it makes execution easier. Seeing progress being made enthuses users too. Being able to adapt and add to that over time is also important to future proof and avoid rework.

Ensure your solution supports discipline, progress, and timely action whilst being flexible, extensible & scalable for a fast-changing world. 

6. Joined up

The person doing some of the ISMS input work may not be the same person benefiting from it, or reviewing it, afterwards.

Easier navigation and linking of work reduces cost and offers confidence to stakeholders that the ISMS fits together.

7. Transparent

Trust is default ‘low’ with stakeholders wanting evidence of work done, including visibility of changes over time. You need to ‘show your working’ as the ISMS evolves in line with business changes.

Ensure your work is visible, auditable, approval, and evidence-based to show integrity in the work.

8. Collaborative

We rarely work alone internally, and increasingly want to collaborate externally too. Without collaborative features embedded inside the ISMS, costs of coordination and sharing can be high, also leaving gaps or duplication across other systems.

9. Insightful & actionable 

Stakeholders want visibility and confidence the ISMS is under control. Technology should drive down the cost of reminding and reporting, significantly freeing up the people to make better, more timely decisions.

Ensure your solution includes dynamic reports & reminders that automatically do the heavy lifting to avoid admin or rework costs.

10. Affordable 

Whilst the returns (addressing the threats and opportunities) are high for a well-run ISMS, the cost of people and technology involved needs to be relative to the value at risk.

Ensure your total ISMS solution is cost-effective to implement, operate and improve.

So now you have seen the top 10 characteristics, how does meet them?


Accelerate your ISO 27001 implementation

Book your demo
How does deliver ‘all-in-one-place’ working?
While many other applications consider themselves viable for information security management, they really only offer parts of it. comprises of comprehensive workplaces, tools and capabilities which can be found in our features page. It is easy to build on and flexible in order to achieve much more than ISMS work.
How does deliver security?
No system is infallible, but you need to be consciously doing business and take calculated risks, not unnecessary ones. See our impressive security credentials here.
How is always accessible? delivers a secure and trusted cloud-based solution with high ‘up-time’ and SLA’s (Service Level Agreements).
How is easy to use? delivers a platform which is simple and intuitive to use, with no investment in training required.
How is structured for success? delivers a clear path to success with a structure that follows recognised standards. Nudges, alerts and visual indicators on progress in addition to other features, encourage action and enable change easily over time.
How does deliver ‘joined up’ information security management?
An integrated management system feature set that allows users to link up different parts of the platform for sharing, or keep them private. Practical external linking also allows connectivity to existing systems and tools if necessary.
How is transparent? demonstrates attractive visible progress reporting and automated indicators and alerts. Clear audit trails, time-stamped work, as well as version management and features to show compliance and assurance over time as changes happen.
How is collaborative? has been made for sharing internally & Externally to authorised parties, providing a better information security management experience.
How is insightful and actionable?
The platform provides automated reporting and insight for each part of the ISMS, along with simple measurement monitoring e.g. KPIs (Key Performance Indicators). There are also automated reminders for policy approvals, compliance tasks and risk reviews.
Is affordable?
Because is pre-configured to get going quickly at a fraction of the cost of other software applications, there is no need to buy other documentation. This means that you can adopt, adapt and add to ours, with helpful tips, videos and how-to guides. Only get other specialist support if needed on the unique parts of your ISMS.


Phone:   +44 (0)1273 041140