ISMS Software Solutions - The Key Considerations10 characteristics of the best software for your ISMS
It’s easy enough to throw up a wiki page, drop documents into a shared drive, build a website, market a service, or cobble some code together to solve part of the problem. However, not all ISMS software is fit for purpose, especially over time.
That’s why we’ve put together this selection checklist for comparison of providers.
So what does good look like when selecting an ISMS software solution?
The best ISMS software will demonstrate all of the
following 10 Characteristics
1 ‘All-in-one-place’ working
People are busy, they don’t have time to use and learn multiple systems. The costs of search, knowledge management, coordination and contracting all increase with multiple systems. In addition, organisations may not be able to afford or want the integration of multiple systems due to cost/risk/time/complexity.
Ensure the software comes configured with all the features and functionality for the standards and regulations you want to achieve. Factor in flexibility for future-proofing too
2. Security for the ISMS software
Some of the information you will hold in your ISMS is very sensitive. Avoid confidentiality, integrity or availability threats being exploited from weak security in the software solution.
Look for credentials in the software application and the provider such as:
- UKAS certified ISO 27001 application, organisation and supply chain
- Independent penetration test certificate/s for the application and its infrastructure
- GDPR compliance confidence to ICO levels
- User permissions controls & privacy settings
- 2 factor authentication
- Organisation security settings options
- Insurance in the event things go wrong
Ensure that any software supplier has its own independent credentials and is not relying solely on a third party such as a data centre to suggest it has achieved a security certification such as ISO 27001 itself.
In addition to the above credentials, an ISMS that offers Single Sign-On (SSO) will facilitate an organisation’s secure login procedures. With SSO, password guidance can be easily followed by staff as it is only necessary to remember a single password. SSO can be combined with identity security techniques that are set up with your identity provider, such as two-factor authentication (2FA) in order to apply a multi-level authentication system to the ISMS.
3. Always Accessible
Your ISMS should be available to authorised parties securely, when and where they want it (with back up and support when needed).
Making your ISMS available at all times from any (secure) location will allow you to:
- work where and when you want to speed up achievement of goals
- demonstrate trust in your ISMS during customer meetings
- manage the ISMS in real time when needed e.g following a security incident or triggering a business continuity plan
4. Easy to use
Not everyone is a full-time expert and people move on. This means a reliance on one person for the management system puts the business at risk. Infrequent use of complicated management systems for some stakeholders means higher costs of use and, more likely, noncompliance with processes
Ensure your chosen platform is simple to manage regardless of who is involved and how often.
5. Structured for success
With lots of work involved in an ISMS, having a structure to follow and discipline in the planning & delivery of it makes execution easier. Seeing progress being made enthuses users too. Being able to adapt and add to that over time is also important to future proof and avoid rework.
Ensure your solution supports discipline, progress, and timely action whilst being flexible, extensible & scalable for a fast-changing world.
6. Joined up
The person doing some of the ISMS input work may not be the same person benefiting from it, or reviewing it, afterwards.
Easier navigation and linking of work reduces cost and offers confidence to stakeholders that the ISMS fits together.
Trust is default ‘low’ with stakeholders wanting evidence of work done, including visibility of changes over time. You need to ‘show your working’ as the ISMS evolves in line with business changes.
Ensure your work is visible, auditable, approval, and evidence-based to show integrity in the work.
We rarely work alone internally, and increasingly want to collaborate externally too. Without collaborative features embedded inside the ISMS, costs of coordination and sharing can be high, also leaving gaps or duplication across other systems.
9. Insightful & actionable
Stakeholders want visibility and confidence the ISMS is under control. Technology should drive down the cost of reminding and reporting, significantly freeing up the people to make better, more timely decisions.
Ensure your solution includes dynamic reports & reminders that automatically do the heavy lifting to avoid admin or rework costs.
Whilst the returns (addressing the threats and opportunities) are high for a well-run ISMS, the cost of people and technology involved needs to be relative to the value at risk.
Ensure your total ISMS solution is cost-effective to implement, operate and improve.