A credible software solution plus good people creates a whole that powerful stakeholders will trust. Choosing the right software will:
- Accelerate you to success with your:
- Information Security Management System (ISMS)
- Personal or Privacy Information Management System (PIMS)
- Business Continuity Management System (BCMS)
- Integrated Management System (IMS)
- Improve your management system’s visibility
- Ease coordination across your organisation and beyond
- Reduce risk
- Lower total ownership costs
- Build the confidence and capability of infosec, privacy or continuity newcomers
That’s why we’ve put together this checklist to help you think through what you need from your management system software. We recommend looking for a solution that shows all ten of the characteristics we list. We explain how we meet each of them in the FAQs after the checklist.
1. ‘All-in-one-place’ working
People are busy. Learning and switching between different systems takes up too much of their valuable time. It also increases search, knowledge management, coordination and contracting challenges, costs and complexity.
Look for an all-in-one solution that’s pre-configured with features and functionality for the standards and regulations you want to achieve. Factor in flexibility for future-proofing too.
2. Security for your management system software
You might hold some very sensitive information in your management system. So you’ll need to make sure your software solution is fully protected against confidentiality, integrity and availability threats.
Both the software application and its provider should have credentials and offer security services like:
- UKAS accredited ISO 27001 certification across the application, organisation and supply chain
- Independent penetration test certificate/s for the application and its infrastructure
- GDPR compliance confidence to ICO levels
- User permissions controls and privacy settings
- Two factor authentication
- Single Sign on
- Organisation security settings options
- Comprehensive insurance in case the worst happens
Make sure that your software supplier has its own independent credentials. It shouldn’t rely on third party (eg data centre) security certifications.
3. Always Accessible
Your management system should be securely available to you and any other authorised parties, when and where they want it. They should also be able to access help and support as needed.
That will let you and your team:
- Work where and when needed to speedily hit your targets
- Build customer and other stakeholder trust by making it easy to demonstrate your management system when you’re out and about
- Respond in real time if and when the worst happens
4. Easy to use
If your system’s hard to learn, fewer people will learn and understand it. If they move on, you might have problems replacing them or even using it. And the more complex an ISMS, BCMS, PIMS or IMS is, the less likely people will be to comply with it.
Make sure your chosen platform is simple to learn, understand and use, at every level.
5. Structured for success
Implementing a new management system is a big challenge. Having a clear structure to follow makes the whole process much easier. It helps you enthuse users by showing clear progress. Of course, you should be able to adapt and add to it over time, to future proof your management system and avoid rework.
Make sure your solution shows you how to act effectively and make clear, disciplined progress, while being able to evolve with a changing world and your own organisation.
6. Joined up
The people who add data to your management system may not be the same ones who benefit from or review it. So we recommend choosing a solution that makes it easy to see how everything fits together once your ISMS, PIMS, BCMS or IMS is up and running.
Look for clear linking and easy navigation of work. It’ll help you give your stakeholders confidence that your management system fits together and works in practice.
Trust is default ‘low’. Your stakeholders will want evidence of work done and visibility of changes over time. You’ll need to show your working as your management system evolves in line with changes in your organisation and its business environment.
We rarely work alone internally. There’s an increasing need for external collaboration too. Without collaborative features embedded inside your management system, costs of coordination and sharing can be high. That can also lead to risky gaps or wasteful duplication of work.
Look for an ISMS, PIMS, BCMS or IMS platform that supports full collaboration, making it easy for internal and external individuals and teams to work together.
9. Insightful & actionable
You should feel completely in control of your management system. You’ll need to prove that to your stakeholders too. So look for a solution that makes setting reminders and creating reports easy. That’ll also help you and your team make better, more timely decisions.
Make sure your solution includes dynamic reports and automatic reminders that do the administrative heavy lifting for you.
The returns of a well-run ISMS can be high. But the cost of people and technology involved needs to make sense when compared relative to the value at risk. Make sure the solutions you look at make financial as well as security sense for your organisation.
Look for a management system solution that’s cost-effective to implement, operate and improve.