Workshare Improves Information
Security Management with ISMS.online
“ISMS.online is an adaptable and flexible platform which has easily enabled us to integrate the security standards we require.”
John Shannon – Governance, Risk & Compliance Manager, Workshare
“We’re delighted that ISMS.online has underpinned Workshare’s ISMS improvements over the last eighteen months, and that it continues to drive greater and greater value from the platform.”
Julia Heron – ISMS Solutions Specialist at Alliantist
What was the Challenge for Workshare?
Workshare already held ISO 27001 certification when it approached ISMS.online back in February 2017. However, by previously using various different business tools, their management system was proving unwieldy and difficult to manage. Given the mass of documentation and required evidence that comes from operating any ISMS, something had to change.
John Shannon, Governance, Risk & Compliance Manager for Workshare said…
“We had originally implemented the requirements for ISO 27001 and looked at various solutions to support our requirements, including a stand-alone risk management tool. Although these solutions did what was needed at the time, the company decided that it would actually be better for a solution that would support our long-term objectives and compliance requirements as well as one that could also evolve as our requirements changed e.g. to meet other security frameworks.
Having recognised that the earlier ISMS was too reliant on a small Governance team, we knew we needed to automate our ISMS processes. This would enable us to reduce manual effort and complexity and make it easier for staff across the organisation to contribute to the information security activities. Ensuring all staff understand our approach and commitment to information security was also key.”
Workshare’s two main challenges were:
- identifying the ideal platform for an ‘all in one place’ ISMS across multiple standards
- managing migration and adoption of a new solution to be ISO 27001 audit-ready inside three months
The ISMS.online Solution
ISMS.online presented a total solution for ISMS improvement and growth. Workshare identified clear benefits around the ability to collaborate and engage across the organisation.
“The ability to centralise ISO 27001 and GDPR policies, procedures, and required activities within a single online environment, as well as map these to other standards was invaluable.
We were initially concerned about how difficult it might be to migrate away from our existing processes and risk tool but ISMS.online was well received by the internal teams. It required no training and all the effort was put on improving our ISMS, not on learning how to use software or having expensive consulting that would slow us down. We literally started the migration minutes after receiving the welcome email. We completed our ISO 27001 migration in under three months, ready for our next audit which we sailed through.
We were then well placed to move to other compliance objectives using the platform.”
Founded in 1999, Workshare’s innovative and intelligent platform empowers professionals to compare, protect and share their high stakes documents on any device. Content owners can accurately track and compare amendments made by all contributors, while businesses have secure ways to work collaboratively and control the process of constant change.
Headquartered in London, Workshare also operates offices in the US and Australia. More than two million professionals in 70 countries now use Workshare solutions on their desktop, mobile or tablet.
On the back of its audit success, Workshare commenced with GDPR and other information security work, joining up the whole system quickly and easily to avoid duplication or gaps.
The journey continues for Workshare. Having successfully addressed ISO 27001 and GDPR in the platform, they have now adopted the Cloud Security Alliance framework and also started work on the Trust Services Principles.
“ISMS.online has made this all possible to achieve and maintain with much less management time and we now have full visibility and control across all of our information security and data protection compliance work”.