We’re all about making the complex simple here at ISMS.online, so naturally we’ve embraced Single Sign On (SSO). But just like the rest of our cloud platform, our SSO delivers added benefits specifically designed to simplify the design and management of your information security management system (ISMS).
SSO is an authentication service that enables a user to securely authenticate using one set of login credentials, usually a username and password, across multiple applications. The main advantage of SSO is convenience. You’ve minimal passwords to remember, it streamlines the signing on process and it lessens the chances of exposure to phishing.
When it comes to enterprise, SSO offers significant benefits. Employees can access all corporate apps, websites and data for which they have permission with a single set of credentials. Organisational security, compliance and usability are all improved. Combine these benefits with decreased IT costs and reduced employee frustration and it’s not hard to see why SSO is the way to go.
We extend the SSO service by offering you the option for your own branded subdomain within the ISMS.online platform. In it, you can easily set predefined access privileges for individual users, as well as specific groups, within your organisation.
To illustrate the value in this approach, let’s consider one of our most popular features: Policy Packs. Policy Packs support your ISO 27001 certification by enabling you to evidence the communication of your information security policies and controls. This function allows you to manage access, read the progress, and monitor and evidence the compliance of your audience. This flexible feature can be used to go beyond infosec to include other GRC policies and standards specific to your organisation, such as a Code of Conduct or Equal Opportunities statement.
Annex A.7.2.2 of the ISO 27001 standard requires all employees and relevant contractors receive appropriate information and training to do their jobs properly. This means regular updates, training where required and assessments throughout the employment lifecycle. This all needs to be demonstrated to auditors in order to achieve and maintain certification.
As an ISMS.online administrator, you’re able to set the different access levels within your ISMS so that when your stakeholders access the system with SSO, only the documents and controls relevant to them are accessible. By taking this approach you’re able to provide your staff with absolute focus, exposing them only to what they need to get their job done, and providing your auditor with clear evidence of your compliance all in one place.
Consider this scenario. You’ve hired a new sales team member. Before they step foot on the premises you can send them a link to your branded subdomain on ISMS.online which they can log into automatically via SSO, without needing to think about a username and password. Your Identity provider tells ISMS.online they’re in your sales team so they get automatically added to your sales Policy Pack, which highlights the key policies and controls they need to know to get selling safely. You can track their progress as well as capture their agreement to comply with your company policies and controls you’ve set out. They can be added to your ISMS communications area too so you can alert them to any security changes they need to be aware of.
ISMS.online supports Single Sign-On using SAML 2.0, an extensible markup language standard that facilitates the exchange of user authentication and authorisation data across secure domains. Some of the identity providers we support include Google, Microsoft Azure Active Directory and Okta. When it comes to identity providers we’re extremely flexible. Our list of supported identity providers is constantly growing. To find out whether we support yours get in touch.
The best way to get a sense of how ISMS.online SSO supports your brand, and streamlines and simplifies your collaboration, is to take a 30 minute tour of our system. To see ISMS.online in action, book a demo.