We’ll help you bring all your infosec work onboard
Moving all the infosec work you’ve already done into our platform is a simple process. All you need to do is choose how fast you’d like to move.
If you need to move quickly, you can bring your content over in days or even hours. Or you can take a slower and more deliberate approach, reviewing, reworking and updating your ISMS as you go. It’s up to you. We’ll give you as much or as little help as you need.
There won’t be any hidden costs or mandatory consulting processes to surprise you. Though if migrating your ISMS means you need to build up your infosec confidence, capacity or capability, we can support you ourselves or point you towards the right external consultant.
The migration process might also involve bringing new users onboard or starting to use some of our platform’s optional features. We can take that into account too, making sure you only start paying for them once you’ve started using them.
“We were seeking to streamline and simplify the administration of our ISO 27001 certified ISMS and to move away from unwieldy spreadsheets. Being able to easily manage risk, and join that up in one solution with all the other management functions, has been great. We haven’t regretted our decision to migrate and the quality and speed of support have been excellent.”
Ben Smith – Head of Data, IT & Security for Flood Re
What are the Triggers and Drivers for Migration of an ISMS?
We’ve helped many different organisations migrate their ISMSs onto our platform. They’re often responding to one of a relatively small group of migration triggers. Those triggers determine how they migrate and what sort of deadlines they need to hit. They include:
Maintaining more standards or complying with more regulations.
That can put a lot of pressure on an ISMS manager or management team. It means involving and co-ordinating more people and more information.
Achieving ISO 27001 compliance or certification
That can be a big step. To achieve it, infosec managers usually need to grow (and show they’ve grown) the transparency, visibility and control of their existing ISMS.
Keeping up with a rapidly-growing organisation
A home-made ISMS can work for small organisations. But it’ll create compliance, control and maintenance issues as the organisation grows, creating a need for a more powerful solution.
Cutting costs and boosting efficiency
Your existing ISMS software might be too hard to use or expensive. Perhaps it’s stopped getting updates. Or maybe it just doesn’t meet your customers’ security needs any more.
Failing certification or surveillance audits
You might need to rethink your whole ISMS to address any non-conformances, corrective actions or improvements you’ve received.
When do you migrate your ISMS and how do you do it?
If you need to change quickly we’d suggest a lift and shift approach to address immediate issues, achieve quick wins and retain what’s already working. That’ll help you:
- Move as quickly as possible
- Gain stakeholder buy-in
- Show you’re taking urgent, focussed action
Our platform is visible and transparent, with built-in focus tracking, making it easy to show interested parties just how quickly and effectively you’re moving. You’ll be up and running within hours and days, not weeks, as many of our other customers have been.
One organisation came to us shortly before their recertification audit. They hadn’t addressed previously highlighted issues, so knew they’d fail with prompt action.
Within a couple of weeks we helped them:
Migrate all their existing documentation onto ISMS.online. They still held it in spreadsheets and Word documents, but our built-in review, approval and reminder processes meant they could manage it much more effectively.
- Subscribe to our supplier management feature. They added all their key suppliers’ contract and contact details, and adopted our suggested Annex A 15.1 supplier management policy, addressing a specific issue raised in a past audit.
- Move their most significant risks across to our risk map and treatment plan. Our system made it easy for them to link those risks to the relevant information assets, and policies and controls.
- Upload their old risk map to cover off their less significant risks. They noted that risk migration would be completed over time on our Corrective Actions and Improvements Track. That met a previous audit goal of improving their risk management approach.
- Clarify treatment, and assign review, management and ownership of all risks, in line with ISO 27001 requirements.
- Automate their Statement of Applicability, replacing their previous complex, confusing, hard to update Word version with one created using our own dynamic tool.
They continue to use our platform, evolving their ISMS to include features like our Policy Packs and overview reports.
And of course you’ll want to think about longer term improvements once the initial pressure is off. Our platform will help you set up an improvement cycle that’s right for your organisation’s culture, resources and appetite for change.
Making slower, deeper changes
If you don’t have an urgent, specific deadline, you can take a more thoughtful approach.
One customer wanted to completely rethink their ISMS documentation as they brought it into ISMS.online. They set up a carefully planned change process, moving forward in clear, regular steps.
That meant reviewing every existing piece of documentation, then converting it all into easily digestible policies or controls for migration onto our platform. They used our optional Policy Packs feature to make sure the relevant staff understood and complied with each one. They’re now a much more secure organisation, with significantly fewer incidents to deal with.
They also took the opportunity to rethink their risks, information assets and other work lost on old spreadsheets. Our risk management and information asset tools helped them create:
- Meaningful risks to manage
- Up-to-date information assets
- Policy and control clarity
And it was easy for them to see how they were progressing at every stage of their migration, thanks to our progress reporting tools and the visual nature of our platform.
How much of your ISMS needs to change?
ISMS.online is an all-in-one-place information security management and compliance solution. But many of our customers already have some very effective ISMS components.
So our platform is modular: You don’t have to use all of it. Just add your own tools or methods. For example, if you already have effective security incident policies and procedures, just link out to and keep using them.
How will we help you manage change?
- Date and time stamps and controls
- Clear displays showing when work began
We suggest you also summarise key milestones as part of your management reviews. It might also make sense to break down specific improvement or change areas as improvement items, in line with clause 10 of ISO 27001. Our platform makes that easy.