Opexo – Privacy and team working

Note – Opexo is now part of ISMS.online

Information sharing can be a challenge, knowing what to share and when, with who and where especially in the growing regulatory (e.g. GDPR) environment and increased cyber crime where breaches of confidentiality are rife.  opexo solves that issue with its privacy by design approach and strong collaborative features.

Key design principles for privacy and information sharing include:

  1. Information held on the platform is private until you choose to share it, or someone shares their information with you.
  2. Information sharing happens in specific work initiatives e.g. a Policies and Controls Project, where you and others are team members collaborating around that specific work.
  3. Every user can create their own initiatives and doesn’t have to ask someone else to do that creation work for them.
  4. You can work privately in any of the work initiative areas, with sharing all the way through from small to very large teams including the whole company and supply chain involved (depending on your user subscriptions).
  5. Additional permissions exist in each work initiative to allow further control on what can and can’t be done structurally and with the information itself.
  6. Once added as a team member to an initiative (e.g. a Management Review) the user can see everything in that area and collaborate around it e.g. in discussions, tasks etc. This allows them to communicate in the specific area rather than use other channels to collaborate, then dilute or compromise knowledge from being in one place.  What else they can do is limited by their permission per point 4 e.g. they will not be able to alter settings and structures unless an administrator of that specific initiative.


policies and controls in opexo


In the Policies & Controls project initiative above (found from the team member link at the top of the page) it illustrates:

  1. Team members can be made up of individuals and Groups (Team Communications and Awareness Group).
  2. Additional permissions can be set for individuals added as team members (the ? hover explains the permissions).
  3. The administrator(s) of the specific initiative are able to add and remove team members (assuming they already exist as registered users on the platform) – simply click the ‘add to team’ button and search for the user or Group.  If an individual user you can then choose any additional permissions you want them to have, beyond normal team membership access and collaboration.
  4. Users can also choose to leave initiatives if they want to by simply removing themselves.  They can always be added back in later by an administrator.


Good teamworking tips include:

  • Having more than one administrator of your initiative to prevent issues during holidays, illness or other reasons.
  • Working on the basis of least privileges in permissions to prevent unwanted change to structures, inadvertent deletion or loss of information i.e. don’t make everyone administrators if that is not required.
  • Reviewing team memberships regularly to ensure it represents the users you want to have access to that area – it is easy to add remove and add users again if things change and will signal to an auditor that you are managing information sensibly.

Note – the platform used to automatically send email notifications to users that they were added to new initiatives.  However feedback suggested this was unnecessary because a more specific communication to the user usually followed (otherwise why add them to the team!).  As such, the first communication a user has about their team membership via an external notification is when they receive something to do or be aware of e.g. a to-do or note update.  Users can always see their team memberships via the updates feed,  their ‘all work’ listings and specific initiatives area e.g. Projects.