- Fees are paid annually in advance in line with the desired subscription service. Notice can be given at any time in accordance with the contract terms to avoid future subscription charges becoming due.
- You can remove your information at any time and you remain the data controller. Alliantist is the data processor of your information in accordance with the terms and the data protection regulation in force at the time.
- Displaying your information security posture and the journey towards valued credentials like ISO 27001:2013 is good for your marketing and ours too. We will be happy to collaborate on marketing activities including appropriate case studies, announcements and other initiatives that provide a mutual benefit and suggest helpful guidance on that if required too.
- These terms remain confidential and must not be shared with other organisations unless otherwise agreed. Breach of confidentiality may result in the discounted offer being removed.
Where applicable, all fees exclude VAT at the standard rate and, if onsite delivery is included, any reasonable out of pocket expenses e.g. for any agreed travel and accommodation will be rechargeable at cost.
Agreements are subject to the terms above and the ISMS.online Licence Agreement.
ISMS.online is delivered to you pre-configured ready for you to get started quickly and simply based on the scope summarised above. The scope is bulleted below for your information.
Core Platform for ISO 27001, Using the ISO 27001:2022 Controls
Functionality Pre-configured and Set Up for Your Faster Path to Sustainable Success Around ISO 27001, Includes:
- ISO 27001, using the ISO 27001 2022 controls, Requirements, Controls & Policies environment for recording notes, documents, discussions, and tasking. Includes integrated collaboration, audit and version control, approvals processes and reminders for policy reviews (all of which is required for ISO 27001 and Data Privacy Regulations). Now includes categories function to support the new ISO 27002 requirements to assign attributes to controls.
- Policies and controls for relevant parts of the ISO 27001:2013 and 2022 Standard, using the ISO 27001 2022 controls, to help accelerate implementation, offering a fast start, up to 81% progress immediately, based on the ‘Adopt, Adapt and Add’ philosophy.
Prebuilt Frameworks and Workspaces in Line With the ISO 27001:2013 and 2022 Standard Requirements For:
- Audit planning and delivery.
- ISMS Board working and management reviews.
- Business Continuity Planning.
Decision Support Tools and Workflow Solutions in Line With ISO 27001:2013 and 2022 Standard For:
- Customisable risk evaluation and treatment tool using confidentiality, integrity and availability protocols with a generic risk bank for fast-track identification and selection of risks and treatments (which is also used for the GDPR work).
- Dynamic Information Asset Inventory.
- Applicable legislation management, with a generic bank of legislation for highlighting common examples of applicable legislation.
- Interested Parties identification and management tool with a generic stakeholder bank for identifying and selecting Interested Parties.
- Corrective Action & Improvement tracking tools.
- Security Event, Weakness and Incident management tool, including GDPR tagging.
- Threat Intelligence tracking tool, for meeting new Annex 5.7. control.
- An integrated ISMS Cluster to pull together relevant workspaces into one view and easily navigate around the work in your ISMS.
- The cluster also includes management dashboards, and the Statement of Applicability (SOA) integrated with overview reporting to ensure optimal configuration of the ISMS and better decision making.
- Use of the platform generally for work relating to the ISMS and associated business activity e.g. information security based improvement projects, change management and other activity.
Integrate Your ISMS With Over 5000 Applications:
Helping you streamline process management and evidence, connect for Single Sign On and improve online document management via Google Drive and SharePoint. Our integrations allow you to connect areas such as Security Incidents, Corrective Actions and Threat Intelligence to chat applications, RSS feeds, emails, Microsoft, project management tools and developer applications such as Jira, ServiceNow and much more.
Other Optional ISMS.online Services – Now or in the Future
In addition to effective and efficient management of the ISMS, you need to also engage and train staff, and demonstrate management of the supply chain too (at least those that are involved in personal data and other valuable information processing). You might also want to undertake other standards and regulations in time as well. ISMS.online enables that to happen at a fraction of the cost or time versus alternative services.
Unlike other ISMS applications we can also offer these modules as part of our practical ‘all in one place’ solution.
Staff Focused Add Ons:
- Staff Policy Packs which enable you to translate your policies and controls and present into a ‘Kindle like’ reading format for staff (and others e.g. high risk suppliers) to demonstrate they have read the policies and understand your approach towards information security.
- Staff groups to ensure communications and awareness, including simple collaboration through to compliance tasking.
- Simple awareness training materials and guidance to Adopt, Adapt and Add to.
- Prepared policies and controls documentation to reflect those services being used.
For those organisations that may not have existing HR systems, we include some practical HR frameworks at no additional cost such as:
- HR Security Lifecycle: Screening & Recruitment, Induction, In-life management, and Exit.
Supplier and Supply Chain Focused Add Ons:
- Supply chain Accounts relationship management environment from which to coordinate and manage supplier (and partner) work including contracts and contact management (important for meeting privacy regulations and ISO 27001).
- Supply chain groups and workspaces to collaborate with suppliers (if desired).
- Example Supplier Questionnaire.
- Supply chain and supplier Accounts reporting.
- Supply chain Clusters, as required, to help groups of suppliers work well together and see their collective information in one place e.g. shared risk maps, project activity, etc.
- Prepared policies and controls documentation to reflect those services being used.
BCMS ISO 22301:2019 Add Ons:
- ISO 22301:2019 Policies & Controls framework (empty structure – no documentation).
- BIA Tracker.
- BIA detailed results assessment framework.
- Incident Response Tracker.
- BCP incident response plan in line with ISO 22301 requirements.
PIMS ISO 27701 Add-Ons:
- ISO 27701 Policies & Controls project, includes expert guidance on meeting the requirements.
- Records of Processing Activity (ROPA) Tracker.
- Privacy Assessments framework & tool.
- Data Subject Rights Requests Tracker.
GDPR Focused Add Ons:
- GDPR preparation and compliance framework based on ICO recommendations including policies and controls for relevant parts of the ICO oriented approach to help accelerate implementation.
- It offers a fast start, up to 76% progress for the GDPR specific work, based on the ‘Adopt, Adapt and Add’ philosophy alongside the integrated ISO 27001 solution.
- Includes integrated coordination, collaboration, audit and version control, approvals processes and reminders for policy reviews.
- Personal Data Inventory & Records Processing Tracker (ROPA).
- GDPR focused Privacy Impact Assessment policy, process with a simple DPIA framework & tool.
- Legitimate Interest Assessment framework.
- Data Subject Rights Requests policy, process and tool.
- More specific GDPR activity (if required) with a framework that follows the actual articles and chapters of the regulation for those organisations that want a more detailed controller & processor checklist, or that have more complex personal data issues to consider.
Other Frameworks:
Other frameworks are available on request, including the SOC 2 TSC 2017, PCI DSS, NIST etc. Find our full list HERE and ask for any others you might need. These are generally empty frameworks charged at a small marginal cost to the core services above.
A Reliable Cloud Based Service You Can Trust for Security
As you’d expect from an organisation delivering a cloud-based information security management system you want to be sure that security is embedded through that service too. Many cloud application providers rely on their datacentre for security credentials, which is something you would want to avoid, especially with GDPR increasing the risk for your business from poorly equipped data processing suppliers.
We offer strong privacy controls and security settings options. In addition to the platform itself, the organisation and our supply chain, including data centres (a choice of UK, Australia, US locations), are all ISO 27001:2013 UKAS independently certified (registration number 218671). You can see more information on our credentials HERE.
The Following Services Are Also Included Within the Platform Subscription Fee:
- Two Factor Authentication as an option for additional security management.
- SSO SAML 2.0 supporting Azure AD, Okta, and Google.
- Relevant platform upgrades and maintenance for the scope above.
- Platform tours, help material, live chat, and email ticket support management via email at support@isms.online.
- Technical support desk chat access 09:00 to 17:30 GMT Monday to Friday (exc. public holidays).