Our ISMS cloud platform supports all the requirements of ISO 27001
Provides the entire ISO 27001 document structure with access control and dynamic workflows.
Allows you to manage information security incidents, delegate tasks, control and action plans.
Manage ISO 27001 audits with dynamic checklists.
It raises awareness of good cybersecurity practices through the possibility of launching dynamic and appealing challenges/quizzes (images, videos, etc.) by thematic area.
And much more...
Here are some modules
① ISO 27001 DOCUMENT MANAGEMENT
A module that allows centralized management of the entire ISMS document repository
Controlled-access intranet for document consultation
Version history (automatically makes active / obsolete)
Server-side encrypted documents
Cross-referencing between documents
Filters with advanced search functionality
Fully configurable workflows
Dynamic profile management for access control
It ensures that everyone is aware of the ISMS documents, guaranteeing they fulfill their responsibilities in accordance with their roles.
For example:
Submit the Cryptographic Controls Policy to the CISO for approval via workflow
Once approved by the CISO, it is automatically made available as the latest version to all users within the relevant organizational areas
All employees in those areas are notified and can immediately access the approved policy from anywhere
While reviewing the policy, they can also "jump" to referenced documents, such as the SOA, Information Security Policy, etc.
② ISO 27001 Audit Management
A module that allows you to schedule, monitor, and conduct ISMS audits to ensure compliance
Scheduling and execution of all types of audits to demonstrate that information security is an integral part of the entire lifecycle of information systems;
Enables dynamic association of specific checklists (e.g., Annex A of ISO/IEC 27001)
Allows for the recording of findings and corresponding corrective actions, with execution rates tracked by responsible parties and the ability to indicate levels of compliance
③ Security Incident Management
Module that enables the management of security incidents and occurrences, along with risk assessment and evaluation of the effectiveness of actions
Facilitates communication, recording, and tracking of security incidents, ensuring a single point of contact for immediate registration and reporting to enable a prompt response to incidents.
The registration process includes the identification and analysis of causes/hazards and their effects, as well as the possibility of requesting expert advice (when necessary) and the consequent risk assessment and analysis of the effectiveness of controls.
Multiple notifications and alerts are issued through this module.
④ ACTION PLAN MANAGEMENT
Module that allows you to centralize and manage all actions, plans, execution rates, task dependencies, etc.
Allows the creation of plans of any type (e.g. diagnostic plan 27001, business continuity 22301, ISMS implementation plan, awareness, etc.)
View actions by person responsible (in progress, backlog, dependencies,...)
Time and cost analysis in graphical form
Evaluation of the effectiveness of actions and the plan
Overall execution rates and per plan, task, etc..
Exports and gantt chart views
Alerts to those responsible for overdue actions
⑤ RISK MANAGEMENT
Module for risk management, from initial risk identification, through analysis, evaluation, necessary controls, treatment and respective monitoring of effectiveness.
Hierarchization of risks/opportunities, allowing them to be organized in a tree format;
Management of responses to risks/opportunities by context;
Flexibility in the construction of risk/opportunity calculation formulas by type of scenario/risk sources;
Control of formula revisions for risk calculation;
Risk assessments (with, without and after control measures)
Status of risk treatment actions
Export of matrices and data (Excel and PDF)
⑥ OTHER MODULES
Other integrated modules to support the ISMS, including other standards (ISO 9001, 14001, 45000, 31000, 20000) if available.
⑥.① Information Security Legislation Management
Daily updates of legislation
Structure by subtopics
Available for search and consultation
Legal applicability by sector
Automatic legal connections between documents
⑥.② Compliance with suppliers
Evaluation of suppliers based on criteria, making it possible to determine the overall evaluation of each supplier at the end of each evaluation period
List of qualified suppliers
Centralized upload of certificates/required documents by each qualified supplier
⑥.③ Dynamic Survey Management
Unlimited number of simultaneous surveys;
Número ilimitado de questões por inquérito organizadas por grupos;
Notification to participants invited to respond to the survey;
Export of collected data to Excel;
Ability to issue reports per survey, per individual, and overall response.
