All ISO management systems require the organisation to identify, track and report progress against relevant objectives. For ISO9001 these will be “quality objectives”, ISO27001 has “information security objectives” and so on.
InfoSaaS provides a tracking capability for as many objectives as have been defined. Regular updates are encouraged and progress indicators provide ready visibility to all of your users as to their current status. An easy way to evidence objectives to external assessors.
Until recently, InfoSaaS only recorded those personnel who were authorised users of our solution. As a means of opening additional modules, a new section has been introduced which allows for the recording of all colleagues within your organisation.
This, in turn, permits the new asset management, and training records management features explained below, and also allows for individuals to be referenced within any information security incident or internal audit reports in which they have been involved.
InfoSaaS has always used assets within its information security workflows, but these related to a single asset type (e.g. Acme Corp Model “XYZ” laptop) rather than how many identical examples of the asset existed within the organisation (e.g. serial numbers 00201-00275).
InfoSaaS now provides a means for individual assets to be logged against the individual employee that they have been assigned to, which in turn means individual assets can be reference in security incident reports, internal audit findings and other reports.
Training Records Management
All ISO management system standards refer to “awareness” and “competency” as means of determining that personnel understand the tasks that they are performing, and they have the experience to complete them to an acceptable standard.
This InfoSaaS functionality allows the recording of individual training records against each employee – this can be done by a document upload into InfoSaaS, or by a hyperlink to an external training record repository. Summary reports by training course and individual employee are also available.
Management systems such as ISO9001 require organisations to properly manage and understand the dependencies which exist within their supply chain – where products or services are being acquired outside of the organisation’s own boundaries.
InfoSaaS provides a fully featured module for requesting and assessing Supplier Capability Assessments, which can be automatically scored to demonstrate that suppliers are delivering value to the organisations. See the Supply Chain Management page for more information.
Internal Audit Management (Q1 2021)
All ISO management systems require for the organisation to undertake regular internal audits, to assess compliance with the applicable standard, the organisation’s policies and procedures, that records are being kept, improvement opportunities being identified, and much more.
Coming in Q1 2021, InfoSaaS is introducing an internal audit feature that will allow reports to be created and cross-referenced from within the solution. Cross-reference individual employees, assets, suppliers, risks assessments, non-conformances and much more … we’re really proud of this one!
You’ll appreciate that InfoSaaS is a versatile and comprehensive business compliance solution, and we are always seeking new features to further improve the protection our solution provides to our customers.
We always have a roadmap of new ideas under development, and are delighted when we hear from our customers with suggestions that they would like to see incorporated. Compliance requirements are always evolving and never stand still … nor do we!