Enable confidentiality in handling ISO 27001 documentation

Managing ISO 27001 documentation in the cloud has been adopted by organizations looking for an efficient way to connect relevant people from different offices and help them address all the document management challenges an ISO 27001 project can set before them. One of those challenges relates to the confidentiality of the documents your team is working on.

Working on ISO 27001 documentation requires a different level of access and permissions throughout the implementation project. Some documents might be available for all, but others might have a big red “Confidential” stamp on them. Reasons for this can be many, but the point is the same – not all documents are open, and you need a document management system that can support that.

In this article, we will introduce you to an option called “Make private folder” designed to help you manage your confidential ISO 27001 documentation privately or with hand-picked colleagues all in the same place, online.

Making a folder private

If you want your private space on a project to handle documents with hand-picked team members, or if you need a private space for personal working files inside a project, all you need to do is create a folder, click on the three dots menu, and select the option: “Make private.” This folder will preserve the privacy of documents you put inside that folder just for you and the people you invite. Others will be able to see the folder, but cannot access it or change it without your explicit involvement.

This allows you to continue working with cross-department teams on the same project in parallel, without a need to create a separate project. Each team and department can have its own place for private working files, policies, and procedures they are developing up to the point they are approved and presented as the final versions. The rest of the folders can be open for all and used as placeholders for finished documents, supporting files, and knowledge centers.

Making a folder private
Figure 1. Making a folder private

Inviting team members and controlling their access

You can invite your team to join you in working on your documentation. What’s even better, you can control what they can or cannot do inside that folder by giving each team member an appropriate access right. Each access right will give a precise access level to documentation in the folder, and what that team member can do with it. Those rights are:

  1. Read – can download and preview files inside a private folder.
  2. Write – can download, preview, upload/create, edit, sync, and delete files.
Inviting a team member to a private folder in Conformio
Figure 2. Inviting a team member to a private folder in Conformio

Rights can be assigned while inviting the user; just select the one you think is right and, voilà, it’s done.

Having this kind of control over who does what with the documents will help you reduce the risk of losing documents, track accountability, and get things done under close supervision – the kind confidential documents usually require.

If some access should be reduced or removed altogether, just head over to the private folder, select the user and change their access.

Additionally, you can share a document with someone who is not a Conformio user, for a predefined number of days – it’s very useful, for example, for sharing documents with auditors, customers, etc.

To share a document, you only have to select the document, enter the user’s email, and select for how many days the document will be available.

Sharing documents with a user outside Conformio
Figure 3. Sharing documents with a user outside Conformio

If this makes sense, go on and try Conformio.

Advisera Rhand Leal

Rhand Leal

Rhand Leal has more than 15 years of experience in information security, and for six years he continuously maintained а certified Information Security Management System based on ISO 27001. Rhand holds an MBA in Business Management from Fundação Getúlio Vargas. Among his certifications are: ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and others. He is a member of the ISACA Brasília Chapter.
Read more articles by  Rhand Leal