How to ensure employee engagement in ISO 27001 project implementation using online software

Keeping people engaged during an ISO 27001 implementation project can be hard—especially if the whole team is involved with other parallel assignments and lacks clear direction. It is on the project manager alone to keep them engaged, provide direction, and balance other known ISO 27001 implementation challenges at the same time: lack of understanding of the project steps and managing a huge set of rules, documentation, tasks, and communication, along with steering management decisions. Often, this balance is impossible to keep, so people disengage and miss important information, causing delays and frustration.

In this article, you can learn how to accomplish employee engagement in an ISO 27001 implementation project and keep the balance intact.

The traditional way to engage people during ISO 27001 project implementation and hold their engagement through ISO 27001 maintenance

Keeping people engaged via emails, phone calls, and face-to-face meetings might have worked well in the past, as there was no alternative. As a remnant of the past, traditional ways are proving inadequate to respond to modern-day challenges. Here’s why:

  • Inaccessible information. Information and communication were dispersed throughout email inboxes, or put as comments on the documents. It was up to the project manager to piece data together, making him the main project bottleneck.
  • Lack of effective task and project management. Tasks and project assignments were handled through Excel and information was passed over via email, making it really hard for the project manager to understand the progress and react on time in case of issues and course changes.
  • Lack of a document management system. A huge set of policies and rules were managed through email, making the project manger’s life miserable in the attempt to keep all versions, discussions, and next steps in line.
  • Lack of a notification system. To keep people in the loop efficiently was not possible, as the only notification system was the project manager and his friendly email “nudges” to remind people of their responsibilities.

Because of this inherent inability to address these challenges, companies are turning to other alternatives to manage and handle their ISO 27001 implementation projects.

Achieving employee engagement in ISO 27001 with the right tool

ISO 27001 online tools thrive on the traditional way’s inability to effectively organize and engage people during the project implementation. They are built for teams, fostering a collaborative spirit, effective communication, and coordination around relevant project topics. Here’s how:

  1. Easy access to information. Online ISO 27001 tools are accessible all the time via a browser and an Internet connection. Cross-departmental teams can log into your company domain and access everything they need to know, and tasks they need to do, to contribute to the success of the project. Removing all obstacles between the team and information reduces the chances of disengagement.
  2. One central stage for all task and project activities. With online ISO 27001 tools, all information is located in one place. Tasks can be assigned, tracked, and managed easily. All communication and approvals are kept in the context of the tasks they are tied to. With this, it is quite easy to discern people’s responsibilities, next steps, and the current progress of the project.
  3. Document management system. All ISO 27001 online tools should have a system to develop, track, and manage the huge set of documents. When it is easy for the team to understand where the last version of the file is located, and its status, it removes any frustration and increases the chances of continuous engagement.
  4. Smart notification system. Calling people back to the ISO 27001 online tool at the right time to the right place is crucial to ensure employee engagement. Reminders, as well as document and task status changes, should trigger email notifications to enable users to identify the priorities and ensure timely reaction to the project requests.

With these features, online ISO 27001 tools can ensure an increase in team engagement during the ISO project implementation.

How Conformio engages employees during ISO 27001 implementation projects and holds their engagement through ISO 27001 maintenance

To increase our people’s engagement during an ISO 27001 implementation and later maintenance, we designed our own online ISO management platform, called Conformio. We equipped it with all the necessary features to ensure that all the project activities are streamlined and done on time with the maximum team participation.

We effectively nurture team collaboration with this set of features:

  • Easy-to-access platform – with the right email and password, our team members can log in and quickly access all the relevant information they need to keep the project going forward.
  • One place for all ISO 27001 project activities and information – Answering simple on-hand questions during work on your documents in Conformio, the system will automatically create tasks and send notification to responsible persons, stating due dates and instructions. Conformio will make sure to notify and remind the responsible persons if they slip the first “nudge.” The system will lead them to the task, so they can start on it at once. With each new change in the system or recurrent activity needing to be performed – document or task status change, document review, risk assessment and risk treatment update, internal audit, etc., Conformio will trigger notifications to the right users, so they stay in the loop and can react if needed.
Managing tasks and collaborating on Conformio
Figure 1. Managing tasks and collaborating on Conformio
  • Effective document management system – this helps us co-develop relevant documentation, tracking versions, contextual discussions, and approvals in one place. Team members can start a discussion on the document, invite colleagues to participate, and change the status, calling the right people at the right time to respond to the document change. This smart system reduces employee disconnect and keeps them actively participating.
Co-developing documents on Conformio
Figure 2. Co-developing documents on Conformio
  • Smart notification system – having a system in place where the right person is called back to the system at the right time is crucial to keep people engaged. As you define parameters in your documentation, Conformio will create detailed schedules for necessary activities needed for an easier ISO 27001 implementation as well as ongoing maintenance. As a user on Conformio, you will receive notifications to your email or via Slack, calling you to respond to the requests and discussions specifically tied to you. A Responsibility Matrix is created in the system, which is visible to every user in your Conformio account, and there is no risk of missing or losing the activity needed to be performed, or already done. Your stuff is always online, on Conformio.
Tracking notifications on the My Discussions feed
Figure 3. Tracking notifications on the My Discussions feed
  • Documentation wizard – as an additional feature, Conformio provides easy-to-use templates for the mandatory and the most commonly used documents. These templates are almost 80% complete, requiring only the particular information from your organization’s scenario. You are led through the documents with simple questions, along with suggested answers related to your company that you defined while entering the system. From these templates and your specific information, Conformio can build a schedule of recurrent tasks and a Responsibility Matrix to allow people with responsibilities in the management system to never forget to perform a required task (e.g., document review, risk assessment, internal audit, etc.), and to have a systemic view of their responsibilities.

With this set of features and the underlying notification system that acts as a connecting network between project tasks, discussions, and documents, we managed to increase our employee engagement in ISO 27001 and effectively inspire collaboration between our cross-departmental teams.

So, why not try it yourself? It’s free.

Advisera Rhand Leal

Rhand Leal

Rhand Leal has more than 15 years of experience in information security, and for six years he continuously maintained а certified Information Security Management System based on ISO 27001. Rhand holds an MBA in Business Management from Fundação Getúlio Vargas. Among his certifications are: ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and others. He is a member of the ISACA Brasília Chapter.
Read more articles by Rhand Leal