ISO 27001 Compliance Platform for Smaller Businesses

Compliance dashboard

Measure your company’s compliance with ISO 27001. Conformio gathers information from step-by-step guidelines, along with the Security Controls and Nonconformities modules, and aggregates it into a dashboard. The information is displayed from these four perspectives: Strategic, Organizational, Risk Management, and People - giving you a bird’s-eye view of the status of the compliance in your organization. If you want to know the details, the Dashboard allows you to drill all the way down, until you reach the level of individual requirements.

Step-by-step guidelines

Conformio is a tool specially designed to help small- and mid-sized businesses like yours with successful implementation and maintenance of the standards and regulations that matter to your industry. Let Conformio guide you, step-by-step, through implementation of ISO 27001.

Documentation templates

We pride ourselves on being able to assist small companies with implementing ISO 27001 without the need for a consultant. As such, we designed our templates to be easy- to- use, even for someone who is not familiar with any given standard.

Our templates are fully customizable, and 80% complete so you can finish them with ease. Each document includes helper text throughout to make sure that you understand how to fill it out.

We also provide support throughout the process, and a document review when you’ve finished, so that you can have peace of mind that your compliance is intact.

• Implement a standard in a cost-effective way, using documentation toolkits recognized by companies in more than 100 countries.
• Save your time on implementation – documentation templates are already 80% filled, yet still fully editable to allow you to make any changes you need.
• Use the templates along with extensive online support in the form of unlimited email support, 1-on-1 meetings with an expert, and a review of documents.
• Watch helpful video tutorials, which will show you exactly how you should fill in the most complex documents using real examples.

Security incidents

Incidents are bound to occur, even with companies that have low risk. Under ISO 27001 requirements, incidents must be recorded in one place, and companies must ensure that everyone knows the process to follow in such an instance. All of this can be recorded in Conformio, along with the relevant details everyone needs to know about a particular incident or breach.

• Clearly see the status of an incident, whether it has been resolved or remains open.
• Assign responsibility for resolving an incident to a specific person.
• Prevent future incidents by detailing information, such as: date & time, incident type, cause of the incident, and cost of the incident.
• Link the incident directly to a corrective action and to security risks.
• Assign tasks to specific team members needed to resolve the incident.
• Search incidents, discussions, and documents utilizing tag management.
• Attach all the necessary documents to a particular incident to keep everything in one place.

Corrective actions

If you spot a deeper problem in your system that needs to be resolved systematically, this is the right place to do it – you can analyze the cause and then resolve and record it in a way that will be compliant with the regulation or standard you have implemented.

• Display a list of all corrective actions, and easily separate those that are resolved from the ones that are still open.
• Record the cause of the nonconformity as required by ISO standards.
• Define who is generally in charge of the corrective action, and who has to perform detailed tasks.
• Assign a reviewer of the corrective action who will confirm that the cause of the nonconformity has been eliminated.
• Display how the corrective action is related to nonconformities, incidents, and complaints.
• Use tags so that you can search corrective actions easily.
• Add documents and other files that are related to a particular corrective action.

Nonconformities

This is your centralized compliance database where you can record instances of non-compliance related to ISO 27001, and also with your internal policies. Additionally, you can easily monitor how these nonconformities are being corrected, so that certification auditors won’t give you a hard time.

• See a list of all nonconformities, and visually separate those that are resolved from the ones that are still open.
• Assign general responsibility for the nonconformity to a particular person, and assign detailed tasks for resolving the nonconformities to several of your colleagues.
• Link the nonconformity directly to the appropriate corrective action.
• Add tags to nonconformities so that you can search them more easily.
• Add documents and other files that are related to a particular nonconformity.

Internal audits

Internal Audits module gives you the transparent view over your objectives related to ISO 27001 and what you need to do to achieve them in one place. It contains checklists with defined aspects of what needs to be done, and the functionality to perform the audit.

• Create and edit checklists, or use a predefined checklist. Define requirements and reference them to your documented policies and procedures.
• Create ISMS or custom internal audits, assign it to a responsible person, define criteria, scope, etc., and plan audit execution.
• Perform audits.
• Track noncomplying items and link them to existing or new nonconformities.
• Create audit reports.

Security controls

The Security controls module helps you track the status of controls that must be implemented in the company to be compliant with ISO 27001. Track applicability with justification of the decision, control objective, implementation method and status for each security control.

• List of all 114 controls from ISO 27001 Annex A.
• Set each control as applicable or not applicable.
• Set planned, partially or fully implemented status for each control.
• Record justification for selection or non-selection and control objectives.
• Define an implementation method or link a reference document to it.

Expert support

We have experts available to help guide you through the implementation process, who can assist with any questions that may arise along the way. .

• Get started with one-on-one online meetings, and learn how to kick off your project, and learn next steps and how to resolve problems as they arise.
• Reach out to us at any time during your implementation project with unlimited email support, and have your questions answered within 24 hours by our experts.
• Once you complete your documents, let our experts review them – they’ll provide you with feedback and indicate what needs to be improved.

Document management system (DMS)

With Conformio’s built-in document management system, all your company documents and files are maintained in one place, allowing multi-user access in a safe and secure environment to store all your valuable information.

• Efficiently review, approve, distribute, and maintain your documents according to ISO 27001 requirements.
• Automatically receive confirmation about which of your employees has read a particular document.
• Make sure your policies and procedures will always be up to date and available to the employees who need them, when they need them.
• Maintain good relations with your ISO certification auditor, thanks to the collaboration access features and clear structure of files and folders.
• Store all types of files: Word, Excel, PowerPoint, PDF, JPG, PNG, video, and audio files in one centralized storage for your company.
• Synchronize with Dropbox, to easily migrate your files to Conformio. This feature also enables you to work with your files directly from your local drive.

Document writing automation

Save time writing and updating your files with Conformio. Simply input your information once and let Conformio take care of the rest.

• Automatically insert your company name and logo into each of your policies and procedures.
• Easily change document version number and the date in the footer of your documents (under development).
• Manage global updates and changes in all of your documents at once. When your company’s address changes, you can update it in all the documents with just a few clicks (under development).

Task/project management

By placing all of your compliance tasks in one centralized place, Conformio lets you manage your project and perform the tasks, with better control over your project and fewer headaches.

• Provide a centralized area for all team members to perform, monitor, and review all implementation and maintenance tasks.
• Define clear roles and responsibilities within your team to ensure successful compliance.
• Link each step of document development with tasks; e.g., if a document is waiting for your review, it will be displayed as a task in your task list.
• Open an unlimited number of projects with unlimited tasks across your entire company – use the best implementation practices to handle all your company projects in the same way.

Social messaging

With the built-in intranet, Conformio offers an efficient communication tool between team members, other company employees, and external users, saving time with more streamlined working practices and effective project management.

• Discuss documents and tasks related to your ISO implementation, or any other project.
• Get rid of emails and increase the productivity of your workforce thanks to the intuitive messaging system, similar to social media networks.
• Have all of your internal communication stored in one place and aligned with tasks and documents.
• Relate messages to any document or any task, making it easier to produce policies and procedures and finish your project.

User management

When opening an account for your company on Conformio, you become the company administrator with the ability to handle and define all the user roles in one place.

• Add new users to your network, and restrict access to certain folders or projects – maintain a connected workspace for all of your employees, while protecting your most sensitive information.
• Never fear a big bill based on the number of user accounts. You can add new users without additional costs (within the limits of a particular subscription plan).