Managing ISO 27001 documentation in the cloud has been adopted by organizations looking for an efficient way to connect relevant people from different offices and help them address all the document management challenges an ISO 27001 project can set before them. One of those challenges relates to the confidentiality of the documents your team is working on.

Working on ISO 27001 documentation requires a different level of access and permissions throughout the implementation project. Some documents might be available for all, but others might have a big red “Confidential” stamp on them. Reasons for this can be many, but the point is the same – not all documents are open, and you need a document management system that can support that.

In this article, we will introduce you to an option called “Make private folder” designed to help you manage your confidential ISO 27001 documentation privately or with hand-picked colleagues all in the same place, online.

Making a folder private

If you want your private space on a project to handle documents with hand-picked team members, or if you need a private space for personal working files inside a project, all you need to do is create a folder, click on the three dots menu, and select the option: “Make private.” This folder will preserve the privacy of documents you put inside that folder just for you and the people you invite. Others will be able to see the folder, but cannot access it or change it without your explicit involvement.

This allows you to continue working with cross-department teams on the same project in parallel, without a need to create a separate project. Each team and department can have its own place for private working files, policies, and procedures they are developing up to the point they are approved and presented as the final versions. The rest of the folders can be open for all and used as placeholders for finished documents, supporting files, and knowledge centers.

Making a folder private

Figure 1. Making a folder private

Inviting team members and controlling their access

You can invite your team to join you in working on your documentation. What’s even better, you can control what they can or cannot do inside that folder by giving each team member an appropriate access right. Each access right will give a precise access level to documentation in the folder, and what that team member can do with it. Those rights are:

  1. Read – can download and preview files inside a private folder.
  2. Write – can download, preview, upload/create, edit, sync, and delete files.
Inviting a team member to a private folder in Conformio

Figure 2. Inviting a team member to a private folder in Conformio

Rights can be assigned while inviting the user; just select the one you think is right and, voilà, it’s done.

Having this kind of control over who does what with the documents will help you reduce the risk of losing documents, track accountability, and get things done under close supervision – the kind confidential documents usually require.

If some access should be reduced or removed altogether, just head over to the private folder, select the user and change their access.

Additionally, you can share a document with someone who is not a Conformio user, for a predefined number of days – it’s very useful, for example, for sharing documents with auditors, customers, etc.

To share a document, you only have to select the document, enter the user’s email, and select for how many days the document will be available.

Sharing documents with a user outside Conformio

Figure 3. Sharing documents with a user outside Conformio

If this makes sense, go on and try Conformio.