Implementing an ISO 27001- based ISMS in 6clicks

Learn how to set up an ISMS within the 6clicks platform

This article will use a four-step approach to implement an ISMS and how the 6clicks platform can be used at each step.

4 Step Approach to implementing an ISMS

  1. Establish Scope & Content
  2. Identify & Assess Risks
  3. Develop & Implement Policies
  4. Implement Operate ISMS

1- Establish Scope & Context 

Assessments 

By using the 6clicks Assessment and Audit functionality you can send out questionnaires to gather key information relating to your organisation's scope and context.

Assessments can be built upon preexisting templates based on global standards or created by you to gather key information required to focus your ISMS.

To start sending assessments, head here.

Asset Management

After sending out questionnaires and gathering information 6clicks then lets you create custom registers to store your assets. Custom registers can be built by either individual on the 6clicks platform or directly imported. 

To create your own custom register for all your assets, click here.

ISMS Part 1

2 - Identify & Assess Risk

Once you have identified and stored your asset into the 6clicks asset register the next step is to identify and profile your risk. The 6clicks platform has built-in risk management functionality, allowing you to identify, assess and monitor your organisation's risk profile.

Risk Review

The 6clicks Risk Review functionality allows you to send a select list of risks to key stakeholders to gather key information about your risk profile. A risk review can consist of a pre-created 6clicks risk library, organisation specific or a combination of the two. When sending out a risk review recipients select what risk they think are relevant to your organisation, what the likelihood of the risk is and the potential impact the risk would have if it occurs.

When a Risk Review has been completed you will be able to generate a unique Risk Matrix report to assess identified risk and perceived outcomes of those potential risks.

Risk Management

The next step is to manage risk by linking any existing controls and treatment plans associated with those risk. Additionally, if your organisation has identified potential risks already, the risks can be imported directly at this step. 

ISMS Part 2

Assessment and Audit

Another use of the 6clicks assessment functionality is to send unique questionnaires relating to risks and have in-depth responses. This method is useful for teasing out specific information relating to your potential risk and can assist in identifying more risk relating to your assets.

With 6clicks users can also prepare a Statement of Applicability against any relevant standards such as ISO/ICE 27001 and ISM via the assessment and audit functionality.

3 - Develop & Implement Policies

Now that your assets and risk have been identified the next step is to establish information security policies. These policies are to be clearly defined and communicated throughout the organisation. Each responsibility linked to each policy also needs clearly communicated and reported on.

Policies & Controls

The Policies and Control module allows users to create a library of policies that can be managed across your organisation. Once a set of policies have been created then you can start assigning responsibilities to individuals or groups and start actioning items. Responsibilities can be a once-off task or regular reoccurring check whilst giving an audit trail of actions completed.

Task Management

Once users have been assigned task on 6clicks they will be notified and able to monitor upcoming responsibilities via the Task dashboard. This dashboard can be filtered by the type of task, progress and what actions are required. When a user is completing a task they can comment, upload supporting documentation and inform  Reports can also be generated to track the status of different tasks and what the progress of each item is.

ISMS Part 3

4 - Implement & Operate ISMS

Now that your assets and associated risk have been identified the next step is to implement a process to address security requirements and to action them. After actions have been implemented the 6clicks platform allows you to evaluate and monitor the performance and effectiveness of your ISMS strategy.

Assessment and Audit

To maintain the effectiveness of your ISMS the Assessment and Audit feature allows you to conduct internal audits. Internal auditing is an import aspect of any ISMS as it allows you to reassess your security profile and priorities. Your organisation's assets and risks can change at any time and the 6clicks platform allows you to regularly review and change your ISMS strategy.

Additionally, you can send assessments to third-parties and suppliers to assess their security ensuring a level of compliance across your whole supply chain. 

Issue Management

The issues manager allows you the ability to create, track and manage any issues associated with any of your existing assets, risks and policies. Issues can also be created from assessments and assigned directly from a users response. When an issue has been created they can be assigned actions that link the steps required to address them. Actions can be assigned to specific users or groups on the 6clicks platform and actioned via the Task Manager.

ISMS Part 4

Analytics and Reporting

Finally, everything can be tied together with the 6clicks analytics and reporting tools, you can create and export reports such as risk registers and risk matrix mapping, the effectiveness of your policies, assessment results and an overview of your current issues and their actions.