Dynamics 365 as ISO 27001 System (ISMS)
The best Information Security Management System (ISMS) is the one that is integrated with your main business application.
Last week we had our annual ISO audit. Still always a bit exciting, not because we don’t have confidence in our information security processes but more because as a security as a service provider you should be able to proof that information security processes are all perfectly organized. And fortunately, that was also the conclusion of the ISO auditor. No discrepancy’s, not even recommendations. All in accordance with the ISO 27001 standard for information security. Kudos to our team. And to our security officer. Years ago – at the very first audit – he already realized that this could only work for us if we integrated the information security management system into our own (fully paperless) systems. For that reason, our ISMS is configured in our main business application: Microsoft Dynamics 365.
Example of intelligent and integrated systems
In our ISMS, based on dynamics, all iso standards and measures are included – the control tasks are listed here and are displayed as Outlook tasks. Incident registration is linked to improvement plans and then, after assessment, linked to concrete projects that we plan and organize entirely in Microsoft Dynamics.
Commitment and adoption
The entire team is actively part of this ISMS, everyone can suggest improvements, register incidents and view reports and dashboards. And believe me – it’s an IT thing to exaggerate here. That is sometimes also the situation at Universal. It is up to the Security Officer to judge all tasks and improvement recommendations and to prioritize.