Use Cases
      Back to home
      1. Knowledge Base Home
      2. Getting Started
      3. Use Cases

      Implementing an ISO 27001- based ISMS in 6clicks

      Learn how to set up an ISMS within the 6clicks platform

      This article will use a four-step approach to implement an ISMS and how the 6clicks platform can be used at each step.

      4 Step Approach to implementing an ISMS

      1. Establish Scope & Content
      2. Identify & Assess Risks
      3. Develop & Implement Policies
      4. Implement Operate ISMS

      1- Establish Scope & Context 

      Assessments 

      By using the 6clicks Assessment and Audit functionality you can send out questionnaires to gather key information relating to your organisation's scope and context.

      Assessments can be built upon preexisting templates based on global standards or created by you to gather key information required to focus your ISMS.

      To start sending assessments, head here.

      Asset Management

      After sending out questionnaires and gathering information 6clicks then lets you create custom registers to store your assets. Custom registers can be built by either individual on the 6clicks platform or directly imported. 

      To create your own custom register for all your assets, click here.

      2 - Identify & Assess Risk

      Once you have identified and stored your asset into the 6clicks asset register the next step is to identify and profile your risk. The 6clicks platform has built-in risk management functionality, allowing you to identify, assess and monitor your organisation's risk profile.

      Risk Management

      The next step is to identify and manage risk by linking any existing controls and treatment plans associated with those risk. Additionally, if your organisation has identified potential risks already, the risks can be imported directly at this step. 

      Assessment and Audit

      Another use of the 6clicks assessment functionality is to send unique questionnaires relating to risks and have in-depth responses. This method is useful for teasing out specific information relating to your potential risk and can assist in identifying more risk relating to your assets.

      With 6clicks users can also prepare a Statement of Applicability against any relevant standards such as ISO/ICE 27001 and ISM via the assessment and audit functionality.

      3 - Develop & Implement Policies

      Now that your assets and risk have been identified the next step is to establish information security policies. These policies are to be clearly defined and communicated throughout the organisation. Each responsibility linked to each policy also needs clearly communicated and reported on.

      Policies & Controls

      The Policies and Control module allows users to create a library of policies that can be managed across your organisation. Once a set of policies have been created then you can start assigning responsibilities to individuals or groups and start actioning items. Responsibilities can be a once-off task or regular reoccurring check whilst giving an audit trail of actions completed.

      Task Management

      Once users have been assigned task on 6clicks they will be notified and able to monitor upcoming responsibilities via the Task dashboard. This dashboard can be filtered by the type of task, progress and what actions are required. When a user is completing a task they can comment, upload supporting documentation and inform  Reports can also be generated to track the status of different tasks and what the progress of each item is.

      4 - Implement & Operate ISMS

      Now that your assets and associated risk have been identified the next step is to implement a process to address security requirements and to action them. After actions have been implemented the 6clicks platform allows you to evaluate and monitor the performance and effectiveness of your ISMS strategy.

      Assessment and Audit

      To maintain the effectiveness of your ISMS the Assessment and Audit feature allows you to conduct internal audits. Internal auditing is an import aspect of any ISMS as it allows you to reassess your security profile and priorities. Your organisation's assets and risks can change at any time and the 6clicks platform allows you to regularly review and change your ISMS strategy.

      Additionally, you can send assessments to third-parties and suppliers to assess their security ensuring a level of compliance across your whole supply chain. 

      Issue Management

      The issues manager allows you the ability to create, track and manage any issues associated with any of your existing assets, risks and policies. Issues can also be created from assessments and assigned directly from a users response. When an issue has been created they can be assigned actions that link the steps required to address them. Actions can be assigned to specific users or groups on the 6clicks platform and actioned via the Task Manager.

      Analytics and Reporting

      Finally, everything can be tied together with the 6clicks analytics and reporting tools, you can create and export reports such as risk registers and risk matrix mapping, the effectiveness of your policies, assessment results and an overview of your current issues and their actions.