ISMS.online gives you the ability to set up an approval process for review of policies and controls, which is a requirement for ISO 27001. This allows you to manage the integrity of work with a visible approval process that includes timestamps and approvers.

Enabling Approval

Activity approval can be enabled within the Project Settings page. There are three levels of approval that you can apply to a Project:

• Full – All Activities will be sent to Team members with approval permissions for approval when marked as complete.
• Selected Activities only – Activities set as requiring approval will be sent to Team members with approval permissions when marked as complete.
• Off – All Activities can be marked as complete without approval.

Select the radio button that corresponds to the settings that you require and click ‘Change approval’ to save these settings.

Enabling Approval for Selected Activities only

To enable approval for selected Activities, first ensure that ‘Selected Activities only‘ has been enabled, within Project ‘Settings’.

Go to the Project structure, by clicking on the ‘Structure’ tab within a Project. Select the Activity that you would like to enable approval for, scroll over it and click ‘Edit’.

On the edit view, there is a ‘Require approval’ option. Enabling this will require the selected Activity to be approved before being released.

Only those with approval rights can approve and decline activities. See here for a guide on how to grant users approval rights