ISMS.online gives you the ability to set up an approval process for review of policies and controls, which is a requirement for ISO 27001:2013. This allows you to manage the integrity of work with a visible approval process that includes timestamps and approvers. The approval process can also be used to set reminders for review of approvals at a time to suit you, as well as ‘Lock-down’ policies to prevent changes once approved, then easily reopen and update versions if you need to later on.

The status of policies is updated in real-time as work gets done, avoiding the need for wasting time with meeting updates and chasers. 


All actions are recorded for audit purposes, so you can rest easy that you are complying with the regulations you need to, while you work with the cloud software. If you feel that there is a Project that would benefit from these features, below you will find instructions on how to enable this within your Project.



Enabling Approval

Activity approval can be enabled within the Project Settings page. There are three levels of approval that you can apply to a Project:

  • Full – All Activities will be sent to Team members with approval permissions for approval when marked as complete.
  • Selected Activities only – Activities set as requiring approval will be sent to Team members with approval permissions when marked as complete.
  • Off – All Activities can be marked as complete without approval.

Select the radio button that corresponds to the settings that you require and click ‘Change approval’ to save these settings.



Enabling Approval for Selected Activities only

To enable approval for selected Activities, first ensure that ‘Selected Activities only‘ has been enabled, within Project ‘Settings’.


Go to the Project structure, by clicking on the ‘Structure’ tab within a project. Select the Activity that you would like to enable approval for, scroll over it and click ‘Edit’.


On the edit view, there is a ‘Require approval’ option. Enabling this will require the selected Activity to be approved before being released.


Only those with approval rights can approve and decline activities. See here for a guide on how to grant users with approval rights