You must be a platform Administrator to carry out these actions.


The first action required to grant an auditor or external consultant is to set them up as a user on your ISMS.online.



Navigating to the 'Create new user' page:

  1. Scroll over your name and image in the navigation bar

  2. Click 'Organisation settings'

  3. Click 'Registered users'. This will take you to the registered users page

  4. Click 'Create new user'. This will take you to the create new user page



Creating a user for your auditor or external consultant


If you are receiving a stage 1 audit, we recommend that a unique email address is created by the auditor. This is because the same auditor may audit multiple ISMS.online customers, but an email address can only be associated with one user in the entirety of our platform.

  • For the purpose of accessing ISMS.online as a user within your organisation
  • For example, the address might be formatted like this: 
    • your-auditor's-ID-for-your-organisation@your-auditor-domain
  • The auditing organisation can grant multiple individuals access to this email address and ISMS.online user. Meaning that if the designated auditor isn't available - e.g. due to sickness, another auditor within the auditing organisation will be able to access ISMS.online using the same user


From the user creation page, you can then enter the auditor's information, including their First name, Last name, Email address, Organisation and Role on the platform.


We then suggest that you Team in your auditor or external consultant to the Work areas that you would like to grant them access to.

To do this, expand the options below the heading 'Add them to some work areas to give them a head start', and click on the radio button relevant to the Work area that you would like to grant the user access to.

Users can also be added to Work areas after they have been created. See here for a guide on how to Team in users.



Work areas that you might want to give that user access to

If you want to grant an auditor access to your Work areas related to ISO 27001:

  • ISMS Cluster
  • ISO 27001:2013 Policies and Controls Project
  • ISMS Board Group
  • ISMS Communications Group 
  • ISMS Corrective Actions & Improvements Track
  • Information Asset Inventory (ISO 27001) Track
  • Security Incident Management Track
  • Policy Packs Administration (if Policy Packs are used)


If you are subscribed to the GDPR module and an external consultant requires access to your Work areas related to GDPR:

  • GDPR Compliance for ICO - With ISO 27001 Project
  • LIA and DPIA Project
  • Personal Data Inventory & Records Processing Track
  • Subject access Requests Track


If you are subscribed to the ISO 22301 BCMS module and an external consultant requires access to your Work areas related to BCMS:

  • BCMS Cluster
  • ISO 22301:2012 Policies and Controls Project
  • BCMS Incident Response Track
  • Business Impact Assessment (BIA)Track



Note: If you use supplier accounts you may also want to grant the Auditor or external Consultant access to your accounts on ISMS.online. You can grant access to all accounts by giving that user the Accounts Overview permission.



Remote consultancy from our Service Delivery & Development team

Our Service Delivery & Development (SDD) team is full of in-house information security experts, each with years of experience, that combine to offer a vast range of specialisation in different standards.


Our information security specialists offer remote health checks, full implementation support wraps and internal audits to help you prepare your ISMS. If you are interested in benefitting from our tailored services, contact our ISMS.online support team via live chat or by emailing support@isms.online.


In most cases, an SDD member will only need to be teamed into your main work areas, such as the ISO 27001:2013 Policies and Controls Project. However, in some cases you may benefit from making a separate user within your organisation. If this situation occurs, please follow the steps listed above.