Note: You’ll need to be an administrator of Policy Packs to carry out these actions.
What are Policy Packs?
Policy Packs make it simple to publish key parts of your ISMS in a clear, easy-to-read format. They allow your audience to confirm they’ve read the relevant content and, where required, formally demonstrate compliance by completing assigned To-Dos.
Policy Packs can include policies, controls, processes, procedures, or other guidance. For simplicity, we’ll refer to all of these as “policies” throughout this guide.
With fast-changing threats and regulatory updates, keeping your policies up to date and ensuring compliance is critical. Policy Packs in ISMS.online make this process quick and seamless.
Navigating to Policy Packs
To access Policy Packs:
- Go to the Work menu in your main navigation bar.
- Select Policy Packs to open the Administration Dashboard.
This dashboard is your central hub for managing and publishing Policy Packs.
Creating a New Policy Pack
- From the Policy Packs Dashboard, click on the Policy Packs tab.
- You’ll see your existing packs displayed in green columns. To the right of these, click New Policy Pack.
- Enter a name for your new Policy Pack and select Create Policy Pack.
To update a Policy Pack’s name later:
- Click the Actions dropdown next to the pack.
- Select Edit Pack name, make your changes, and click Save.
Adding Policies to a Policy Pack
By default, Policy Packs include all policies and controls from your ISO 27001 Policies and Controls Project. You can select the ones that are relevant for each audience.
For example:
- Include secure development policies for Development and Production teams.
- Exclude those policies from packs created for Sales and Marketing.
If you have additional Projects in your ISMS (e.g., ISO 22301, NIST, or documented operating procedures), you can add these to Policy Packs too.
Important Notes:
- Policies must contain content in the Notes field. Only these can be marked as “read” when rolling out Policy Packs.
- Be cautious when removing a policy from a pack. This action removes it from the pack entirely and erases any associated progress or history.
Setting Default Policies for All Policy Packs
Some policies, such as A.6.2.1 Mobile Device Policy, may apply to all staff. To avoid adding them to each pack individually:
- Tick the box in the grey column titled Select Policies everyone needs to know.
This ensures these policies appear in every Policy Pack automatically.
Editing Policies in a Policy Pack
To add or remove policies from a specific Policy Pack:
- On the Policy Packs Administration page, locate the column for the Project you want to edit.
- Tick or untick the boxes next to each policy to include or exclude them from that pack.
Next Steps
Once your Policy Pack is ready and policies are added, you can assign it to your audience. They’ll be able to read the policies and confirm compliance directly within ISMS.online.