Frameworks allow you to create a pre-defined project structure that will help you achieve a set outcome. 


For example, you might have a framework for other information security standards like NIST. Creating a project from that framework would lay out the requirements of NIST and give you a place to document how you met them, just like the policies and controls area for ISO 27001 that your platform came built with. 


Alternatively, you might have pre-built frameworks for common HR tasks like Recruitment or Induction that conform to you polices in section A.7 of the 27002 Annex. These frameworks help guide the hiring manager though the key information security-related tasks of hiring e.g. character and criminal records checks, setting the user up on systems and inducting them in the company’s information security policies. 


Creating a Project based on a Framework

Frameworks allow you to create a pre-defined project structure that will help you achieve a set outcome. 


For example, you might have a framework for other information security standards like NIST. Creating a project from that framework would lay out the requirements of NIST and give you a place to document how you met them, just like the policies and controls area for ISO 27001 that your platform came built with. 


Alternatively, you might have pre-built frameworks for common HR tasks like Recruitment or Induction that conform to you polices in section A.7 of the 27002 Annex. These frameworks help guide the hiring manager though the key information security-related tasks of hiring e.g. character and criminal records checks, setting the user up on systems and inducting them in the company’s information security policies. 



Creating a project using a Framework

You can create a Project using a pre-built framework for repeatable work with colleagues and partners. 


To see the frameworks that are available to your organisation:

  1. Click 'All work' in the Work menu and then the ‘Create new' button. 
  2. You will be asked what type of work you want to create, choose 'Project' then click create
  3. On the next page, you’ll see a list of all the frameworks you can use, and a search bar to find a specific framework e.g. 'ISO 27001'.


Any frameworks created by your organisation will be listed first, while any frameworks created by ISMS.online or our partners will be listed below them. You can use the search field to find frameworks by name (e.g. searching for "recruitment" will show you the HR-focused frameworks for recruitment).


Hovering over a framework name will tell you more about what it does and whether it includes pre-populated notes, documents and tasks. 


Clicking a framework will begin the creation process for a new project based on that framework.




Customising a project created from a Framework


Even though a framework will pre-populate the Phases, Deliverables and Activities for you, just like any other Project in ISMS.online you can edit, delete or create new ones to suit your needs. 


You can learn more about editing the Project structure here.





Creating a new Project Framework

Overview

Project Frameworks in ISMS.online. enable repeatable work. This might represent your BCP plans or some standard activities for new staff you want to be undertaken as part of an induction process.


Any existing Project can be turned into a framework, but be aware that this Project will no longer show up in your All Work or Project listings, so if you still plan on using a Project make a clone of it first and then turn the clone into a Framework.


Before you start


There are three key things to note before you turn a project into a Framework

  1. The current name of the project will become the name of the Framework
  2. The current image for the project will be shown on the create new project screen next to the Framework name
  3. After creating a Framework you can go back and edit everything except the Framework description later


Instructions


To turn an existing Project into a Framework navigate to that project and then click the ‘Settings’ option in the top right of the screen.

On the project settings page scroll down to ‘Advanced Project Settings’ where you’ll find the Convert to Framework button.



Clicking ‘Convert to framework’ will present you with a pop-up menu. Here you can:

  • Add a description to the framework that will be shown when hovering over this framework on the create new project screen
  • Choose to Include Notes, To-dos and or Documents. If you tick these then any new projects created from that framework will contain the latest version of any Notes, To-Dos or Documents from this project. This is great if you have guidance you want to give contained within the notes area or standard forms you want completed as documents. 

We would advise taking note of the project ID (the numbers in the URL for the project) so if you need to amend the framework at any time you have the project ID to hand, this can be found later if you forget so don't worry.


Updating an existing Project Framework

Once a framework has been created it is possible to amend the structure, this will mean any new projects created using that framework will have that updated structure. Note: existing projects created from that framework will not be altered in any way.

To edit a framework it needs to have been created by a user within your organisation and you need to be an admin on the framework project in question.


Note that if your framework includes notes, documents and discussions then only the latest version of each of those will be copied into any projects created from it, not the whole version history.


If you need a framework provided by ISMS.online changed please contact the support team via the in-platform chat feature.


Instructions 

To edit a framework you need to know the ID for the project it was based on, this can be found by going to;

  1. Go to 'Work' menu then 'All work'

  2. Click Create New

  3. Choose the type of work, select Project

  4. This will display the project creation area, with a list of all the Frameworks you have access to. 

  5. Hover your mouse over the Framework you want to edit

  6. The ID for that project will be shown at the end of the link shown at the bottom of the page (screenshot below uses Google Chrome, other browsers may vary)

  7. Make a note of that ID (in my example it’s 2264)

  8. Then visit any existing project you have access to in ISMS.online. 

  9. Once there edit the URL and change the number after /projects/ to be the ID of the framework you want to edit eg: platform.isms.online/projects/2264 and press enter.

  10. That will load the framework project allowing you to edit the structure in the normal way.


Note: You can only load a Framework URL that you have access to.

Frameworks available in ISMS.online

ISMS.online offers a growing list of Frameworks. If you are interested in any of the below Frameworks being enabled for your organisation, contact the ISMS.online support team at support@isms.online.


The Frameworks which ISMS.online offer include:


Core / ISO 27001 2013/17 & related frameworks

  • Audit of ISO 27001 Mgt Requirements & Controls
  • Basic Business Continuity Plan Framework
  • Blank Template (including ISO Information Security considerations)
  • Candidate Screening & Recruitment A.7.1.1)
  • Info Sec in Projects (A.6.1.5) + Privacy by Design
  • Information Security Board Meetings Framework
  • Information Security framework (ISO 27001 for A6.1.5)
  • Internal Audits Framework
  • ISO 27001 Audit Programme (simple inc GDPR) Framework
  • ISO 27001 Success: What, Why and How Framework
  • ISO 27001:2013 A.6.1.5 Info Sec, LIA and DPIA
  • ISO 27001:2013 Policies and Controls
  • Staff Exit Framework (A.7.3.1)
  • Staff Induction (A.7.2.1 & A.7.2.2)
  • ISMS Audits Framework
  • ISMS Board Framework


ISO 9001 (Quality)

  • ISO 9001: 2015 (abridged)
  • ISO 9001:2015 Framework


ISO 13485:2016 (Medical Devices Quality Management System)

  • ISO 13485:2016 Framework


ISO 14001 (Health and Safety)

  • ISO 14001:2015


ISO 17020 (Inspection)

  • ISO 17020:2012


ISO 17025 (Testing and Calibration laboratories)

  • ISO 17025:2005 - Needs updating to 2017 version


ISO 22301 (BCMS)

  • BCP incident response for ISO 22301:2012
  • ISO 22301:2012 Framework
  • ISO 22301:2012 Policies and Controls


ISO 27018 (Security in public cloud handling PII)

  • ISO 27018:2014 Extended Controls Set for PII


ISO 45001 (Environmental)

  • ISO 45001:2018


Cyber Essentials (Crest)

  • Secure Data CREST Cyber Essentials Plus


Cyber Essentials (IASME)

  • Cyber Essentials PLUS Test Specification V1.2
  • Cyber Essentials Scheme
  • Cyber Essentials Common Questionnaire
  • Cyber Essentials IASME Certification
  • Cyber Essentials IASME scheme (from March 2018)
  • IASME Cyber Essentials (Feb 2017 Onwards)
  • IASME Governance: Cyber Essentials and GDPR


DSPT

  • DSPT Assertions Action Plan - Large
  • DSPT Assertions Action Plan - Small


GDPR

  • Data Protection & Privacy Impact Assessment Framework
  • Detailed Business Impact Assessment (BIA) Framework
  • GDPR 7 Checklists from the ICO - April 2018
  • GDPR Audit & Monitoring Programme (ICO focused) Framework
  • GDPR Compliance for ICO - With ISO 27001
  • GDPR readiness & compliance (Large Ent) Framework
  • ICO Data protection self assessment for GDPR (SMEs)
  • ICO GDPR Checklists - Dec 2017 onwards
  • Information Security and PIA framework - Alliantist
  • Information Security and PIA framework - ISMS Online
  • Legitimate Interest & Data Protection Privacy Impact Assessment (LIA and DPIA)
  • Legitimate Interest Assessment (LIA) standalone


IGSoC

  • IGSoC - Achieving Level 2 Maturity


IPPF

  • IPPF


NIS

  • NIS Directive - NCSC Guidance


NIST

  • NIST 800-171 Framework


NYDFS

  • NIST Cyber Security Framework


Government

  • NYDFS 23 NYCRR500 Cybersecurity
  • Cloud Security Principles


Human Resources (HR)

  • Employee Exit
  • Employee Induction
  • Employee Recruitment


Trust Services Criteria (TSC)

  • 2017 Trust Services Criteria (TSC) Framework


PAS 99

  • PAS 99:2012


PCI DSS

  • PCI DSS 3.2 Requirements Framework


SCCI-0129

  • SCCI-0129


All

  • Management Review Board
  • The National Decision Model (Policing)


ISMS.online

  • Preparing for GDPR - 12 Steps from ICO