What is an Activity?

An Activity is a dedicated area within a project where work is carried out. In the context of ISO 27001, Activities are used to store policies, controls, procedures, evidential documents, and communications linked to the standard’s clauses and requirements.

You can assign Activity owners and set timelines to help drive your implementation forward.

 


Keeping Everything in One Place

Policies, controls, procedures, and related documentation can be managed through Notes, Documents, To-dos, and Discussions — at whatever level works best for your organisation.

The Activity area ensures everything is organised in one location and provides a detailed record of your actions and decisions, demonstrating you are in control.


Choosing the Right Tool for the Job

Notes

Best for documenting policies and procedures, and for recording evidence that something has been considered but not required. For example, in ISO 27001 you must show you have reviewed all Annex A controls — even if some are not applicable.)


Documents

Use for longer policies, or where diagrams, tables, or images are needed. Documents can also support your evidence base, such as a copy of your risk methodology or process flows.


Discussions

Hold conversations with colleagues directly within ISMS.online. This keeps knowledge in one place and helps demonstrate your decision-making process to an auditor.


To-dos

Create tasks for yourself or team members to break down work or address specific issues in a structured way.



Working Across the Project Area


 

At the top of the project area, tabs allow you to view all Notes, Documents, To-dos, and Discussions from every Activity in an aggregated format. Each item also includes a link back to its parent Activity where relevant.

Within an Activity, you can:

  • Edit and amend Notes.
  • Upload and version control Documents.
  • Add and update To-dos.
  • Participate in Discussions.

Finalising Your Work

When your Activity is complete, we recommend submitting it for approval. This not only provides an independent or peer review but also demonstrates to an auditor that your work has been validated.