Important: Use of a Custom Subdomain

Before creating the user, ensure your platform is configured with a custom subdomain. This helps prevent login issues where auditors may already have existing accounts on other ISMS.online platforms. For guidance, refer to our Custom Subdomain Setup Guide 

2. Completing the User Details

On the user creation page, enter the auditor’s or consultant’s:

• First name
• Last name
• Email address
• Organisation
• Role

Once added, you can assign them access to relevant Work areas.

3. Assigning Work Area Access

To give the user access to specific Work areas:

• Expand the Add them to some work areas section.
• Select the appropriate radio buttons to assign access to specific areas.

You may choose to:

• Select individual Work areas, or
• Use the Select all work areas that were set up with your organisation's ISMS option to provide full access to default ISMS components.

Users can also be assigned to Work areas later via the Teams feature. See our Teams introduction guide for more information.

Users can also be added to Work areas after they have been created. See here for a guide on how to add users to teams.

4. Recommended Work Areas by Module

Depending on your subscription, you may wish to grant access to the following:

ISO 27001

• ISMS Cluster
• ISO 27001:2013 Policies and Controls Project
• ISMS Board Group
• ISMS Communications Group
• ISMS Corrective Actions & Improvements Track
• Information Asset Inventory (ISO 27001) Track
• Security Incident Management Track
• Policy Packs Administration (if applicable)

GDPR (if subscribed)

• GDPR Compliance for ICO - With ISO 27001 Project
• LIA and DPIA Project
• Personal Data Inventory & Records Processing Track
• Subject Access Requests Track

ISO 22301 BCMS (if subscribed)

• BCMS Cluster
• ISO 22301:2012 Policies and Controls Project
• BCMS Incident Response Track
• Business Impact Assessment (BIA) Track

Supplier Accounts (if used)

If your organisation uses supplier accounts, consider granting the Accounts Overview permission to provide visibility over all accounts.

5. Managing the Account After the Audit

When the audit is complete:

• Change the auditor’s email address to free it up for future use.
• Deactivate the user from your platform to maintain access control.
  
  

6. Troubleshooting: Email Already in Use

If you receive a message stating that the email address is already in use:

• Confirm whether your platform is using a custom subdomain. Without one, email conflicts can occur if the user already exists on another ISMS.online platform.
• If not using a subdomain, consider setting one up using our custom subdomain guide.
  
  

Alternatives if Subdomain Change Isn't Feasible

1. Tag the Email Address
   Append a tag to the auditor’s email using the "+" symbol.
   For example: bob+yourcompany@auditor.com
    This sends emails to their main inbox but treats the address as unique on the platform.
2. Request an Alternate Email
    Ask the auditor to provide a new address or update their existing account on the other platform.
3. Create an Internal Address
    Set up a temporary internal email address that your team controls, then share access details with the auditor.

If your platform does use a custom subdomain and the email is still reported as taken, check whether the auditor already exists as a deactivated user.

7. If the Auditor Cannot Log In

If the auditor doesn't receive their welcome email:

• Ask them to check their spam or junk folders.
• If the message isn't there, they can contact us directly at support@isms.online.

For any other questions or support needs, please reach out via live chat or email our team at support@isms.online. We're here to help ensure your audit preparation runs smoothly.