You must be an organisation Administrator to carry out these actions.
The first action required to grant an auditor or external consultant is to set them up as a user on your ISMS.online.
Navigating to the 'Create new user' page:
- Scroll over your name and image in the navigation bar
- Click 'Organisation settings'
- Click 'Users'. This will take you to the registered user's page
- Click 'Create new user'. This will take you to the create a new user page
Creating a user for your auditor or external consultant
First, you will want to ensure you have a custom subdomain set up for your ISMS, this is because your auditor may already have an account on another ISMS platform, and this may cause issues logging in if that customer also does not use a custom subdomain. We have this guide on how to set up a custom subdomain.
From the user creation page, you can then enter the auditor's information, including their First name, Last name, Email address, Organisation and Role on the platform.
We then suggest that you Team in your auditor or external consultant to the Work areas that you would like to grant them access to.
To do this, expand the options below the heading 'Add them to some work areas', and click on the radio button relevant to the Work area that you would like to grant the user access to.
By selecting 'Select all work areas that were set up with your organisation's ISMS', you can automatically grant them access to all areas that were provisioned when your platform was created.
Users can also be added to Work areas after they have been created. See here for a guide on how to An Introduction to Teams Team in users.
Work areas that you might want to give that user access to
If you want to grant an auditor access to your Work areas related to ISO 27001:
- ISMS Cluster
- ISO 27001:2013 Policies and Controls Project
- ISMS Board Group
- ISMS Communications Group
- ISMS Corrective Actions & Improvements Track
- Information Asset Inventory (ISO 27001) Track
- Security Incident Management Track
- Policy Packs Administration (if Policy Packs are used)
If you are subscribed to the GDPR module and an external consultant requires access to your Work areas related to GDPR:
- GDPR Compliance for ICO - With ISO 27001 Project
- LIA and DPIA Project
- Personal Data Inventory & Records Processing Track
- Subject access Requests Track
If you are subscribed to the ISO 22301 BCMS module and an external consultant requires access to your Work areas related to BCMS:
- BCMS Cluster
- ISO 22301:2012 Policies and Controls Project
- BCMS Incident Response Track
- Business Impact Assessment (BIA)Track
Please amend the auditors email address once audit is finished, so it is free to use by others then deactivate the auditor.
If the Auditors Email is already taken
If you get the message that an auditors email is already taken, it may be that you have not set up a custom subdomain on your platform. If this is the case, and the auditor has used their email address on another platform (or you are using a Partner Org user, these user emails are across the entire system, not just your platform), it may trigger this message as the email is already in use elsewhere. Once you set up a custom subdomain, you should be able to add this email as though it were a new user. To set up a custom subdomain, simply carry out the steps in the guide linked here.
If the audit is close and you don't want to change the subdomain at this time, then we recommend:
If you do have a custom subdomain set up, and are still receiving this message- check that the auditor has not already been set up. They may exist as a deactivated user within your user list.
If you require any further assistance, do reach out to our support team on the live chat or email us at support@isms.online
If the auditor cannot log in
If the auditor's email isn't in use, but they don't receive the welcome email they should make sure they check their spam/junk folder. If the welcome email is not there, they should email us at support@isms.online