Guidance

The Guidance overview feature is designed to help ISO 27001 admin users navigate through their compliance journey on the Kertos platform. From the initial setup steps to the audit phase, the Guidance overview provides contextual guidance, suggested questions, and a step-by-step process, ensuring users complete each task efficiently and correctly. The feature aims to reduce the need for continuous support from Customer Success (CS) by giving users the clarity they need to move through the compliance workflow.

 

Guidance:

The User Guidance is a section designed to help ISO 27001 admin users navigate their compliance journey on the Kertos platform. It provides a visual progress tracker, contextual prompts, and direct navigation through key stages. It helps users stay on track by offering actionable next steps ensuring they complete tasks efficiently without needing constant support from Customer Success. The phases are designed to be automatically checked off the. If you prefer, in the Setup phase, you can also manually check them off. 

Problem:

Admin users setting up their InfoSec compliance journey often struggle with:

  • Unclear path to compliance: Not knowing the necessary steps to become ISO 27001 compliant.
  • Lack of visibility: Losing track of where they are in the process and which tasks are still pending.
  • Overwhelming task management: Having to manually keep track of each control, risk, and evidence, which often requires CS involvement.

Benefits:

  • Guided Workflow: the Guidance overview breaks down the compliance process into clear, actionable steps, allowing users to stay on track and avoid feeling overwhelmed.
  • Reduced Need for CS Support: By automating guidance, users are empowered to complete tasks on their own, reducing reliance on Customer Success.
  • Improved Compliance Tracking: With visual progress tracking, users can easily see their progress and the remaining tasks in the compliance journey.
  • Better Engagement: Personalized, contextual prompts help users understand the significance of each task, making them more invested in the process.

How It Works:

  • Fixed Guidance Widget: A fixed progress widget in the navbar displays a visual progress bar with 9 key compliance milestones (e.g., Setup, Scope, Risks, Controls).
  • Step-by-Step Guidance: the Guidance overview offers clear, easy-to-follow instructions for each phase of the compliance process. It highlights what needs to be done, what evidence needs to be uploaded, and when a task is complete.
  • Progress Tracker: A visual progress bar tracks the user’s journey through the 9 compliance stages (Setup, Scope, Organization, Documentation, Assets, Risk Assessment, Risk Treatment, Pre-Audit, Post-Audit). This allows users to track where they are and what they need to do next.
  • Suggested Questions: In key sections like Controls and Risks, KAIA, when enabled, displays suggested questions that guide users on what to consider next, making complex decisions more manageable.
  • "Take Me There" Feature: Users can click the “Take Me There” button to navigate directly to the task they need to work on, reducing friction in their workflow.

Fixed Guidance Widget: 

The Fixed Guidance Widget in the navbar provides a visual progress bar that shows the percentage of completion toward your ISO 27001 audit. The widget dynamically updates as you progress through your journey.

1. Click on Widget for general guidance overview: When clicked, it takes you to the general ISO 27001 guidance overview, which gives you detailed information on the missing steps and what’s needed to be audit-ready.

Step-by-Step Guidance Overview: 

The Guidance Overview breaks down the compliance process into clear phases. Each phase offers specific instructions on what needs to be done.

1. Setup Phase: Prepare your platform and profile for the upcoming compliance tasks. Tasks:

  • Organization Setup: Add company details, location, legal contacts.
  • Users & Departments: Add users, assign roles and departments.
  • Systems & Vendors: discover systems, vendors, and link them.
  • Assets: discovery assets your company is using

2. Scope Phase: Define the scope of your ISMS and initiate foundational security controls. Tasks:

  • Management Support: Ensure management is onboard with the ISMS process.
  • ISMS Scope: Define what’s covered under the ISMS.
  • Information Security Policy: Establish a security policy and communicate it across the organization.

3. Organization Phase: Set up the organizational structure of your ISMS and establish training. Tasks:

ISMS Organization: define the structure of the ISMS, assign responsibilities

Training & Awareness: provide training on information security policies and raise awareness

Communication: ensure proper channels for ongoing security communication.

4. Documentation Phase: establish all necessary information security documentation. Develop and organize the necessary documents (policies, procedures, records).

5. Assets Phase: manage and classify assets for risk assessment and security management. Ensure all assets are inventoried and classified properly to support risk management.

6. Risk Assessment Phase: Identify risks and establish a risk management methodology. Assess and analyse risks, assign risk levels, and document the risk assessment.

7. Risk Treatment Phase: develop a risk treatment methodology to manage identified risks. Treat risks through defined actions, update asset management processes.

8. Operations Phase: ensure processes are defined for ongoing security operations.

9. Pre-audit Phase: prepare for internal audits and assessments. Conduct internal audits to identify non-conformities, assess preparedness for external audits.

10. External Audit: complete the external audit process, including stage 1, stage 2, and audit results. Participate in the external audit, address any identified issues, and prepare for certification.

 

 

 

 

FAQs:

1. How does the Guidance overview help me with compliance tasks?
It provides step-by-step guidance, highlighting what actions you need to take and when. It also lets you track your progress across the compliance journey.

2. Is the Guidance overview designed for users who already have experience with ISO 27001?
It is designed to assist both new and experienced users. For experienced users, it helps streamline workflows by providing guidance only when necessary.

3. How does the progress tracker work?
The progress tracker visualizes the 9 compliance stages. It automatically updates as you complete each task, so you can easily see where you are in your compliance journey.

Was this article helpful?