People@

Compliance process requires to have an ISMS team for the ISMS set up and implementation. Furthermore it is a requirement to have an overview of all team members so security and privacy can be created around people and processes. Here are some requirements to start with:   

  • Assign ISMS Roles from your team. We advise that you start with assigning 2 team members responsible for your ISMS. Always ensure that there is knowledge of Technology and Business within your ISMS. 
  • Assign the minimum mandatory security roles to the ISMS Team members. Security Officer (SO), Data Protection Officer (DPO). In the section roles and responsibility we will explain more about the specific roles. Once your ISMS will mature over the years, more team members can be assigned for specific roles or activities.  
  • If you have an office, you are responsible for the physical security of your office. You can easily solve this by keeping track of who will have access to the office (by key/card/code). If you have that security outsourced (eg: you make use of co-working spaces) you need to check if that is a part of your contract.  
  • If you hire people, ISO27001 expects that you are in control on the number of team members all the time. The job title, team and who will lead/mentor that person.  
  • You will need to be in control of your labor contracts. Especially if you are in the scaling phase, it is handy to have expiry dates etc. in one place.  
  • From a Compleye Online perspective, the People@ section should be the first section that you address. As this is linked to multiple other fields in other sections and to make use of all features, you will need to fill in at least all your team members’ name, status (active/non-active) and the job title. 

  • Definition of your Team Members: your employees, or individuals that have a contract with your company (This can be a shareholder with a management contract or freelancer contract. As long as they are working more time for you than anyone else). When an individual is tied to a company and delivers people as services – you will need to profile them as suppliers and not as team members.  

  • There is a functionality to add documents (eg. contract, referrals, etc) for each new team member. 
  • We have added more fields than the mandatory ISO27001 requirements in this section. You can choose if you want to make use of it. We have divided the input into 3 sections: 

    1. General – Organizational information 

    1. Contact – Not an ISMS mandatory. However it can be very useful to have this information in place (eg: personal email for payslips, all telephone numbers in one place and private information). Please make sure to check the authorization level of users – who has access and who has observer rights. 

    1. Contract – You can fill in all information and also upload the contract when needed. We have enabled functionality for the authorization levels. You can add observer rights and access on individual assigned sections. Still, be careful when adding the contract with confidential information (eg: bank account and salary details). In the Section Legal & Compliance contract templates are being addressed.  

  • In accordance with the ISO requirements, part of the onboarding of new team members is to present them with Security Policy and any internal security rules or procedures for employees. In Templates section you can find templates for the Security Policy, Code of Conduct, Human Resource Policy, Workspace & Equipment Policy. When you have these adopted, attach them also to this section under the Procedure/Info.

General 

Field Name 

Value 

Remarks/Example 

Team Member Name 

 

Add name (first and family name) 

Marie Curie 

Status 

Options are Active or Not Active. 

 

Under contract Y/N 

Job Title 

Indicate job title in a free text format. 

 

CTO, Developer, Operations. In the module Jobs and Descriptions you can find an overview of jobs.  

Gender 

Select gender from radio buttons, options are Female or Male. 

 

 

Profile 

Select from a drop-down menu, options are Employee, Individual Contract or Other   

See definition of Team members, stick to that. If you choose Other, add a special field.  

Team 

Specify team in a free text format. 

 

If you are not yet organized in teams, create 2 teams : business and tech team. Everyone who is not a developer, will be part of business team. It is the start of your organizational development. 

Mentor/Team Lead 

Indicate mentor or team lead in a free text format.  

Your first ISMS team members (business and tech) should take a mentor role. 

In case of founder/C-Level team members, assign mentor between founders/C-Level, just to be complete and assign mentors to everyone. 

 

Office key/card/code 

 

Indicate used office access tool in a free text format. 

If you are not responsible for security of your office, you do not have to address this. 

ISMS Team Member 

Indicate if a member is part of ISMS team using radio buttons, options are Yes or No. 

 

Assign at least 2 ISMS Team Members, 1 representing business and 1 representing technology. 

ISMS Role 

Define ISM role in a free text format. 

 

Make sure that at least someone is the Data Protection Officer (DPO) and someone is the Security Officer (SO). In module Roles & Competences you can find more information.  

 

 

Contact 

Field Name 

Value 

 

Phone Number  

Include phone number in a free text format. 

 

Please make sure that you check if access to this information is restricted. As this kind of HR information is classified as restricted. And should only be available for authorized team members.  

Private Email 

Include private email in a free text format. 

 

Address 

Include address in a free text format. 

 

Emergency Contact 

Include emergency contact details in a free text format. 

 

 

Contract Info 

 

Field Name 

Value 

Remarks/Example 

Type of Contract 

 

Specify type of contract from a drop-down menu, options are: 

  • Temporary.  
  • Indefinitely. 
  • Freelancer. 
  • Management. 
  • Other. 

 

Choose the type of contract applicable for the Team member. If making use of Other: 
 

  • add a dynamic field [choose text field]  
  • name the field “other type of contract” 
  • add the name of the type of contract  
     

Starting Date 

 

Select date using an embedded calendar. 

 

End Date 

 

Select date using an embedded calendar. 

 

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.