People@

ISO 27001 requires that you have an ISMS team for set up, implementation and maintenance. You must also have an overview of all team members so security and privacy can be created around people and processes.  Here are some requirements to start with:    

 

  • Assign specific ISMS roles to people so that you know who will be part of the ISMS team.  
  • Assign ISMS roles from your team. We advise that you start by assigning a minimum of 2 team members responsible for your ISMS.  Always ensure that there is knowledge of technology and business within your ISMS.  
  • Assign the minimum mandatory security roles to the ISMS team members – Security Officer (SO), Privacy Officer (PO) and Compliance officer (CO).  At least one C-Level person must be assigned to your ISMS Team. 
  • It’s practical to assign a Compliance Officer (CO) to take on the role of Privacy Officer (PO) as well as the responsibility of set up, implementation and maintenance of the ISMS.  
  • In the section ‘Roles and Responsibilities’, we’ll explain more about the specific roles.  As your ISMS matures, more team members can be assigned to specific roles or activities.  
  • If you have an office, you’re responsible for the physical security of your office. You can address this by keeping track of who’ll have access to the office (by key/card/code). If the security is outsourced  (e.g., you make use of co-working spaces), you need to check if it’s part of your contract.  
  • If you hire people, ISO 27001 expects that you’re in control of the number of team members, their job titles and who will lead/mentor each person.  
  • Youll need to be in control of your labour contracts. If you’re in the scaling phase, its handy to have expiry dates etc. in one place.  
  • From a Compleye Online perspective, the People@ section should be the first section that you address.  As this is linked to multiple other fields in other sections and to make use of all features, you will need to fill in all your team members’ names, statuses (active/non-active) and job titles. 

TIP: Team members are your employees, or individuals that have a contract with your company. That could be anyone from a shareholder with a management contract to a freelancer (if they’re working more time for you than anyone else). Don’t forget that when an individual is tied to a company and delivers people as services, you will need to profile them as suppliers and not team members.] 

Let’s look at the different fields: 

  • Name 
    Add First name and Surname. 
  • Status 
    Default is ‘Active’. when a team member leaves, you can change the status to ‘Not Active’. As a default, only active team members will be shown in the overview. 
  • Job Title 
    Add team member’s job title.  
     

    We have designed this section so that it can be used as a first HR tool for small companies with no HR tool in place. Please check the authorization level of users when you add personal information to this section.  

     
    We have divided the input into 3 sections:  

    1. General – Organisational information  
    2. Contact Personal Information 
    3. Contract Contract Expiry dates  

    General 

    • Gender: choose male/female 
       
    • Profile: this is where you can choose if a person is an employee or works on an individual contract. If people are contracted as a supplier, choose ‘other’.  
    • Team: you can add different teams, depending on your organisation. This can help e.g., if you want to make selections in the overview on a specific team.  
       
    • Mentor/Team Lead: you can add the mentor or team lead. This is important for some auditors, so make sure you assign it a name.  
       
    • Office key/card/code: If you have an office space, you’ll need to prove that you’re in control of access to the office, so make sure you’ve documented who has a key to gain access. 
       
    • ISMS team member: if team members are part of the ISMS Team, check this box. 
       
    • ISMS role:  write down the specific ISMS role – or describe what their function/role is. 
    • Enable reminder notifications: only for team members that are regular users of the platform and who have access to the sections ‘Controls’, ‘Improvements’ and ‘Calls-to-Action’. Reminder mails can be sent if a team member is assigned as an owner with a deadline.   

    Upload Documents 
    Additional documents can be uploaded if you want to use this section as your HR organisation. Please first check who will have access to the section with respect to confidential information.  

    +Add new fields 
    You can add more fields to control HR/ISMS issues (e.g., Criminal Record Check) and customise this section. 

    Contact 
    It might be handy to have your team members’ contact details in 1 place.  
    Please note that the email address in this tab is reserved for notification mails and can’t be used for private email addresses. If you want to document private email addresses, make use of the +add new field functionality in this tab.

    Contract 
    If you want to keep track of expiry dates of contracts, this is the place.   

    General 

    Field Name 

    Value 

    Remarks/Example 

    Team Member Name 

     

    Add name (first and family name) 

    Marie Curie 

    Status 

    Options are Active or Not Active. 

     

    Under contract Y/N 

    Job Title 

    Indicate job title in a free text format. 

     

    CTO, Developer, Operations. In the module Jobs and Descriptions you can find an overview of jobs.  

    Gender 

    Select gender from radio buttons, options are Female or Male. 

     

     

    Profile 

    Select from a drop-down menu, options are Employee, Individual Contract or Other   

    See definition of Team members, stick to that. If you choose Other, add a special field.  

    Team 

    Specify team in a free text format. 

     

    If you are not yet organized in teams, create 2 teams : business and tech team. Everyone who is not a developer, will be part of business team. It is the start of your organizational development. 

    Mentor/Team Lead 

    Indicate mentor or team lead in a free text format.  

    Your first ISMS team members (business and tech) should take a mentor role. 

    In case of founder/C-Level team members, assign mentor between founders/C-Level, just to be complete and assign mentors to everyone. 

     

    Office key/card/code 

     

    Indicate used office access tool in a free text format. 

    If you are not responsible for security of your office, you do not have to address this. 

    ISMS Team Member 

    Indicate if a member is part of ISMS team using radio buttons, options are Yes or No. 

     

    Assign at least 2 ISMS Team Members, 1 representing business and 1 representing technology. 

    ISMS Role 

    Define ISM role in a free text format. 

     

    Make sure that at least someone is the Data Protection Officer (DPO) and someone is the Security Officer (SO). In module Roles & Competences you can find more information.  

     

     

    Contact 

    Field Name 

    Value 

     

    Phone Number  

    Include phone number in a free text format. 

     

    Please make sure that you check if access to this information is restricted. As this kind of HR information is classified as restricted. And should only be available for authorized team members.  

    Private Email 

    Include private email in a free text format. 

     

    Address 

    Include address in a free text format. 

     

    Emergency Contact 

    Include emergency contact details in a free text format. 

     

     

    Contract Info 

     

    Field Name 

    Value 

    Remarks/Example 

    Type of Contract 

     

    Specify type of contract from a drop-down menu, options are: 

    • Temporary.  
    • Indefinitely. 
    • Freelancer. 
    • Management. 
    • Other. 

     

    Choose the type of contract applicable for the Team member. If making use of Other: 
     

    • add a dynamic field [choose text field]  
    • name the field “other type of contract” 
    • add the name of the type of contract  
       

    Starting Date 

     

    Select date using an embedded calendar. 

     

    End Date 

     

    Select date using an embedded calendar. 

     

    Was this article helpful?
    0 out of 5 stars
    5 Stars 0%
    4 Stars 0%
    3 Stars 0%
    2 Stars 0%
    1 Stars 0%
    How can we improve this article?
    Please submit the reason for your vote so that we can improve the article.