Setup & Scale Your Operations
Without our Startup Experience we never would have been able to develop Compleye Online – the Startup Community is a true inspiration for us. To return the favor we have developed 4 basic sections in Compleye Online that will support operational jobs for Startups from the early start.
It is free to use and it works both ways
- You as a startup do not have to use spreadsheets for your operational basics and stay in control of your people, hardware assets, software access, and suppliers.
- And while you are using Compleye Online, you are already working on your compliance – be in control and identify risks for security, privacy, and quality processes as well.
And when you become successful and scale/grow your business, you will replace functionalities or entire sections with other tooling to support you even better. Once you have other tooling in place, you still will need to perform some regular ‘checks’ – eg if everything is still up to date. So you will need to add/change some compliance activities when that time comes.
- Startups don’t have money for fancy tools – so they start with spreadsheet overviews to keep control of operational information.
- Is that a problem? In the beginning … no. However, the overviews are not connected to each other (like people x assets) and maintenance will quickly fail. Another problem is that not all suppliers are listed (like Free SW Tooling), and classified with a risk profile.
- That’s why we offer the free Startupper package; register and maintain key operational information that is important for security & privacy.
- For how long is this needed? That depends on when and how you will scale your business. At a certain point in your entrepreneurial journey, you’ll be in need of professional HR and Asset tooling. Congrats, if you reach that point, it means that you are successful and in the meantime, we hope you are happy with the support of Compleye Online. (PS we strongly advise to keep your Suppliers in Compleye Online – with our build in supplier assessment)
- How do I transfer my data from Compleye Online to my tools? We have a download data functionality in the 4 sections of Step 1, in this way you can easily download your data and upload it into your new tooling.
- When you scale your team and assign an HR person to your team, you might want to make use of an HRM Tool (like BambooHR, HiBob or Alexis).
In that case, you can stop making use of all the fields in this section and just list the people that are involved in compliance with their specific role in the (ISMS) Team (Compliance Officer, Security Officer, C-level involved, DevOps etc .). Everyone who will be assigned to tasks, improvement and/or OPCs needs to be listed.
Make sure that the following information is filled in for all team members left in this section:
- Person name
- Job Title
- ISMS team member (Yes)
- ISMS Role
- Enable Reminder Notifications
- email (to receive notifications)
Make agreements with the HR person about what the ISMS tasks are for HR and how you want to control that in Compleye Online (think of: HR policies/procedures, checklist IN/OUT, security awareness training etc.) You can assign OPCs and assign owners – make sure that these people stay listed in the section.
The HR person responsible will be invited during external audit to provide evidence of the jobs needed for ISMS.
- When you scale your business you might outsource the hardware assets or assign a dedicated person for online office environment security. That person might use other tools for registration. Make sure you list this person in the ‘@people’ section.
- That person will need to work closely with HR – organizing new assets or cleaning up used assets during the on- and off-boarding of team members.
- Organize with this person what ISMS tasks are assigned and how you want to control that in Compleye Online. You can assign OPCs with owners to stay in control.
- The person responsible will be invited to provide evidence of the jobs needed for ISMS during external audit .
- Access Management is a daunting topic with a lot of different tooling to be controlled, for internal and external use. And it needs to be connected with your Access Management Policy.
- During on and off boarding of new team members this is an important overview and sometimes you forget to keep the list updated when you give a team member temporary access to take over jobs, or during holidays.
- When you are scaling, the maintenance of the SW Tooling will be more decentralized as each tooling has its specific owner and users. Not all tools are high risks and contain confidential or restricted information. However, it is needed to control access for all tooling.
- You can keep on using ‘Access Management ’ section when scaling for complete overview and just +Add new field in this section with a title, so all information stays in 1 place.
- It’s up to you how you want to organise Access Management and if this section still fulfills the requirements you need. If you decide not to use this section, make sure you have OPCs assigned for tool owners (or 1 person in charge of all the tooling) so that you’re prepared for external audit. The person(s) in charge or the tooling admin can be on the external audit list.
- Supplier Management is an important topic for ISO 27001 and security and privacy in general. When scaling your business, a CFO will be assigned that will have an overview of all suppliers in financial administration, at least for the paid services and subscriptions.
- The CFO will become the owner of the Business Continuity Plan – and will need information from supplier assessments.
- We strongly advise keeping the suppliers in this section up to date from a security, quality and ISO 27001 perspective. You’ll need to perform annual supplier assessments, and changes in your ISMS might have an effect on suppliers. Suppliers is a section that will be interconnected to X-ray components in the future – to support impact decisions.
- Make sure that in the assigned OPC for BCP – you will work closely with the CFO. The existing template for BCP will be replaced by a more financially-driven approach by the CFO. Make sure evidence is stored and improvements are assigned on a yearly basis and that the topic security is an important part of that BCP.