Filestream and ISO27001
File Stream and ISO27001
Filestream Ltd has recently become ISO27001 accredited, a process which involved a complete overhaul of our systems and policies. It was a very large piece of work for us, because despite having many good practices in place, we did not have many of them documented and formalised.
Quite soon after initiating the ISO27001 project, it became apparent how incredibly helpful our File Stream Document Management Software was to meet the controls of the Standard and achieve the accreditation.
In this blog, I want to highlight some of the many ways that File Stream aids, simplifies and automates parts of our IS027001 Information Management System.
Filing Documentation/Paperless Office
Perhaps an obvious one, but already having all our documentation (confidential and otherwise) securely stored and encrypted within File Stream was a great starting point. We operate a paperless office which also negates the need for extra controls on physical paper documents.
All documentation, some of which is required as evidence at audits, is easily searchable and distributable.
Providing the structure for our Information Management System
We have a designated ISO27001 cabinet in File Stream, which provides a structure (based on the ISO27001 Standard) and forms a base for our Information Management System. All our policies, procedures and working documentation is organised and easily accessible in one place.
Documentation – Version Control
One of the requirements of the ISO27001 standard is version control on all the policy documentation. Filestream does this automatically for every document in the system, meaning any updates do not have to be manually documented. This saves time and is more accurate than a manual version control system.
Documentation – Audit History
Another excellent security feature within File Stream is that a full audit history is available for every document in the system. You can see when a document was edited, approved, communicated etc, and by who. You can also view all previous versions of the documentation.
This is useful from both a document security and version control perspective.
Documentation – Access Control
A whole Section of ISO27001 is dedicated to Access Control. All documentation filed in File stream (confidential and otherwise) is subject to full Access Control. Rules are set up depicting exactly who has access to a document, and they type of access they have.
This feature is fundamental when it comes to protecting our confidential information. By using File Stream our document security was already very well controlled, and so we were already ticking a lot of the boxes of the ISO27001 standard.
Document Approval and Review Dates
Policies and procedures within the Information Management System all have to have assigned owners. File Stream document approval allows a document owner to electronically approve a document within the system.
Another stipulation of the standard is that all documentation needs to be continually reviewed. All the documentation within our ISO27001 system has review dates set at the point the document is indexed. This makes it easy to perform a monthly or quarterly search of all the documents which are due to be reviewed.
Workflows have been set up in the system to formalise processes for new starters, leavers, access change requests and backup checks. They provide real prompts to the appropriate people, based on the different stages outlined in our policies and procedures.
This is just a brief look at the way File Stream has helped us implement an effective ISO27001 Information Management System. Please feel free to contact us for more information.
Need more information? Speak to one of our experts.