TwelveSec Builds Compliant ISMS and QMS with Confluence and Comala Publishing
Posted May 13, 2021 in Case Studies
CATEGORIESCanvas Jira Canvas OnDemand Case Studies Comala Agile Ranking Comala Boards Comala Document Approval Comala Document Control Comala Document Management Comala Lists Comala Metadata Comala Publishing Comala Read Confirmations Comala Workflows Comalatech Comalatech Events HR Knowledge Base MediCompli PEPR
TwelveSec is a cybersecurity company focusing on security assurance, security management and security training services. To provide their remote team with an information management system and a quality management system while meeting ISO 9001 and 27001 standards, they use Confluence and Comala Publishing.
Building a Remote Documentation System
TwelveSec was founded in 2012 by a small team of cybersecurity enthusiasts, and in a small period of time has managed to grow into one of the major cybersecurity firms in Greece. TwelveSec specializes in penetration testing, Red Teaming and Secure SDLC services. Their Integrated Management System (IMS) is certified with ISO 27001 and ISO 9001, while they have Facilities Security Clearance issued by the Greek National Security Authority to handle Classified Information.
To support their remote team, TwelveSec chose Confluence, Atlassian’s remote team workspace, as the ‘library’ for their documentation. All team members use their Confluence instance, which is organized with an IMS space and a Knowledge Base space. The IMS space contains the company’s compliance documentation, while the Knowledge Base contains specific methodologies. Both these spaces are divided into a “published” space, including approved policies, procedures and methodologies, and a draft space with non-approved versions and material. In this way, all Confluence articles are accessible and easy to use, while at the same time drafts are kept separate from the “published” versions.
“With this set up, we have all the information we need in one place, keeping our management system integrated and ensuring all employees can easily access the latest version of a policy or a process,” says Phil Kaloheretis, TwelveSec’s Finance and Administration Officer.
The system has also proved useful for on-boarding. Instead of providing to new employees a folder with numerous policies and procedures in it, TwelveSec presents to new hires a Confluence space containing all the necessary documents indexed and linked. This procedure helps new employees to get acquainted with the company’s QMS, ISMS and methodologies thus making on-boarding significantly more efficient.
Publishing Content and Demonstrating Compliance
As they developed their document library, TwelveSec saw a need to have a draft space where documents can be written, edited and reviewed while in progress, and a published space where team members can read only the finalized and approved versions. To accomplish this, they chose Comala Publishing, an app that allows users to copy content from one Confluence space to another, making it easy to keep draft and published documents separate.
“In our IMS, we needed to have transparency and accountability,” explains Phil. “You need to know that the right person approved the final version. This is why we chose Comala Publishing.” Documents are prepared by a person or a team in the draft space and then published to the “published” space where the team can view the finalized, approved versions. Comala Publishing publishes single pages or multiple documents at once, with the press of a button.
Having all resources in one place, also makes it much easier for TwelveSec to run internal audits and show compliance to external auditors. In particular, Comala Publishing makes it much easier to evidence to auditors which version of a document is final, and if or when the version was approved by the authorized person.
“With Comala Publishing we can show that the final version was approved by the owner of the document on a specific date,” says Ioanna Dima, an Information Security Consultant at TwelveSec. “This was the critical factor we chose Comala Publishing for.”
For every IT company and especially for a cybersecurity company, having a single, up-to-date place to store procedures, policies and methodologies is essential for building an effective documentation system while maintaining compliance. “Comala Publishing helped us transform our spaces in Confluence for IMS documentation,” says Phil. “It helped our personnel to more easily read and search documents. Although it’s a small piece of software, it was critical for the overall integrity and availability of our system.”