- Kelly Law
Using Lucidity software to implement ISO 27001
Who we are and what we do
Lucidity is an Australian owned and developed suite of software tools designed to help companies
achieve effective, streamlined business processes. That’s who we are, so considering our business
profile what better tools to implement ISO 27001 than our own software.
Given our business is the provision of SaaS as a service, our products are cloud based and our client
profile includes government and other data sensitive organisations, we identified the need to
undertake ISO 27001 certification as part of our governance and risk management plan.
Over a period of 6 months we reviewed each clause of the standard and the supporting annexes
against:
the way we work at Lucidity,
client needs and expectations,
applicable laws and regulations, and
our business needs.
Having identified our strengths and areas for improvement, we aligned our software modules to meet both our needs and that of ISO 27001 to create a paperless, traceable, data secure and very, very simple systems or work. This is now how we all work at Lucidity Software regardless whether it’s for information security, business development or general governance.
Let's take a look at the suite of Lucidity modules and how they work to deliver ISO 27001 certification .

For those readers intending to implement this standard, the following ISO 27001/2 references reflect
how Lucidity works when implementing and then ongoing management of this rigorous standard.
ACCESS & INTRANET MODULES
Clause 4. Context of the organisation
Annex A.5 Information Security policies
Clause 5 Leadership
Annex A.6 Organisation of information security
Annex A.9 Access control
Annex A.10 Cryptography
Annex A.11 Physical and Environment Security
RISK MODULE
Clause 6. Planning
Clause 8. Operations
Annex A.14 System acquisition, development and
maintenance
Annex A.18 Compliance
HUMAN RESOURCES MODULES
Clause 7. Support
Annex A.7 Human resource security
COMPETENCY & INDUCTION MODULES
Clause 7. Support & Annex A.7 Human resource security
ASSET MODULE
Annex A.8 Asset management
INFORM MODULE
Clause 8. Operations & Annex A.12 Operations Security
Annex A.13 Communications Security
INCIDENT MODULE
Clause 9. Performance evaluation
Clause 10. Improvement
Annex A.16 Information security incident management
Annex A.17 Information security aspects of business
continuity management
CONTRACTOR MODULE
Annex A.15 Supplier relationships
AND IN MORE DETAIL, SOME SNAPSHOTS FROM OUR LIVE SYSTEM.
ACCESS & INTRANET MODULES
Access and intranet modules include access controls, documented systems and the working environment. It’s the go to place for all personnel within the organisation.

INCIDENT MODULE
This module includes incidents, non-conformances, tests, audits/inspections, action management and dashboard reporting. A series of tabs provide additional actions, scheduling, minutes and general non-conformances. The extensive dashboard reporting of this and other modules provides the necessary analytics for monitoring purposes.

INFORM MODULE
Electronic forms and dashboard reporting. This module creates the paperless system that has become the way we work at Lucidity.

COMPETENCY & INDUCTION MODULES
Planned and scheduled training and history of employment lifecycle. Awareness and competency, observational assessments.
