Using Lucidity software to implement ISO 27001

Who we are and what we do

Lucidity is an Australian owned and developed suite of software tools designed to help companies

achieve effective, streamlined business processes. That’s who we are, so considering our business

profile what better tools to implement ISO 27001 than our own software.

Given our business is the provision of SaaS as a service, our products are cloud based and our client

profile includes government and other data sensitive organisations, we identified the need to

undertake ISO 27001 certification as part of our governance and risk management plan.

Over a period of 6 months we reviewed each clause of the standard and the supporting annexes

against:

• the way we work at Lucidity,

• client needs and expectations,

• applicable laws and regulations, and

• our business needs.

Having identified our strengths and areas for improvement, we aligned our software modules to meet both our needs and that of ISO 27001 to create a paperless, traceable, data secure and very, very simple systems or work. This is now how we all work at Lucidity Software regardless whether it’s for information security, business development or general governance.

Let's take a look at the suite of Lucidity modules and how they work to deliver ISO 27001 certification .

For those readers intending to implement this standard, the following ISO 27001/2 references reflect

how Lucidity works when implementing and then ongoing management of this rigorous standard.

ACCESS & INTRANET MODULES

• Clause 4. Context of the organisation

• Annex A.5 Information Security policies

• Clause 5 Leadership

• Annex A.6 Organisation of information security

• Annex A.9 Access control

• Annex A.10 Cryptography

• Annex A.11 Physical and Environment Security

RISK MODULE

• Clause 6. Planning

• Clause 8. Operations

• Annex A.14 System acquisition, development and

• maintenance

• Annex A.18 Compliance

HUMAN RESOURCES MODULES

• Clause 7. Support

• Annex A.7 Human resource security

COMPETENCY & INDUCTION MODULES

• Clause 7. Support & Annex A.7 Human resource security

ASSET MODULE

• Annex A.8 Asset management

INFORM MODULE

• Clause 8. Operations & Annex A.12 Operations Security

• Annex A.13 Communications Security

INCIDENT MODULE

• Clause 9. Performance evaluation

• Clause 10. Improvement

• Annex A.16 Information security incident management

• Annex A.17 Information security aspects of business

• continuity management

CONTRACTOR MODULE

• Annex A.15 Supplier relationships

AND IN MORE DETAIL, SOME SNAPSHOTS FROM OUR LIVE SYSTEM.

ACCESS & INTRANET MODULES

Access and intranet modules include access controls, documented systems and the working environment. It’s the go to place for all personnel within the organisation.

INCIDENT MODULE

This module includes incidents, non-conformances, tests, audits/inspections, action management and dashboard reporting. A series of tabs provide additional actions, scheduling, minutes and general non-conformances. The extensive dashboard reporting of this and other modules provides the necessary analytics for monitoring purposes.

INFORM MODULE

Electronic forms and dashboard reporting. This module creates the paperless system that has become the way we work at Lucidity.

COMPETENCY & INDUCTION MODULES

Planned and scheduled training and history of employment lifecycle. Awareness and competency, observational assessments.