Even when at Secfix we are doing our best to automate everything we can, besides automated checks, to become compliant with ISO 27001, your auditors will ask you to submit some fresh manually generated evidence (screenshots, files, etc.)
Example: Documents related to Product, HR, Sales, and Marketing, etc.
In early 2022 you might remember gathering the data, uploading it to your Google Drive and adding URLs to your Manual Evidence Upload Tasks Google Sheet.
What will change
On the Task Page under Documents (old: Manual Tasks), you will be able to upload the documents that are required as proof of your ISO 27001 implementation in order to pass the audit. The requests to upload the manual evidence as proof might come from Secfix or your auditor directly. You can consider these tasks as requests for proof.
To complete a request, click "Add" on the respective row, or click don't the row to display additional details about the request. You can add as many documents or links as needed to each of the requests.
Time-sensitivity
  • Document requests with a time-sensitivity of "any time" can be completed at any time after you've started.
  • Documents marked with "during observation window" should only be added once you've entered the observation window to ensure you won't need to re-generate them again, e.g. during the audit
Marking documents (manual tasks) as "not relevant"
Some of the requested documents may not apply to your specific company or tech stack. If that is the case, you can mark the request as "not relevant" and explain the reason.
Big Benefit - ISO 27001 Report
Once you have all the evidence uploaded on the platform, Secfix will be able to generate a full and updated ISO 27001 Report that you can use during your stage 1 and stage 2 audits. (see screenshot, ignore the wording, it's a dummy)
Loom Video