Our five-step onboarding process is offered at each customer’s pace. So whether you want to get started as quickly as possible or take your time getting to know the ins and outs of the Hicomply platform, we’ll tailor the process to you.
Whether you prefer face to face sessions with a human, digital learning content, or a mix of both, our customer onboarding and support is available via your channel of choice - whenever you need it.
We know that getting to grips with a new platform can come with challenges. When you work with Hicomply, face-to-face onboarding is led by your dedicated Customer Success Manager (CSM). This means that from your kick-off call through onboarding, training, and working to achieve, maintain and mature your desired infosec standards, your CSM is available to guide you.
The onboarding sessions are also designed to help begin implementation. By the time these sessions are complete, you’ll have completed several initial tasks to kickstart your journey to certification.
What are the five steps of onboarding?
- Policies and procedures
- Document management
- Statement of Applicability/Controls list
- Audit feature
- Evidence collection
- Compliance as you work
Session one: Launch and strategy
Your first call with your CSM will cover the process and structure of your project implementation, as well as considerations for your target timeline to audit.
In this session, your CSM will show you around the platform, including the dashboard, project progress view, scope and assets, and demonstrate how to complete tasks like adding users. Because you’re working on your live project, this session can also be used to populate documents such as your scope statement, office information, legal and regulatory acts and more.
At the end of session one, you’ll be ready to import any existing policies, procedures and records into your Hicomply library, and import your primary assets into your asset inventory in preparation for your next session.
Session two: Risk assessment and task management
In your second session, your CSM will guide you through the risk assessment process using the primary assets you’ve identified.
They’ll show you how to:
- Create a risk assessment
- Mark it as ‘in progress’
- Give it an owner and a due date
- Choose a methodology
- Select assets to include in the risk assessment.
The session covers the process of assessing a specific risk, including identifying the threat and vulnerability, determining the initial risk score, and considering potential impacts on commercial information.
Once you’re comfortable with the risk assessment process, your CSM will explain the task management engine within the Hicomply platform. You’ll see how to create and manage tasks on the platform, including creating tasks within tasks as evidence of completed work.
Session three: Policies, procedures and documents
The third onboarding session will include more information about policies, policies, procedures and documentation in the platform. You’ll be guided on how to use Hicomply’s pre-populated templates, and learn how the platform links relevant documentation and information security controls.
There are five steps involved in using Hicomply templates for your policies:
- Submitting for approval
- Disseminating for required reading.
Your CSM will also show you how to record evidence in the records section of the platform, and demonstrate the mail merge feature which can automate evidence on your behalf.
Session four: Internal audit and SoA/controls
In your fourth onboarding session, your CSM will run through the internal audit process with you. If you’re working towards ISO 27001:2022 or ISO 27001:2013, they’ll discuss your statement of applicability (or SoA), or your controls list for any other standards.
For your internal audit, you can create an audit and select which controls to cover. You can also give it a title, state the auditor and due date. The platform provides guidance on every control. If you have policies that haven’t been published, you can create findings and assign them to the owner, whether the finding is evidence, non-conformity or improvement.
You can also filter tasks by type and see what needs to be rectified before going for your external audit. Once everything is completed, the findings will all be in one place, and you can rectify anything that needs to be addressed.
If relevant, your CSM will then guide you through your SoA or controls list. Within an SoA you’ll need to provide justifications for any controls you have chosen not to address – usually this is because they aren’t relevant to your organisation.
Session five: Compliance as you work
In your final onboarding session, your CSM will demonstrate how to use integrations to connect with your task management, ticketing, single sign-on and other tools.
After syncing your chosen integrations, you can build automations to manipulate what is being accepted into the platform as evidence, saving you time and effort. Your CSM will also show you how to set up the Hicomply Mailbox feature, which is an additional way to collect evidence and allows you to email evidence to be collected directly in the platform.
Automations can be set up to:
- Assign tasks
- Transfer information
- Log actions
- Update policies
For many of our clients, onboarding is a process that takes only an hour a week over the span of around a month, and sets them up for long-term success with the Hicomply platform.
Our customer success managers are subject matter experts and are skilled at demonstrating different tasks, tools and processes to help you get the most out of Hicomply, so you can achieve and maintain your information security certifications as easily as possible.
Ready to make information security simple? Book your demo.