The first part of establishing the great backbone of your ISO 27001 project is to properly manage users who are part of your company and will be actively participating in the project. Here is where the User Management steps in. This feature of Conformio will offer you low-level editing options to properly set up your ISO 27001 project and ensure that all the required positions are properly created and used.
Conformio is now updated with streamlined user management. Now all user settings can be managed in one place, the platform allows you to have multiple Project Managers which allows multiple users to access everything on the platform, there are simpler role-based access permissions, and job titles are now managed directly in the user management.
Accessing User Management
To access the User Management console, follow these steps:
- Log into Conformio;
- Click on the Company Settings menu to expand it;
- Click the User Management.
Here, as the Project Manager of the Conformio account, you can:
- Add new users using the Invite User button;
- Send or re-send invitations to newly added users;
- Define user roles in Conformio – namely, appoint the role of the Conformio Member, Project Manager, Biller, or Auditor;
- Add a job title to each user (except the users holding Biller or Auditor roles).
There is an option to have multiple users with Project Manager credentials, which gives access to every part of Conformio.
When clicking on User Management, you will be redirected to the main screen. Here you have two menus that can be accessed by clicking either on the Users or Departments tabs.
The default view of the page is the view of the Users. Here you can see the name, email, Conformio Role, job title, and status of every active or invited user in Conformio.
Below, you can find more information about specific Conformio Roles and what limits they have when within the Conformio account. Each user can only hold one specific role.
- Project Manager can access all pages, make changes everywhere, and is the default owner of documents and registers. This role should be assigned to the user actively involved in the project, as they might be needed regularly. Since there are multiple Project Managers available, it can also be assigned to the decision maker in the company, a person in the management who decides on the high-level company objectives related to the project and needs to review where the implementation is towards the end. The Project Manager monitors that all activities in the project are performed within defined deadlines;
- Member – the user holding this role has the lowest possible access on the platform. If they are assigned a step, they only have access to that step. They can see their responsibilities and tasks in the My Work section. They can read the policies in the Document Explorer. Tasks are delegated to them by the project manager;
- Biller can access only the Subscription page. The user holding this role should oversee the subscription and make sure everything is up-to-date. If the Project Manager is also the one who oversees this, the biller is not needed;
- Auditor can access only the Audit & Evidence dashboard, all approved documents, and uploaded evidence, can’t make any changes. This role is intended for the users who are reviewing documents and evidence in Conformio for audits.
One specific role that also exists in the company is the role of the Resource Approver. This role will by default be assigned to the first Project Manager.
You can, however, reassign this role to another user in your account (except users holding the role of Biller and Auditor). To reassign this role, simply click on the user to edit it, and click the Assign button.
Throughout the User Management, there is help available. Most of the information can be found via the small icons next to specific parts of User Management which result in a pop-up with more information about the specific requirements, etc.
If you select Departments, another screen will open which will allow you to see which departments are in your company.
By default, there are no departments in the company, but you can add your own by clicking on the Add Department button.
Adding Users
To add users in Conformio, you have to have the role of Project Manager and click on the Invite User button.
If you are a Project Manager, follow these steps to add new users:
- Go to User Management under the Company settings menu;
- Click the Invite User button;
- Input the required information into the sidebar opened;
- Click the Invite User button.
After clicking the Invite User button, the invited user will receive an invitation email to their email account with a link. The invited user will be redirected to Conformio to finish their account registration by accessing the link in the email.
Keep in mind that every invited user will have to complete the registration process by creating their password using the link from the invitation email.
Adding Job Titles
We suggest that Job titles are added to each user that is actively participating in the project. Job titles are used in documents and tasks created in Conformio. You can assign no job titles, one job title, or multiple job titles to a single user.
-
To review your current job titles, open the new User Management page – job titles are displayed next to each user;
-
You can assign new, transfer existing, or even remove any job title by opening a user in the side panel;
-
Your existing documents in Conformio are not affected by this change, and you will have to manually change each document that will need to be changed if the job title of the user changes, but his responsibilities do not.
To add or transfer a job title, follow these steps:
- Go to User Management under the Company settings menu;
- Click the arrowhead button in line with the user you wish to edit;
- Click on either the Add or Transfer button in the user edit mode;
- Write the job title in the input field;
- Click the Save button.
Changing User Roles
To change the Conformio roles for users, you have to have the role of Project Manager.
Here are the steps to change user roles:
- Go to Company Settings and select User Management;
- Click the arrowhead button in line with the user you wish to edit;
- Click the Edit button and change the Conformio role of the user;
- Click the Submit button.
Adding Departments
Conformio allows you to create Departments as part of additional user management and separation of concerns. Departments are only used in the Risk Register and are not mandatory.
To add departments, follow the steps:
- Go to the Departments tab in User Management;
- Click on the Add Department button, write the name of the department, and select the department head using the dropdown menu;
- Click the Submit button.
Removing Users
If the specific user is not part of your company or your project anymore, you can Remove that user.
Here are the steps to deactivate the user:
- Go to Company Settings and select User Management;
- Click the arrow button in line with the user you wish to edit;
- Click the Remove User button.
Before removing the user, you will have to select an existing user to take over their tasks and responsibilities and then click Remove.
Deleting Users
At the moment, complete user deletion is not possible from the user side. If you need to delete a user or reinvite a removed user, contact Conformio Technical Support.
Frequently Asked Questions:
1. I was Admin/Sponsor/User before the update, what will my role be after the updated User Management?
Admin roles are changed to “Project Manager” roles. The Sponsor role will be changed to Conformio Member role. The Conformio User will be changed to Conformio Member role.
2. How can I delete the user that is removed because I cannot invite them back?
If the user needs to be invited again after the user was removed – you will need to contact Conformio Technical Support.
3. Can I only buy extra user spaces instead of purchasing a higher subscription tier?
Unfortunately, this is not possible. To increase user spaces, you will have to purchase a higher subscription tier. There are many more perks included in higher tiers so it might be better for your company either way. More information here.