Security Management Program (or “ISMS”)

Your Security Management Program is the set of information security documents and activities that you manage through Compliance OS.

Your Security Management Program might also be referred to as your ISMS, which stands for Information Security Management System.

Revisions

Whenever you make a change to your Program in Gridiron Compliance OS, a new Revision will be created.

Revisions represent a specific point in time in your ISMS. You can only make changes from the current Revision (thus forming a linear history of changes to your ISMS).

You can review the history of Revisions for your Program under the History tab in the Gridiron Compliance OS user interface, and visualizes changes across those Revisions.

Revisions can be exported, and they’ll be visibly labelled as drafts. See PDF Exports for more information.

Approvals

In general, as an administrator, you will frequently create new Revisions, and will mostly interact with your latest Revision.

In particular, during the initial set up phase of your ISMS (i.e. while you’re still making substantial changes to your ISMS and implementing new Procedures throughout your organization), working from your current Revision will be the easiest way to leverage Compliance OS.

That said, once your ISMS starts to stabilize (and especially if you’re planning to undergo an audit!), you should take the time to tag specific revisions of your ISMS as approved versions.

Approved versions are a pointer to a specific revision, but they’re completely frozen (i.e. you can’t edit them), with the exception of Procedure Statuses, which you can still modify for an approved version as you make operational changes throughout your organization.

We recommend using approved versions to model the current and effective version of your Compliance Program, which members of your Organization are expected to follow.

To make changes to your ISMS more approachable to those members, Gridiron Compliance OS lets users visualize a list of changes from one approved version to the next.

Approvals can also be exported. Unlike revisions, they will not be labelled as drafts. See PDF Exports for more information.

Tip

The onboarding steps in the app will prompt you to approve your ISMS when appropriate.