Security Management Program (or “ISMS”)

Your Security Management Program is the set of information security documents and activities that you manage through Aptible Comply.

Your Security Management Program might also be referred to as your ISMS, which stands for Information Security Management System.


Whenever you make a change to your Program in Aptible Comply, a new Revision will be created.

Revisions represent a specific point in time in your ISMS. You can only make changes from the current Revision (thus forming a linear history of changes to your ISMS).

You can review the history of Revisions for your Program under the History tab in the Aptible Comply user interface, and visualizes changes across those Revisions.

Revisions can be exported, and they’ll be visibly labelled as drafts. See PDF Exports for more information.


In general, as an administrator, you will frequently create new Revisions, and will mostly interact with your latest Revision.

In particular, during the initial set up phase of your ISMS (i.e. while you’re still making substantial changes to your ISMS and implementing new Procedures throughout your organization), working from your current Revision will be the easiest way to leverage Aptible Comply.

That said, once your ISMS starts to stabilize (and especially if you’re planning to undergo an audit!), you should take the time to tag specific revisions of your ISMS as approved versions.

Approved versions are a pointer to a specific revision, but they’re completely frozen (i.e. you can’t edit them), with the exception of Procedure Statuses, which you can still modify for an approved version as you make operational changes throughout your organization.

We recommend using approved versions to model the current and effective version of your Compliance Program, which members of your Organization are expected to follow.

To make changes to your ISMS more approachable to those members, Gridiron Aptible Comply lets users visualize a list of changes from one approved version to the next.

Approvals can also be exported. Unlike revisions, they will not be labelled as drafts. See PDF Exports for more information.


The onboarding steps in the app will prompt you to approve your ISMS when appropriate.