TwelveSec is a cybersecurity company focusing on security assurance, security management, and security training services. To provide their remote team with an information management system and a quality management system while meeting ISO 9001 and 27001 standards, they use Confluence and Comala Publishing.
Building a Remote Documentation System
TwelveSec was founded in 2012 by a small team of cybersecurity enthusiasts. In a small period of time has managed to grow into one of the major cybersecurity firms in Greece. TwelveSec specializes in penetration testing, Red Teaming, and Secure SDLC services. Their Integrated Management System (IMS) is certified with ISO 27001 and ISO 9001, while they have Facilities Security Clearance issued by the Greek National Security Authority to handle Classified Information.
To support their remote team, TwelveSec chose Confluence, Atlassian’s remote team workspace, as the ‘library’ for their documentation. All team members use their Confluence instance, which is organized with an IMS and Knowledge Base space. The IMS space contains the company’s compliance documentation, while the Knowledge Base contains specific methodologies. Both these spaces are divided into a “published” space, including approved policies, procedures, and methodologies, and a draft space with non-approved versions and material. In this way, all Confluence articles are accessible and easy to use, while at the same time, drafts are kept separate from the “published” versions.
“With this setup, we have all the information we need in one place, keeping our management system integration and ensuring all employees can easily access the latest version of a policy or a process,” says Phil Kaloheretis, TwelveSec’s Finance and Administration Officer.
The system has also proved useful for onboarding. Instead of providing new employees a folder with numerous policies and procedures in it, TwelveSec presents to new hires a Confluence space containing all the necessary documents indexed and linked. This procedure helps new employees to get acquainted with the company’s QMS, ISMS, and methodologies, thus making onboarding significantly more efficient.
Publishing Content and Demonstrating Compliance
As they developed their document library, TwelveSec saw a need to have a draft space where documents can be written, edited, and reviewed while in progress and a published space where team members can read only the finalized and approved versions. To accomplish this, they chose Comala Publishing, an app that allows users to copy content from one Confluence space to another, making it easy to keep draft and published documents separately.
“In our IMS, we needed to have transparency and accountability,” explains Phil. “You need to know that the right person approved the final version. This is why we chose Comala Publishing.” Documents are prepared by a person or a team in the draft space and then published to the “published” space, where the team can view the finalized, approved versions. Comala Publishing publishes single pages or multiple documents at once with the press of a button.
Having all resources in one place also makes it much easier for TwelveSec to run internal audits and show compliance with external auditors. In particular, Comala Publishing makes it much easier to evidence to auditors about which version of a document is final and if or when the version was approved by the authorized person.
“With Comala Publishing, we can show that the final version was approved by the owner of the document on a specific date,” says Ioanna Dima, an Information Security Consultant at TwelveSec. “This was the critical factor we chose Comala Publishing for.”
For every IT company, and especially for a cybersecurity company, having a single, up-to-date place to store procedures, policies and methodologies are essential for building an effective documentation system while maintaining compliance. “Comala Publishing helped us transform our spaces in Confluence for IMS documentation,” says Phil. “It helped our personnel to more easily read and search documents. Although it’s a small piece of software, it was critical for the overall integrity and availability of our system.”
Last updated: 2023-01-24