“I once conducted an audit. The client had built beautiful forms and checks, but no one performed them because it took too much time. Nowhere does the standard dictate that it has to be so elaborate. If you keep things simple, you still meet the standard – but then it really works for your organization.”
With Instant 27001, Maurice developed a framework that allows organizations to implement ISO 27001 step by step, without that process becoming bogged down in the proverbial paper tiger of prints, folders, and documentation that are never consulted.
Instead of separate templates, the framework provides a pre-built implementation cycle: a clear explanation, a practical example and linked documentation for each standard requirement. A complete risk analysis has also been considered. “In many cases, organizations can use 80 to 85% of the documentation provided immediately. They only need to connect the dots and make adjustments where necessary based on their own context.”
Not only does that work faster, it also ensures that teams really understand why they are taking certain actions. “An auditor doesn't want to hear, ‘The consultant said it had to be done.’ The right answer is, ‘Our risk analysis shows that this is a real risk, and that's why we're doing this.’ That's what it's all about.”
Many organizations still view ISO in general, as well as ISO 27001, as an IT project, but Maurice says that is a misconception. “Not even half of the measures have a technical component. It's just as much about HR, about management engagement and about AVG processes. You need every department to make this work.”
That's why he advocates putting ISO projects not with a lead developer, but with someone who can connect people within the organization. A project manager or team leader who understands the processes, motivates and 'takes' people along, and gathers technical input where necessary.
A common mistake is that ISO 27001 ends up in a separate system or folder to which only one person has access. If you proceed that way, it remains an island and the rest of the organization doesn't get involved.
Instead, with Scienta, ISO 27001 can be integrated into daily work practices. “So if everyone is already working in Scienta for knowledge sharing and onboarding, you put the ISO documentation there. So then you don't create an extra system, but it remains something everyone can easily access and is already familiar with. That increases adoption and prevents ISO from remaining a (paper) sideshow for many employees.”
Instant 27001's ISO 27001 framework helps organizations be audit-ready in less than six months on average - considerably faster than traditional processes. But more importantly, the implementation delivers immediate improvements in processes, risk management and awareness.
“Some buy Instant 27001 because they need a certificate quickly for a tender. But along the way, they find that it really makes their organization better. So not just a piece of paper for form's sake, but a safer and more efficient company. That's what I do it for.”
With a practical approach and smart support in the form of a hands-on framework, ISO 27001 can become a valuable management system rather than a burdensome, time-consuming obligation. Instant 27001 shows that simplicity and effectiveness go very well together. The added value of WoodWing Scienta lies in the fact that it ensures that ISO 27001 becomes part of the daily work, instead of a separate project.