The ISMS Assistant bundles role assignment, continuity planning, and supplier management into three modules you reach from the overview page at /isms-wizard. In Roles, Responsibilities & Employee Lifecycle you assign people via the RACI matrix, in Business Continuity you build from the Business Impact Analysis through to the policy, and in Supplier Management you maintain the register with assessment. Many roles and data are already prefilled from earlier phases, so you mostly review and add.
Assign roles and responsibilities
Open the Roles module
Open the ISMS Assistant overview page and select the Roles, Responsibilities & Employee Lifecycle card. The module is split into the tabs Overview, Roles & Assignments, Competences & Training, Control RACI, Workflow Configuration, and Policies.
Assign people to roles
Switch to the Roles & Assignments tab. Each ISMS role appears as a card with its identifier and description. People that Cenedril prefilled from earlier phases carry an auto marker. Use the person field to assign additional people to a role. With Add Custom Role you create a role that is missing from the standard catalogue.
Fill the Control RACI
Open the Control RACI tab. The controls are grouped into organisational, people, physical, and technological controls. Click the pencil icon on a control and assign people or roles to the four rows: R (responsible), A (accountable), C (consulted), and I (informed). Use the search field to find a specific control.
Build business continuity
Open the Business Continuity module
Return to the overview page and select the Business Continuity card. The overview shows the chain in order: Business Impact Analysis, continuity plans, IT disaster recovery, tests, and crisis communication. Each step carries a progress ring showing its current state.
Record the Business Impact Analysis
Open the Business Impact Analysis tab. For each critical process, record the impact along with the recovery time objective (RTO) and the maximum tolerable data loss (RPO). The overview then shows how many processes have values set and how many remain open.
Add plans, recovery, and exercises
Use the Continuity Plans, IT DR & Information Backup, Tests & Exercises, and Crisis Communication tabs to add the remaining building blocks. Continuity plans can be approved, and completed exercises appear with their date in the overview.
Complete the BCM policy
Switch to the Policy tab. Cenedril generates a draft from your controls and the organisation name, which you edit in the editor. Use the Save button to store the state.
Manage suppliers
Open the Supplier Management module
On the overview page select the Supplier Management card. The module has the tabs Overview, Supplier Register, and Policy. The overview shows the total number of suppliers, the share of assessed suppliers, overdue reviews, and the distribution by criticality and assessment.
Maintain the register
Open the Supplier Register tab. The register is a view of Asset Management; suppliers flow in from there. Through the expandable rows you maintain base data, criticality, cloud services, assessment, contracts, and review dates per entry.
Complete the supplier policy
Switch to the Policy tab. Cenedril generates a draft of the supplier security policy. Use Save Draft to keep an interim version and Complete to finalise the policy for the active language.
Result: the ISMS roles are filled with people, the controls carry their RACI assignment, business continuity runs from the Business Impact Analysis to an approved policy, and the supplier register holds criticality, assessment, and a completed supplier policy.