Doccle, a leading IT service provider in Belgium that specializes in helping businesses transition to 100% digital invoice administration realized that one of their own central processes – risk management – was not yet fully digitalized. They started a search for an integrated, efficient, and compliance-ready risk management solution within their existing Jira and Confluence ecosystem. With the need to comply with ISO 27001 and NIS2, they required a risk management tool that would streamline their processes while ensuring regulatory compliance and operational efficiency.
Compliance Challenges
Before adopting SoftComply Risk Manager Plus, the company faced several key challenges:
-
-
Manual syncing of Risk data – Excel is a great tool to start with but when all related tasks are managed elsewhere, it is not helpful in the long run
-
Siloed work in separate apps – Managing risk across information security, business operations, supplier relationships, and client digital transformation projects required multiple tools, leading to inefficiencies.
-
Scalability Concerns: Their existing risk management process did not support scalability and automation as the company grew.
-
Regulatory Compliance Complexity – Meeting ISO 27001 and NIS2 compliance obligations meant tracking and documenting risks comprehensively.
-
5 Main Benefits of Managing Risks in Jira
We asked Peter de Rudder, the COO of Doccle, what were the main benefits of managing risks in Jira with the native SoftComply Risk Manager Plus app and here’s what he said:
1. Enables real-time collaboration and transparency across teams
Before, using Excel, we needed to keep the file protected to avoid human errors. Everyone could “read” the file of course, but I was responsible for updating it. After the initial certification, we held quarterly risk reviews and all participants were sending in their updates which I included to the protected file. During the updates I ended up copy-pasting the Jira issue links to Excel file and I felt there should be a better way to keep the information up to date. So, I started to search if there is a solution that enables me to manage the risks within Jira, instead.
2. Comprehensive Risk Management Capabilities – allowing tracking of information security, business, supplier, and project risks within a single system
I tested multiple risk management apps within Jira and I was immediately drawn to SoftComply Risk Manager Plus, since this app has a lot of ready-made elements needed for Information Security, and it is very customizable to incorporate organizational risk management and complete the vendor assessments. Now, we were also able to start managing project risks more efficiently. Prior to that, Project Managers were filling in the Excel-based project risks and they were feeling it was disconnected to their everyday work. Also, each Project Manager understood the risk management needs differently.
3. Built-in Compliance Templates – pre-configured for ISO 27001, reducing manual effort and compliance risk
Having the ISO27001 features built-in was the biggest purchase decision for us. All the Controls are readily within the SoftComply Risk Manager Plus app, we are able to prepare Statement of Applicability within seconds, and have the Traceability between Assets, Controls and Risks built automatically just by using different elements of the app.
Preparing for the most recent audit, the ISO27001 checklist was very helpful – to know exactly where each of the requirement of the standard is covered, empowered our team and built the confidence for the audit. I have to say, the auditors were quite impressed how efficiently the process has been put in place.
4. Customizable Risk Matrices – supporting different types of risk models (2- & 3-dimensional matrices and score-based models supported), ensuring flexible risk assessment tailored to their needs
Most of the other Risk apps in Jira have only 2-dimensional risk matrices available. And most of the times, this is sufficient. But as we need to incorporate different types of risk assessments, we are happy to have this flexibility out-of-box in the SoftComply Risk Manager Plus app. Also, having the ability to enable multiple Risk Models within the same project, gives us a central oversight of our company-wide risk assessments within the same project.
5. Exceptional Customer Support – ensuring a smooth implementation process with fast and responsive assistance
We were able to put our processes in place by using the online documentation and tutorials, mostly. But since it is a feature-packed app, we reached out to SoftComply several times – to make sure we have understood the setup as intended, to learn about additional tips and tricks. One occasion, we thought there was a technical error with adding Risk Owners to the each Risk in the Risk Register. A quick email exchange later, we understood that the issue was with our overall Jira configuration, instead.
We have been using the SoftComply Risk Manager Plus app for a year now, and throughout this time there have been new features added, as if the team knows exactly our needs. For us, the timing has been just perfect, it seems that the SoftComply team is always one step ahead of what will be needed from the customer’s perspective.
Why Managing Risks in Jira Pays Off
After implementing SoftComply Risk Manager Plus, Doccle achieved the following:
-
- Unified Risk Management: A single, integrated solution for all risk types, reducing complexity and enhancing efficiency.
-
- Regulatory Compliance Confidence: Streamlined documentation and reporting ensured ISO 27001 and NIS2 compliance without additional tools.
-
- Operational Efficiency: Automating risk tracking and integrating it within Jira eliminated redundant tasks, saving significant time.
-
- Improved Collaboration: Teams across security, compliance, and digital transformation projects had a centralized risk register, improving visibility and decision-making.
Customer Testimonial
“As we are managing our ISMS in Confluence and Jira, we needed an integrated risk management system. With SoftComply Risk Manager Plus, we now have the perfect solution – managing information, business, supplier, and project risks in one place. The tool also integrates seamlessly with our ISO 27001 documentation. Plus, it’s a great starting point for NIS2 compliance. The support team is fantastic – fast and highly responsive. We’re glad to have chosen this app!”
If you wish to learn more about NIS2 and ISO 27001, join Peter and SoftComply at an upcoming User Forum on May 7, 2025. 
