Hi Grigory,

The thing is, we want to make the documents available on the platform for this and other audits. Having them available on the platform would have made our work easier during the audit. We had to set up a separate environment for the auditors to access. As a result, we are currently working with two environments: Secfix and our internal document storage system. This isn't a problem in principle, but it would be great if we could control everything from one environment — or at least connect the environment to SecFix so we don't have to upload and download documents repeatedly. It would be easier and more convenient.

Thanks for the feedback! The main benefit we are chasing at Secfix for users is to make things tidy, clean and structured. By introducing a folder logic to collect more docs I think you will actually loose structure that Secfix gives you long term by adding more and more loose documents that are not connected to any specific purpose.

Are the documents you suggest to add the documents that you will show during the audit? Or something you collect 'just in case'?

Can you make more specific examples for "Documents exclusively related to the ISMS (Information Security Management System) – such as ISMS-specific procedures, frameworks, or strategic documents that are essential for managing the system but aren’t tied to individual POLs."? I don't know any document that is not covered by manual evidence or policies but I'd be happy to get your opinion here!