Module · Compliance Enablers

CommunicationPlan

Clause 7.4: Who, What, When, and How — On Record

Clause 7.4 asks a deceptively simple question: what ISMS communications happen, when, with whom, and how? This module answers it with a register of planned communications — internal staff and management updates, external party notices, and regulator communications — each with audience, frequency, owner, and review dates. A small module, but one auditors check and checklist tools do not have.

All Modules
Before → After

The problem we solve.

Why teams switch to Compliance Enablers for communication plan.

Industry challenges

  • Clause 7.4 answered in audits with whatever the CISO can remember on the day
  • Regulator communication duties known to one person and documented nowhere
  • Recurring communications quietly stop when their unofficial owner changes roles

How we solve it

  • A communications register covering what, when, who, and how for every planned communication
  • Explicit regulator and external party plans with named owners
  • Frequencies and review dates keep the programme running and current
Capabilities

Built for depth,
out of the box.

Every capability is production-ready on day one. No add-ons, no extra subscriptions.

Flagship capability

Communications Register

Plan each recurring ISMS communication — for example, a quarterly information security status update — with its purpose, audience, frequency, and owner.

Internal, External & Regulator Audiences

Distinguish internal management and staff communications from external party and regulator communications, with active regulator plans clearly visible.

Who-What-When-How Structure

Each plan captures the elements clause 7.4 names: what is communicated, when, to whom, and how — directly answerable in audit.

Review Dates & Overdue Flags

Plans carry last-review and next-review dates with overdue flags, keeping the communication programme current rather than ceremonial.

The impact

Why it matters.

Clause 7.4 answered with a register, not an improvised verbal explanation
Regulator communication obligations are explicit, owned, and current
Recurring communications actually recur because owners and frequencies are tracked
Overdue reviews surface before the audit finding does
Unified data model

Part of a connected whole.

Communication Plan shares a unified data model with every other module. Zero silos, by design.

Incident Management
Document Management
Explore all 52 modules
14-day free trial · no card required

See Communication Plan
in action.

Book a 30-minute demo and we'll walk you through communication plan tailored to your team, frameworks, and priorities.

Book a Demo