Inviting Your Team
Learn how to invite members to your organisation, understand the five roles, and manage pending invitations.
How to Invite a Member
To invite someone to your organisation, navigate to Settings > Members and click the Invite Member button.
- Enter the person's email address.
- Select the role you want to assign (see role descriptions below).
- Click Send Invitation. The person will receive an email with a link to join your organisation.
Invitation links are valid for 7 days. If the link expires, you can revoke the pending invitation and send a new one.
If the invited person already has a Standardise account, they will be added to your organisation automatically when they click the link. New users will be guided through creating an account as part of the acceptance flow.
Understanding Roles
Standardise uses role-based access control (RBAC) with five roles. Each role inherits the permissions of the roles below it:
- Owner — full control over the organisation, including billing, encryption key management, member management, and all ISMS modules. Every organisation has exactly one Owner.
- Admin — can manage members (invite, edit roles, remove), configure organisation settings, manage integrations, and perform all ISMS operations. Cannot transfer ownership or manage encryption keys.
- Manager — can manage content across all ISMS modules, approve documents, assign risk owners, close audit findings, and manage incidents. Cannot access organisation settings or member management.
- Editor — can create and edit content across ISMS modules: create documents, add risks, upload evidence, and record incidents. Cannot approve documents or manage other users' content.
- Viewer — read-only access to all ISMS modules. Can view documents, risks, evidence, audit reports, and dashboards, but cannot create or modify anything.
Managing Pending Invitations
The Members tab in Settings shows both active members and pending invitations. For each pending invitation, you can see the email address, assigned role, and when the invitation was sent.
To revoke a pending invitation, click the revoke button next to the invitation. This immediately invalidates the invitation link. You can then send a new invitation if needed, for example with a different role.
If someone tells you they did not receive the invitation email, revoke the existing invitation and send a new one. The new invitation will generate a fresh link and email.
User Limits
The number of members you can have is determined by your plan:
- Starter — up to 10 members
- Pro — up to 25 members
- Business — up to 50 members
- Enterprise — unlimited
Pending invitations count toward your user limit. For example, if you are on the Starter plan with 8 active members and 2 pending invitations, you have reached the 10-user limit and will need to upgrade or revoke an invitation before inviting anyone else.
Editing Members
After a member has joined, you can edit their name, email, and role from the Members tab. Click the edit icon next to any member to open the edit dialog.
- You cannot edit your own role or the Owner's role.
- Changing a member's email address will check for uniqueness across existing members.
- Role changes take effect immediately — the member's permissions update on their next action.
Best Practices
- Apply the principle of least privilege — assign the minimum role needed for each person's responsibilities.
- Encourage all members to enable multi-factor authentication from Settings > Security.
- Review your member list regularly and remove access for anyone who no longer needs it. This is an ISO 27001 control requirement (A.5.18 — Access rights).
- Use the audit log to monitor member activity and ensure accountability.