The data protection management software otris privacy can be extended by the Information Security Management System (ISMS) module. Companies use otris privacy ISMS to secure information (e.g. about production processes or business processes) as intangible assets and to protect it through confidentiality, availability as well as integrity. In addition to information protection, another main benefit of the extension is the support for ISMS certification processes.
Software for your information security management
otris privacy ISMS helps you plan/conceptualise, implement, control/monitor and continuously improve your information security. The ISMS supports you in identifying and assessing information security risks and reducing them in a targeted manner through protective measures. Regardless of whether your company uses the ISMS exclusively to protect valuable information assets or is aiming for certification: otris privacy ISMS supports you in the structured implementation of your company-wide security system and is the foundation for establishing a holistic information security culture in your company. The easy-to-use documentation, training and control tools are the technical basis for successful operational work in day-to-day business.
Asset coverage and its assessment
Companies define areas of responsibility, roles, the guideline and the scope in otris privacy ISMS. In addition, they document the requirements and objectives of the information security system in the system. Once planning and the information network have been created, companies can use the ISMS extension to record their asset structure and asset inventory.
Both primary assets (business processes and activities as well as related information) and supporting assets (e.g. hardware and software, networks, employees, buildings) are taken into account. For asset recording, the system integrates an easy-to-use documentation module: Responsible employees describe selected assets according to predefined criteria. They group related assets into groups and add relationships to other assets. The ISMS then automatically creates the so-called network plan from the asset inventory. This helps you to view individual assets or asset groupings in the entire process and to identify relations. The asset documentation as an information network and the associated network plan are the basis for the subsequent modelling and risk analysis according to BSI or ISO.
otris privacy ISMS supports you in the preparation and implementation of certification processes as well as internal and external audits. The software includes catalogues for ISO/IEC 27001, ISO/IEC 27002, CISIS12® and ISO 27001 based on the BSI’s IT basic protection compendium. The ISMS module can also be expanded to include individual, sector-specific sets of rules.
ISMS with otris privacy – In preparation for ISO / BSI certification, otris privacy ISMS supports you in the collection, categorisation and control of your information assets.
With otris privacy ISMS you keep control and an overview of your information. You identify security risks, classify them and implement appropriate protective measures. With the help of audits and various reporting options, you can continuously improve your information security and manage it in a targeted manner.
Risk analysis and security concept
Based on the risk analysis and assessment, companies derive appropriate measures for risk treatment and develop a holistic security concept. otris privacy ISMS supports both the quantitative assessment according to ISO and the qualitative assessment according to BSI at this point. The international ISO standard specifies 114 reference measures (from Annex A of the standard). Companies define specific hazards and classify their effects on the necessary protection requirements. Risk scenarios are recorded, the risk is assessed accordingly and actions are derived. The BSI basic protection catalogue, on the other hand, provides typical hazards that have already been assessed and provided with recommended measures. Users can carry out the basic protection check individually according to protection requirement levels. In otris privacy ISMS, a list of all hazards of the basic protection compendium is integrated and the recommended measures given by the BSI are automatically assigned. A separate risk analysis is only necessary for increased protection requirements. The subsequent success control and monitoring of the implementation of measures and the achievement of objectives round off the security concept. Of course, otris privacy ISMS can also be expanded to include your own measures and hazard catalogues.
Audits and management review
otris privacy ISMS simplifies the procedure of a new or re-certification and supports you in the planning and implementation of external and internal audits. The ISMS extension offers you management-friendly reports at the push of a button. This not only saves you time, but also creates more transparency and measurability. The system shows you the actual state as well as the deviations from the target state. The control of compliance, the continuous improvement in the entire ISMS process as well as the adaptation to newly identified risks are decisive for a controlled information security in your entire company. An intuitive management cockpit provides a detailed overview of which employees take on which roles and responsibilities within the security concept and whether they have reliably processed their assigned tasks. The cockpit also shows internal and external audit results, the current status in risk management and informs the management about security incidents.
otris privacy ISMS supports you in establishing company-wide ISMS processes and simplifies controlled information security. The intuitive operation according to the proven otris privacy concept, the clear structure, individual workflows with automated reminders and evaluations as well as process automation for documentation, evaluation and control facilitate the daily work of your ISMS managers.
Searching for and finding information is easy – one of the greatest advantages of a central ISMS. otris privacy ISMS simplifies the search for information and documents and, thanks to the central database, guarantees the same up-to-date information status for all those involved. Involved employees are able to obtain information at any time.
All functions of the ISMS module can be used via the web interface in the browser. The browser-based access to a central database has the advantage that employees can work independently of location.
The ISMS extension not only simplifies new certifications or re-certifications, but also supports you in reporting and documenting security incidents. otris privacy ISMS is multi-client and group-capable and can be customised according to your requirements: Industry-specific content and catalogues, your own key figures as well as evaluations can of course be added.
Relief and time saving
The ISMS extension of otris privacy relieves your staff of administrative, time-consuming tasks such as maintaining, merging and collecting information from various data sources. The user-friendly interface and integrated reporting options save additional time and create transparency. The focus is on constantly increasing the security level of your entire company.
Configurable authorisation concept and external integration
A differentiated access concept allows you to define roles and rights. By integrating employees via the intelligent rights concept, you maintain the confidentiality and integrity of your information. Users have access to specific information depending on their roles and tasks. Depending on your requirements, you can also integrate external information security officers and allow them temporary access to certain system contents.
The software supports certification according to common standards with content packages. Included are catalogues for ISO/IEC 27001, ISO/IEC 27002, CISIS12® as well as ISO 27001 based on the IT basic protection compendium of the BSI. Further content packages can be integrated into the solution according to company-specific requirements.