Companies use otris isms to secure information (e.g. about production processes or business processes) as intangible assets and to check it for protection goals such as confidentiality, availability as well as integrity. In addition to information protection, another main benefit of the specialist solution is its support for ISMS certification processes.
Software for your information security management
otris privacy ISMS helps you plan/conceptualise, implement, control/monitor and continuously improve your information security. The ISMS supports you in identifying and assessing information security risks and reducing them in a targeted manner through protective measures. Regardless of whether your company uses the ISMS exclusively to protect valuable information assets or is aiming for certification: otris privacy ISMS supports you in the structured implementation of your company-wide security system and is the foundation for establishing a holistic information security culture in your company. The easy-to-use documentation, training and control tools are the technical basis for successful operational work in day-to-day business.
Asset coverage and its assessment
Companies define areas of responsibility, roles, the guideline and the scope in otris privacy ISMS. In addition, they document the requirements and objectives of the information security system in the system. Once planning and the information network have been created, companies can use the ISMS extension to record their asset structure and asset inventory.
Both primary assets (business processes and activities as well as related information) and supporting assets (e.g. hardware and software, networks, employees, buildings) are taken into account. For asset recording, the system integrates an easy-to-use documentation module: Responsible employees describe selected assets according to predefined criteria. They group related assets and add relationships to other assets. The otris Information Security Management System then automatically creates a network plan from the asset inventory. This helps you to view individual assets or asset groupings throughout the process and identify relationships. The asset documentation as an information network and the associated network plan form the basis for the subsequent modelling and risk analysis in accordance with the relevant standards such as the BSI or ISO series.
otris isms supports you in the preparation and implementation of certification processes as well as internal and external audits. The software includes catalogues for ISO/IEC 2700x and the CISIS12® series. The information security management system can also be extended to include individual, sector-specific sets of rules.
With otris privacy ISMS you keep control and an overview of your information. You identify security risks, classify them and implement appropriate protective measures. With the help of audits and various reporting options, you can continuously improve your information security and manage it in a targeted manner.
Risk analysis and security concept
Based on the risk analysis and assessment, companies derive appropriate measures for risk treatment and develop a holistic security concept. otris isms supports both the quantitative assessment according to ISO and CISIS12® and the qualitative assessment according to BSI at this point. The international ISO standard provides reference measures (from Annex A of the standard). Companies define specific hazards and classify their effects on the necessary protection requirements. Risk scenarios are recorded, the risk is assessed accordingly and actions are derived. The BSI basic protection catalogue, on the other hand, provides typical hazards that have already been assessed and in some cases provided with recommended measures. Users can carry out the basic protection check individually according to protection requirement levels. A list of all hazards of the basic protection compendium is integrated in otris isms and the recommended measures given by the BSI are automatically assigned. A separate risk analysis is only necessary for increased protection needs. The subsequent success control and monitoring of the implementation of measures and the achievement of objectives round off the security concept. Of course, otris isms can also be expanded to include your own measures and hazard catalogues.
Audits and management review
otris isms simplifies the process of new or re-certification and supports you in the planning and implementation of external and internal audits. The required data is collected directly from the responsible persons via questionnaires that you can create yourself and read in automatically. otris isms offers you reports prepared in a management-friendly manner at the touch of a button. This not only saves you time, but also creates more transparency and measurability. The system shows you the actual status as well as the deviations from the target status. The control of compliance, the continuous improvement in the entire ISMS process as well as the adaptation to newly identified risks are decisive for a controlled information security in your entire company. An intuitive management cockpit provides a detailed overview of which employees take on which roles and responsibilities within the security concept and whether they have reliably processed their assigned tasks. The cockpit also shows internal and external audit results and the current status of risk management.
In preparation for certification, otris isms helps you capture, categorise and control your information assets.
otris isms supports you in establishing company-wide ISMS processes and simplifies controlled information security. The intuitive operation based on the proven otris privacy concept, the clear structure, individual workflows with automated reminders and evaluations as well as process automation for documentation, evaluation and control facilitate the daily work of your internal and external ISMS managers.
Searching for and finding information is easy – one of the greatest advantages of a central ISMS. otris isms simplifies the search for information and documents and, thanks to the central database, guarantees the same up-to-date information status for everyone involved. Involved employees are able to obtain information at any time.
All functions of the solution can be used via the web interface in the browser. The browser-based access to a central database has the advantage that employees can work independently of location.
The information security management system simplifies new certifications or re-certifications. otris isms is multi-client and group-capable and can be customised according to your requirements: Sector-specific content and catalogues, your own key figures and evaluations can of course be added.
Relief and time saving
The otris ISMS solution relieves your employees of administrative, time-consuming tasks such as maintaining, merging and collecting information from various data sources. The user-friendly interface and integrated reporting options save additional time and create transparency. The focus is on constantly increasing the security level of your entire company.
Configurable authorisation concept and external integration
A differentiated access concept allows you to define roles and rights. With the integration of employees via the intelligent rights concept, you maintain the confidentiality and integrity of your information. Users have access to specific information depending on their roles and tasks. Depending on your requirements, you can also involve external information security officers and allow them temporary access to certain system contents.
With content packages, the software supports certification according to common standards. Included are catalogues for ISO/IEC 27001, ISO/IEC 27002, CISIS12® as well as the IT basic protection compendium of the BSI. Further content packages can be integrated into the solution according to company-specific requirements.