Specialised solution | privacy SUITE The digital solution
for your group-wide

From inventory to certification – information security management with otris isms

Companies use otris isms to secure information (e.g. about production processes or business processes) as intangible assets and to check it for protection goals such as confidentiality, availability as well as integrity. In addition to information protection, another main benefit of the specialist solution is its support for ISMS certification processes.

Software for your information security management
otris privacy ISMS helps you plan/conceptualise, implement, control/monitor and continuously improve your information security. The ISMS supports you in identifying and assessing information security risks and reducing them in a targeted manner through protective measures. Regardless of whether your company uses the ISMS exclusively to protect valuable information assets or is aiming for certification: otris privacy ISMS supports you in the structured implementation of your company-wide security system and is the foundation for establishing a holistic information security culture in your company. The easy-to-use documentation, training and control tools are the technical basis for successful operational work in day-to-day business.

Asset coverage and its assessment
Companies define areas of responsibility, roles, the guideline and the scope in otris privacy ISMS. In addition, they document the requirements and objectives of the information security system in the system. Once planning and the information network have been created, companies can use the ISMS extension to record their asset structure and asset inventory.

Both primary assets (business processes and activities as well as related information) and supporting assets (e.g. hardware and software, networks, employees, buildings) are taken into account. For asset recording, the system integrates an easy-to-use documentation module: Responsible employees describe selected assets according to predefined criteria. They group related assets and add relationships to other assets. The otris Information Security Management System then automatically creates a network plan from the asset inventory. This helps you to view individual assets or asset groupings throughout the process and identify relationships. The asset documentation as an information network and the associated network plan form the basis for the subsequent modelling and risk analysis in accordance with the relevant standards such as the BSI or ISO series.

otris isms supports you in the preparation and implementation of certification processes as well as internal and external audits. The software includes catalogues for ISO/IEC 2700x and the CISIS12® series. The information security management system can also be extended to include individual, sector-specific sets of rules.

„The ISMS software from otris was a great help in preparing for our certification.“

Project Manager for the IT Security Certification of the Prinz Mayweg Group

Continuous improvement of your ISMS process

With otris privacy ISMS you keep control and an overview of your information. You identify security risks, classify them and implement appropriate protective measures. With the help of audits and various reporting options, you can continuously improve your information security and manage it in a targeted manner.

Risk analysis and security concept
Based on the risk analysis and assessment, companies derive appropriate measures for risk treatment and develop a holistic security concept. otris isms supports both the quantitative assessment according to ISO and CISIS12® and the qualitative assessment according to BSI at this point. The international ISO standard provides reference measures (from Annex A of the standard). Companies define specific hazards and classify their effects on the necessary protection requirements. Risk scenarios are recorded, the risk is assessed accordingly and actions are derived. The BSI basic protection catalogue, on the other hand, provides typical hazards that have already been assessed and in some cases provided with recommended measures. Users can carry out the basic protection check individually according to protection requirement levels. A list of all hazards of the basic protection compendium is integrated in otris isms and the recommended measures given by the BSI are automatically assigned. A separate risk analysis is only necessary for increased protection needs. The subsequent success control and monitoring of the implementation of measures and the achievement of objectives round off the security concept. Of course, otris isms can also be expanded to include your own measures and hazard catalogues.

Audits and management review
otris isms simplifies the process of new or re-certification and supports you in the planning and implementation of external and internal audits. The required data is collected directly from the responsible persons via questionnaires that you can create yourself and read in automatically. otris isms offers you reports prepared in a management-friendly manner at the touch of a button. This not only saves you time, but also creates more transparency and measurability. The system shows you the actual status as well as the deviations from the target status. The control of compliance, the continuous improvement in the entire ISMS process as well as the adaptation to newly identified risks are decisive for a controlled information security in your entire company. An intuitive management cockpit provides a detailed overview of which employees take on which roles and responsibilities within the security concept and whether they have reliably processed their assigned tasks. The cockpit also shows internal and external audit results and the current status of risk management.

Information security with otris software

Information security with otris software

In preparation for certification, otris isms helps you capture, categorise and control your information assets.

otris privacy ISMS – key features and benefits

otris isms supports you in establishing company-wide ISMS processes and simplifies controlled information security. The intuitive operation based on the proven otris privacy concept, the clear structure, individual workflows with automated reminders and evaluations as well as process automation for documentation, evaluation and control facilitate the daily work of your internal and external ISMS managers.


Central ISMS

Searching for and finding information is easy – one of the greatest advantages of a central ISMS. otris isms simplifies the search for information and documents and, thanks to the central database, guarantees the same up-to-date information status for everyone involved. Involved employees are able to obtain information at any time.


Web interface

All functions of the solution can be used via the web interface in the browser. The browser-based access to a central database has the advantage that employees can work independently of location.


Individually customisable

The information security management system simplifies new certifications or re-certifications. otris isms is multi-client and group-capable and can be customised according to your requirements: Sector-specific content and catalogues, your own key figures and evaluations can of course be added.


Relief and time saving

The otris ISMS solution relieves your employees of administrative, time-consuming tasks such as maintaining, merging and collecting information from various data sources. The user-friendly interface and integrated reporting options save additional time and create transparency. The focus is on constantly increasing the security level of your entire company.


Configurable authorisation concept and external integration

A differentiated access concept allows you to define roles and rights. With the integration of employees via the intelligent rights concept, you maintain the confidentiality and integrity of your information. Users have access to specific information depending on their roles and tasks. Depending on your requirements, you can also involve external information security officers and allow them temporary access to certain system contents.


Content packages

With content packages, the software supports certification according to common standards. Included are catalogues for ISO/IEC 27001, ISO/IEC 27002, CISIS12® as well as the IT basic protection compendium of the BSI. Further content packages can be integrated into the solution according to company-specific requirements.

Online demo | Register now for free!

reCAPTCHA is required.

otris software AG will use all information provided here solely in accordance with the Privacy policy.

Your contact

Sebastian Gockel
+49 231 95806950