Companies use otris isms to secure information (e.g. about production processes or business processes) as intangible assets and to check for protection goals such as confidentiality, availability and integrity. In addition to information protection, another main benefit of the specialised solution is support for ISMS certification processes.
Management of regulatory documents and assets. Documentation and control of all ISMS activities.Preparation and implementation of certification processes. Multi-standard capable: ISO 27001, VDA-ISA, BSI, B3S, …Risk assessment and control, action and incident management. Always ready to provide information.
Optimally prepare certifications with otris isms.
Our ISMS software at a glance
otris isms supports you in establishing company-wide ISMS processes and simplifies controlled information security. The intuitive operation based on the proven otris privacy concept, the clear structure, individual workflows with automated reminders and evaluations as well as the process automation for documentation, rating and control facilitate the daily work of your internal and external ISMS managers.
Centralised ISMS
Search and find information easily – one of the biggest advantages of a central, web-based ISMS. otris isms simplifies the search for information and documents and guarantees the same up-to-date information status for everyone involved thanks to the centralised database. Involved employees can access information at any time.
Template for information network
otris isms contains a complete information network that you can use as a template/template. The individual best-practice template documents are editable and marked at the points that need to be customised for your company.
Own questionnaires/checklists
You can create questionnaires or checklists with your own content in otris isms easily and with just a few clicks. You can send checklists directly from the system (e.g. to asset managers). Answering works without system access. The evaluation is automated.
Content packages / multi-standard capable
With content packages, the software supports certification according to common standards. Catalogues for ISO/IEC 27001, ISO/IEC 27002, VDA-ISA, B3S, CISIS12® as well as the IT baseline protection compendium of the BSI are included. Further content packages can be integrated into the solution according to your specifications.
NIS-2 Ready
NIS-2 is a revised EU directive to improve the cyber security and resilience of critical infrastructures. If your company is affected by NIS-2, our information security management system will help you fulfil all requirements, including effective incident management for detecting, reporting and handling security incidents.
Individually customisable
otris isms simplifies new certifications and recertifications. otris isms is client or group-capable and can be customised according to your requirements: We integrate industry-specific content, your own performance indicators and processing and evaluation processes into the solution as required.
Why you should rely on ISMS software from otris
otris isms supports you in the planning/conception, implementation, success control/monitoring and continuous improvement of your information security. The ISMS helps you to identify and assess information security risks and reduce them through targeted protective measures..
Regardless of whether your company uses the ISMS exclusively to protect valuable information assets or is aiming for certification: otris isms supports you in the structured implementation of your company-wide security system and forms the basis for establishing a holistic information security culture in your company.
In addition to the technical aspects, our ISMS software is characterised by the following features:
Client-capable. From SMEs to corporations.
Regardless of whether you are an external security consultant looking after several clients, the ISMS manager of an SME or manage the information security management of a group as a team – otris isms adapts to the given structure. The software is multi-client capable and is also suitable for mapping complex corporate structures.
Role and access concept. External integration.
You define roles and rights using a differentiated access concept. Depending on your requirements, you can integrate groups or individual, selected ISMS officers. You can use client or web access to the central system to promote teamwork and information consolidation. New or changed assets can be reported electronically to the information security officer. In addition to direct client or web access, users can also complete the checklists externally: The questions are then exported as HTML questionnaires with encrypted response transmission.
Functional scope. Customisable standard software.
You can choose from three software editions to customise the basic functional scope of the solution to your needs. Standardised add-on solutions allow you to expand the system as required. For additional requirements that are not covered by the standard range of functions, otris realises a customised solution to meet your needs.
Systematic user guidance. Everything at a glance.
otris isms guides you step by step to your goal: Assistants and context-sensitive action menus guide you through all input processes, drag & drop functions facilitate document assignment. Interactive progress indicators and traffic light symbols for security checks ensure immediate transparency. Your personal cockpit and automatic e-mail notifications give you the security of knowing that you have an overview of all tasks and deadlines.
Evaluations. Differentiated and meaningful.
All logged information can be analysed flexibly. The report templates not only cover the legal requirements, but also allow differentiated analyses of safety management (action planning, audit log, etc.). DOC, PDF, HTML and CSV are available as output formats.
On-Premises or Cloud. Operating mode selectable.
You are free to choose whether you use the ISMS software in the cloud or on-premises. On-premises means that the system is operated on your company’s own IT infrastructure. With the cloud version, you access the servers of a secure, certified data centre (located in Germany). You use a web browser to work with the software in both the cloud and on-premises versions.
Which edition suits your requirements
In order to offer you the solution that best suits your company-specific requirements, we offer a choice of three editions and functional extensions.
STANDARD
The perfect solution for a quick start to a basic ISMS.
Advantages
- Best practice approach
- Get started quickly
- Individual organisation
- Individual user
SaaS from
149€ / month
ENTERPRISE
Das ideale ISMS-Tool für den SMEs and external consultants, with an extended range of functions.
Advantages
- Company units
- Authorisations
- Distributed working
- Reuse / inheritance
- SaaS or on-premises
SaaS from
419€ / month
ENTERPRISE plus
The group-capable, bilingual ISMS solution for comprehensive company requirements..
Advantages
- Company processes
- Customised programming possible
- Functionally expandable
- Group-specific reporting
- SaaS or on-premises
On request
€ / month
Software for special requirements
The feedback from our customers and interested parties shows how diverse the requirements for digital systems in the area of compliance / data protection are.
In order to cover special requirements in the best possible way, otris customers combine the ISMS software with other specialist solutions from our otris compliance SUITE or our otris legal SUITE.
How does our ISMS tool work?
More security, organisation, overview and control in information security: As an ISMS provider, we have already helped many customers to achieve greater success.
Asset recognition and its rating.
Companies define areas of responsibility, roles, the guideline and the scope in otris isms. They also document the requirements and objectives of the information security system in the system. Once the planning and information network have been created, companies can use the ISMS solution to record their asset structure and asset inventory.
Both primary assets (business processes and activities as well as associated information) and supporting assets (e.g. hardware and software, networks, employees, buildings) are taken into account. The system integrates an easy-to-use documentation module for asset recording: Responsible employees describe selected assets according to predefined criteria. They group related assets and add relationships to other assets. The otris Information Security Management System then automatically creates a network plan from the asset inventory. This helps you to view individual assets or asset groupings throughout the entire process and to identify relationships. The asset documentation as an information network and the associated network plan form the basis for subsequent modelling and risk analysis in accordance with the relevant standards, such as the BSI or ISO series.
Risk analysis and safety concept.
Based on the risk analysis and assessment, companies derive appropriate measures for risk treatment and develop a holistic security concept. otris isms supports both the quantitative rating according to ISO and CISIS12® as well as the qualitative rating according to BSI.
The international ISO standard specifies reference measures (from Annex A of the standard). Companies define specific hazards and categorise their impact on the necessary protection requirements. Risk scenarios are recorded, the risk is assessed accordingly and actions are derived. The BSI basic protection catalogue, on the other hand, provides typical hazards that have already been rated and in some cases provided with recommended measures. Users can carry out the basic protection check individually according to protection requirement levels. otris isms has an integrated list of all hazards in the basic protection compendium and automatically assigns the measures recommended by the BSI. A separate risk analysis is only necessary for increased protection requirements. The subsequent success control and monitoring of the implementation of measures and achievement of objectives round off the security concept. Of course, otris isms can also be expanded to include your own measures and risk catalogues.
Certification.
otris isms supports you in the preparation and implementation of certification processes as well as internal and external audits. The software includes catalogues for ISO/IEC 2700x, VDA ISA (V 5.1), B3S and the CISIS12® series. The information security management system can also be expanded to include individual, industry-specific regulations and is multi-standard capable (several standards can be applied and verified at the same time).
The required data is collected directly from the responsible persons via questionnaires, which you can create yourself, and automatically imported. otris isms offers you management-orientated reports at the touch of a button. This not only saves you time, but also creates greater transparency and measurability. The system shows you the actual status and deviations from the target status. Monitoring compliance, continuous improvement throughout the entire ISMS process and adapting to newly identified risks are crucial for controlled information security throughout your organisation. An intuitive management cockpit provides a detailed overview of which employees have which roles and responsibilities within the security concept and whether they have reliably completed their assigned tasks. The cockpit also shows internal and external audit results as well as the current status of risk management.
Test the ISMS software from otris now!
We look forward to receiving your enquiry for a free demo version of our ISMS solution. With otris isms you maintain control and an overview of your information. You identify security risks, categorise them and implement appropriate protective measures. With the help of audits and various reporting options, you can continuously improve your information security and tax it in a targeted manner. It’s best to get in touch with us today!
Online demo | Register now for free!
You need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More Information
FAQs: Frequently asked questions about ISMS
What is an ISMS?
An Information Security Management System (ISMS) is a structured system for managing information security in an organisation. It includes policies, processes and controls tomanage information risks and protect sensitive data from threats such as cyber attacks and data loss.
What are the advantages of an ISMS?
An ISMS offers companies the following advantages:
- Reduction of information security risks: Systematic identification and minimisation of security risks
- Compliance with legal requirements: Compliance with relevant legal and regulatory requirements.
- Increasing process stability: Integrating information security into business processes to avoid interruptions.
- Avoiding security incidents: Early detection and prevention of security incidents.
- Continuous improvement: Regular review and adjustment of security measures.
- Certification benefits: Increased trust among customers and partners as well as competitive advantages through proof of high security standards.
What does an ISMS have to do with data protection?
An ISMS protects all types of information, including personal data, and thus supports compliance with data protection requirements such as the General Data Protection Regulation. It integrates data protection into general security management and does not treat it in isolation.
How does otris isms support ISO 27001 certification?
The software makes the certification process considerably easier by supporting the creation and management of the necessary documentation, the performance of internal audits and the implementation of security measures in accordance with the requirements of ISO 27001.
How can otris isms be integrated into existing IT infrastructures?
otris isms is flexible and can be customised to a company’s specific requirements and existing systems. It offers interfaces for integration with other IT systems, enabling seamless implementation and management.
