ISMS Tools

There are many ISMS Tools* available on the Market:

LeanISMS Starter & Complete - Lean42 GmbH

Our Lean ISMS Tool (LeanISMS Starter & Complete) simplifies information security and its management through lean philosophy, pragmatic solutions, directly usable templates and concepts according to our motto “easy & effective” – for companies of all industries and sizes.

*) The mention of the tool offers of other companies is a pure listing. It is not an advertisement. The list raises no claim to completeness.

EAM Tool Provider with integrated ISMS Modules:

Enterprise Architecture Management (EAM) in combination with a CMDB creates a holistic view and single point of truth on all essential business and technical structures that can be used by ISMS. Transparency about all assets to be protected and their protection needs is essential to evaluate risks and prioritize security measures. Synergies can be leveraged through a manageable ISMS, closely linked with EAM as an asset base for analyses.



LeanIX GmbH




Smart360° BIZ


LeanISMS Starter & Complete

Advantages of an ISMS Implementation with LeanISMS Starter & Complete

360° Documentation

… of responsibilities and duties as well as information processes and structures, incl. reports available in realtime. LeanISMS Starter provides you with an ISMS best practise meta model with relevant structures, relationships and attributes, which can be adapted & extended by yourself with a little effort if required.


… through Surveys. Configurate your own questionnaire or optionally use the best practise templates. Measure your current maturity level, evaluate your business units or service providers and achieve a high level of risk acceptance.


… through adherence to internal and external regulations or requirements. Optional catalog service for ISO 2700x with integrated IT-Grundschutz provides you with the latest requirements & control frameworks in a structured form.


… regarding the current security level and protection need of all company-relevant applications, technology, data, processes, products, departments or your own employees.

Increase Efficiency

… through tool-based work and collaboration. Higher acceptance and data quality through consistent data collection in a central tool and the avoidance of redundancies.

Data Analysis & Reporting

… by visualizing measurable results. Decision making can be driven and management & decision makers can be better engaged.

Lean ISMS Tool for Information Security Management

With LeanISMS Starter, you get a framework that already contains everything you need to get started:

LeanISMS* Starter

Best-practice metamodel (easily extensible & customizable) incl. ISMS relevant structures, relationships and attributes. Central object database, adapted to the requirements of IS management.
Table-like maintenance of data, e.g. fast and easy mapping of control objectives & requirements with the help of the cross table
ISMS data analysis & standard reporting to visualize measurable results. Lean ISMS starter metrics & reports are used for documentation and overview, as a decision-making and planning support and clearly show the state of information security in your organization in tables as well as charts.
Surveys to support information security assessments.
Use of optional catalog service for ISO 2700x with integrated IT Grundschutz for compliance with internal and external regulations or requirements and support during audits & certifications.
Easy migration of data from other ISMS tools (e.g. GS-Tool, verinice), Microsoft-compatible export & import formats

Fixed price**
9.800 € plus VAT. / year

**) Additionally book our Quick-Start support for a fixed price of 15.000€.

With LeanISMS Complete, you acquire a holistic solution for managing information security:

LeanISMS* Complete

All functionalities of LeanISMS Starter +
Extended risk management incl. risk portfolio
Assessments: Opportunity to capture and export audit results and to integrate them into risk and measures management
Flexible ISMS report customization
Integration of SharePoint, or Confluence for e.g. central structured document storage (certification-relevant documentation); if necessary, also with connection to archive
Integration of Jira for e.g. ISMS measures management incl. release workflows and tracking of measures & tasks
Integration of Tableau for ISMS dashboard und reporting
Integration into the overall emergency management, if necessary, also integration with the existing prevention tool (e.g. Greenbone)

Price upon request

*) LeanISMS Starter & Complete based on Smart360.

Lean ISMS Tooling

LeanISMS Starter & Complete support you in setting up and operating an ISMS. The basic requirements of ISO/IEC 27001 and other standards and regulations are fully supported by the functionalities.

ISMS Functions

Management of documents relevant to information security (specifications, proofs)
Information security risk management e.g. according to ISO 27001 or ISO 27005
Management of information security measures (create, change, delete, assign) incl. tracking
Inventory and classification of protection objects (asset management) incl. determination and inheritance of the protection needs
Management of security incidents (Incident management)
Vulnerability management
Management of exceptions to safety targets (deviation management)
Management of controls (standard and company-specific requirements)
Creating and updating of Statement of Applicability (SoA)
Conducting the gap analysis and audits / assessments based on ISO 27001 and ISO 27002
Evaluation of Information security compliance
ISMS monitoring & reporting incl. ISMS dashboard
Supporting evidence of awareness and training activities

Cross-cutting Functionalities

Central database, generic metamodel – easily extensible and customizable
A high degree of Integration e.g. ActiveDirectory, LDAP, SSO, Okta, Excel, Confluence, SharePoint, Jira, Tableau
German data center (certified according to DIN ISO/IEC 27001)
Security through automatic backups
Regular updates (automatic) of software & infrastructure
High availability
Easy to use through web browser, operating system independent & future-proof
Calculable constant costs
Multi-user and multi-client capability
Role-based authorization concept
Historization, archiving and change history
Microsoft-compatible export and import formats
Predefined and easily configurable reports for protection requirements, threats, measures and their implementation status, incl. easy table-based maintenance
Automatic quality check during import and easy error handling