ISMS Tools
There are many ISMS Tools* available on the Market:
- 2net Carsten Lang – Sidoc ® -Sicherheitsmanagement
- Allgeier CORE GmbH – DocSetMinder
- avedos GRC GmbH – risk2value ISMS
- CALPANA business consulting GmbH – CRISAM® – Die RisikomanagementMethode
- CareNavigator GmbH – CareNavigator
- Concat AG – EasyISMS
- CONTECHNET – INDART® Professional
- DHC Business Solutions GmbH & Co. KG – DHC VISION Information Security Manager
- ETES GmbH – EDIRA
- Fireloft – Standard Fusion
- FORUM Gesellschaft für Informationssicherheit mbH – ForumISM und ForumNSR
- fuentis AG – fuentis ISMS
- GAIMS GmbH- GAIMS Information Security
- Goriscon GmbH – embeddedGRC
- HiScout GmbH – HiScoutGrundschutz
- ibi systems GmbH – ibi systems iris
- INFODAS GmbH – SAVe
- Infopulse GmbH – Standards Compliance Manager Grundschutz Edition
- Keppler IT-Systems GmbH – vnoc42
- Kronsoft e.K. – opus i – Informationssicherheit
- Lean42 GmbH – Lean ISMS Starter & Complete
- QE LaB Business Services GmbH, adamant – Efficient IT security and compliance
- qmBase GmbH – qmBase
- RSA – RSA Archer® Suite
- Integrated Risk Management
- ReviSEC – ReviSEC GS-Tool
- S&L IT-Compliance GmbH – S&L Compliance Suite
- SAVISCON GmbH – GRC-COCKPIT
- Schleupen AG – R2C_SECURITY
- Secure IT Consult – Audit Tool 2006
- SerNet GmbH – VeriniceOpen Source ISMS Tool
- synetics – i-doit
- TCC GmbH – ATRADIS<Review
- Temino GmbH – ISiMap
- TogetherSecure – HITGuard
- WAITS GmbH – quidit
- WMC GmbH – QSEC ISMS & GRC
- …
*) The mention of the tool offers of other companies is a pure listing. It is not an advertisement. The list raises no claim to completeness.
EAM Tool Provider with integrated ISMS Modules:
Enterprise Architecture Management (EAM) in combination with a CMDB creates a holistic view and single point of truth on all essential business and technical structures that can be used by ISMS. Transparency about all assets to be protected and their protection needs is essential to evaluate risks and prioritize security measures. Synergies can be leveraged through a manageable ISMS, closely linked with EAM as an asset base for analyses.
ADOIT & GRC
LeanIX ISMS
LUY ISMS
Smart360°BIZ
LeanISMS Starter & Complete
Advantages of an ISMS Implementation with LeanISMS Starter & Complete
Lean ISMS Tool for Information Security Management
With LeanISMS Starter, you get a framework that already contains everything you need to get started:
LeanISMS* Starter
Best-practice metamodel (easily extensible & customizable) incl. ISMS relevant structures, relationships and attributes. Central object database, adapted to the requirements of IS management. |
Table-like maintenance of data, e.g. fast and easy mapping of control objectives & requirements with the help of the cross table |
ISMS data analysis & standard reporting to visualize measurable results. Lean ISMS starter metrics & reports are used for documentation and overview, as a decision-making and planning support and clearly show the state of information security in your organization in tables as well as charts. |
Surveys to support information security assessments. |
Use of optional catalog service for ISO 2700x with integrated IT Grundschutz for compliance with internal and external regulations or requirements and support during audits & certifications. |
Easy migration of data from other ISMS tools (e.g. GS-Tool, verinice), Microsoft-compatible export & import formats |
Fixed price**
9.800 € plus VAT. / year
**) Additionally book our Quick-Start support for a fixed price of 15.000€.
With LeanISMS Complete, you acquire a holistic solution for managing information security:
LeanISMS* Complete
All functionalities of LeanISMS Starter + |
Extended risk management incl. risk portfolio |
Assessments: Opportunity to capture and export audit results and to integrate them into risk and measures management |
Flexible ISMS report customization |
Integration of SharePoint, or Confluence for e.g. central structured document storage (certification-relevant documentation); if necessary, also with connection to archive |
Integration of Jira for e.g. ISMS measures management incl. release workflows and tracking of measures & tasks |
Integration of Tableau for ISMS dashboard und reporting |
Integration into the overall emergency management, if necessary, also integration with the existing prevention tool (e.g. Greenbone) |
Price upon request
*) LeanISMS Starter & Complete based on Smart360.
Lean ISMS Tooling
LeanISMS Starter & Complete support you in setting up and operating an ISMS. The basic requirements of ISO/IEC 27001 and other standards and regulations are fully supported by the functionalities.
ISMS Functions
Management of documents relevant to information security (specifications, proofs) |
Information security risk management e.g. according to ISO 27001 or ISO 27005 |
Management of information security measures (create, change, delete, assign) incl. tracking |
Inventory and classification of protection objects (asset management) incl. determination and inheritance of the protection needs |
Management of security incidents (Incident management) |
Vulnerability management |
Management of exceptions to safety targets (deviation management) |
Management of controls (standard and company-specific requirements) |
Creating and updating of Statement of Applicability (SoA) |
Conducting the gap analysis and audits / assessments based on ISO 27001 and ISO 27002 |
Evaluation of Information security compliance |
ISMS monitoring & reporting incl. ISMS dashboard |
Supporting evidence of awareness and training activities |
Cross-cutting Functionalities
SaaS |
Central database, generic metamodel – easily extensible and customizable |
A high degree of Integration e.g. ActiveDirectory, LDAP, SSO, Okta, Excel, Confluence, SharePoint, Jira, Tableau |
German data center (certified according to DIN ISO/IEC 27001) |
Security through automatic backups |
Regular updates (automatic) of software & infrastructure |
High availability |
Easy to use through web browser, operating system independent & future-proof |
Calculable constant costs |
Multi-user and multi-client capability |
Role-based authorization concept |
Historization, archiving and change history |
Microsoft-compatible export and import formats |
Predefined and easily configurable reports for protection requirements, threats, measures and their implementation status, incl. easy table-based maintenance |
Automatic quality check during import and easy error handling |