Description
Risk Analyses according to ISO27001 standard are directly executed within the CMDB
The ISMS add-on offers management of security documentation right where it belongs: Integrated with the CMDB. As IT documentation learns first which new components have been integrated or which changes have been made in the IT infrastructure. In order to manage the security assessment on a daily basis, the ISMS add-on enables risk identification and evaluation directly on the objects (IT assets, Configuration Items) in i-doit.
We think: Change processes are already complex enough! Both buying additional software and maintenance of redundant data can be avoided. Because of the native integration in i-doit the ISMS add-on uses essential existing functions like templates, bulk processing and of course reporting. The users can add their own information to the assets without having to change the underlying data model. For the last fine-tuning of your Risk Management Process the Documents add-on can integrate the data of the ISMS add-on. High-class formatted documents in Corporate Design prove high professionalism.
The basis for a successful ISMS is the IT documentation with i-doit.
You receive a comprehensive overview of the own (IT) infrastructure, the documentation data is used by different processes, which leads to high data quality.
Only three steps to ISO27001 standard conform documentation and risk assessment
- You carry out all matters of risk assessment directly in the context of the IT assets with the installation of the ISMS add-on already (e.g. Annex A of the ISO27001, “IT-Grundschutz Catalog” of BSI or the “IT Security catalog” of “Bundesnetzagentur”).
- The second step comprises individual definition of Risk Management in the company. This contains above all an adjustment of the catalogs stored in the ISMS add-on. Individual impact scenarios and measures are recorded and roles, responsibilities and rating scales are defined. The initial definition of reports completes this step.
- The third step is the actual start of Risk Management and the core task to fulfill the ISO27001 standard. Analysis and evaluation of assets as well as versioning and documentation guidance in the course of the PDCA cycle (Plan, Do, Check, Act) supported by the ISMS add-on are part of this step.
