The age of digital transformation poses specific challenges for companies in terms of information security. It is crucial to understand – building an ISMS is a continuous process that needs investment in people and technology and must be implemented and improved continuously.
With the help of Infopulse Standards Compliance Manager (GS Tool alternative), you will follow a clear-mapped and easy-to-run path to set up ISMS security based on the methodology of the ISMS Standards 200-1, 200-2, 200-3 developed by the Federal Office of Information Security (Germany).
Challenges the company may face while setting up a list ISMS:
- Top management commitment and support;
- Raising awareness and security culture;
- Resourcing ISMS implementation (train, recruit, procure);
- Systematic development of an ISMS process enabling further ISMS certification;
- Continual improvement of ISMS;
- Certification procedures.
Infopulse SCM, as an automated ISMS solution, entirely supports IT Grundschutz workflow and requirements for building an ISMS. With SCM Bot “Helga”, the onboarding process and initial steps will be significantly simplified. Moreover, SCM automates compliance related routine, i.e., receiving notifications, tracking changes in the concepts, generating reports in time. The main goals of SCM are to optimize the process, save time and resources, and improve the quality during the implementation and further stages – a single platform for all compliance and data consolidation, and effective task management.
BSI IT-Grundschutz in Practice: Holistic Concept to ISMS
With Infopulse SCM and IT-Grundschutz Compendium, structured in ten layers, you will be able to establish a comprehensive framework for different types of ISMS that can be scaled to your organization’s needs. In the system, you will access all requirements and all the instructions in the form of building blocks.
Moreover, you will automatically receive new updates and changes and will be able to migrate with one click to each new version of BSI IT Grundschutz Compendium.
Three Approaches to Building an ISMS Predefined by IT-Grundschutz
In 200 Standards’ Series, three directions for planning and building ISMS are clearly outlined: Basic, Core, and Standard protection. Depending on your priorities and needs, you can choose three directions of Grundschutz implementation in Infopulse SCM and promptly switch between them:
Three Aspects to Achieving Compliance with BSI IT-Grundschutz
During this phase in Infopulse SCM, the user will be able to:
- Define an Asset Set and make an inventory compliance checking of all your assets or groups of assets;
- Automatically get a hierarchical structure of your asset scope by types of assets and visualize the connections between them;
- Determine protection needs and automatic inheritance of protection requirements based on the maximum principle (incl. cumulation and distribution effects);
- Use six standard damage scenarios and determine custom ones and inventory analysis methods;
- Define additional custom protection goals apart from integrity, availability, confidentiality, e.g., industry-or company-specific aims;
- Add additional attributes to your assets with the help of custom fields and generate inventory analysis reports;
- Visualization of assets in a tree or table view. Use a variety of table options with the ability to manipulate, arrange, bulk-edit, sort, filter, and to export the data in Excel or CSV formats.
Modelling & Compliance Check
During compliance checking, you will be able to define and model the security requirements and safeguards your assets should comply with. Furthermore, prepare and execute the compliance check.
- Automatic assignment of IT-Grundschutz modules, recommended requirements, and controls;
- Monitoring of the implementation status of defined controls, requirements, assets;
- Bulk-editing of data, e.g., changing the realization status of requirements and controls for multiple assets;
- Assignment of people responsible for task realization and controlling;
- Data visualization from different perspectives using various options in a table view (e.g., grouping by IT-Systems with not implemented data backup requirements).
Infopulse SCM fully covers the following quantitative risk analysis aspects:
- Qualitative risk analysis according to IT-Grundschutz standard 200-3 that provides a more straightforward methodology as compared to traditional risk analysis methods;
- Automated risk analysis for assets with high and very high protection requirements;
- Available risk catalogue based on BSI G0 list with 47 elementary threats, and possibility to create custom threats;
- Risk matrix (4×4 or 5×5 dimension) to show the frequency of occurrence, impact of damage and risks;
- Assigning additional controls to threats and its monitoring, plus the connected requirements.
- Standard reports generation (A1-A6) according to IT-Grundschutz;
- Framework for covering industry-specific security standards (B3S) as well as IT-Grundschutz profiles.
Bring your business to the next level of compliance with Infopulse SCM!
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.