An information security management system (ISMS) comprises standardized procedures and policies, and specified measures, to protect corporate assets and minimize risks.
With Intervalid ISMS, you get a secure, all-in-one solution, enabling easy implementation of information security procedures within your company, saving time, money and human resources, and giving peace of mind. Incorporation of Intervalid ISMS also means your company will be ready for certification according to industry standards such as ISO 27001, BSI IT-Grundschutz, VdS 10000, TISAX®, ISIS12/CISIS12, B3S, NIST u. v. m. B3S.
Increase productivity by making use of the system's extensive templates, enabling you to meet regulatory requirements from the outset, without needing to start from scratch.
The software includes all mandatory documents for a certification according to ISO 27001 & further helpful documents.
In addition, the tool includes contingency planning and ensures your business continuity management (BCM).
Contact us for a live demo, a free trial or your personalized offer.
*TISAX® is a registered trademark of the ENX Association. Intervalid GmbH has no business relationship with ENX. The naming of the TISAX brand is not associated with any statement by the brand owner on the suitability of the service advertised here.
To establish an ISMS at your client, you decide at the beginning which standards or guidelines you want to follow. To do this, you select current, standardised templates for ISO 27001, BSI IT-Grundschutz, VdS 10000, TISAX®, ISIS12/CISIS12, B3S, NIST and many more. All requirements, responsible employees, the current progress as well as the associated tasks are clearly displayed in a screen. With this function, you control the entire ISMS process of your client. All requirements, responsible employees, current progress, as well as associated tasks are clearly displayed on one screen. This function allows you to control the entire ISMS process across your company.
When implementing an ISMS, the cooperation of all departments is crucial for success: Set tasks, including deadlines and distribute them to the responsible employees. Each user has their own task list and the current project status is visible at all times. This means all employees are actively involved in the process.
To minimize security risks within your company, employees must be made aware of both the risks and the appropriate procedures they are required to follow. To achieve this, sample templates are available to create the necessary policies and processes for your organization. These form the foundation for ISMS implementation, as they will be followed by all employees. The documents should be regularly maintained and kept up to date, to ensure consistent and structured implementation throughout your organization.
This function allows you to capture and group your assets in a structured register. To make this process as efficient as possible, you can either use a template or import the data. You will need to define a responsible person (owner) for each asset. The workflow can then be used to log new assets or to report changes to existing ones. The technical and organizational measures (TOMs) can be set out either via a template or in a personalized form for your company. The register is clear, multilingual, easy to use and offers customizable selection options.
This is where the level of protection for each of your assets is determined. Business-critical assets, particularly those of high importance to your company in terms of information security, are identified. The responsible employee assesses the protection level required for each asset with the help of predefined risk levels. This lays the foundation for risk analysis.
This step initiates a risk analysis for all assets that require a high level of protection. You will receive a number of sample templates and questionnaires for this purpose, and will be guided systematically through the process in order to identify the potential hazards. Next, you can determine the risk and obtain recommended measures to address such risk. After prioritization and cost estimation, the result can be forwarded to the management for approval.
Conduct a business impact analysis to identify those business processes that are business critical for your organisation. You will be guided through the process with assistance. As a result, you will see the maximum tolerable downtime and recovery time for your assets. In the next step, create the recovery plan for the critical processes. The final emergency plan is created at the push of a button.
Create daily updated reports for internal or external purposes (e.g. audits, management reports, SoA, etc.) in the simple click of a button. The data can be exported via a CSV or a PDF file. This function allows you to monitor the current information security status of your company at any time, with all security incidents being documented transparently. The dashboard is configurable according to your requirements and provides a broad overview of the most important key data.
Use this function to respond to security incidents correctly and quickly: Record the key data, analyze the incident, inform all relevant departments in a timely manner and take preventive measures.
Obtain information about the current knowledge levels of your employees via a template survey or a customized one. Once the survey has been completed, Intervalid produces a clear summary of the results, allowing you to see where there might be gaps in the employees' knowledge. This function can also be used to easily confirm that the employees have read and acknowledged the relevant policies.
Create templates for your corporate documents such as information security reports, policies, contracts and more. Numerous formatting options are available for this purpose and you can also use variables to automatically insert content into the document. The documents can then be forwarded to the responsible user for editing or approval. In this way, you are able to manage your company documents centrally, are always aware of their status and can make them available to your employees.
Questionnaires can be used to obtain important company information quickly and efficiently. In particular, they can aid in documenting security incidents, carrying out risk analysis and classifying assets. You can also create customized questionnaires to meet your own company's needs. Forms can be particularly helpful when introducing new assets or making changes to existing ones. This information can then be transferred directly to the register.
Supplier audits are used to check new or existing suppliers and processors in terms of information security compliance. The details of the contact person at the business partner will be entered and stored in the system and you can then send them a questionnaire or fill it out internally. After the form has been completed/returned, you can distribute tasks as required and complete the audit. Finally, a date can be set for the next audit.
The establishment of an ISMS does not come to an end once the requisite measures have been implemented. It is a continuous process according to the Plan-Do-Check-Act method and therefore the effectiveness of the ISMS must be assessed regularly. Use the system's monitoring features to carry out an internal audit or to prepare for certification. Run through your business processes regularly, optimize if necessary, identify new risks and thus continuously minimize your business risk.
Get in touch to experience the benefits of Intervalid ISMS
Get in touch to experience the benefits of Intervalid ISMS