For small and medium-sized companies, the Netzwerk für Informationssicherheit im Mittelstand (Network for Information Security in medium-sized Companies) (NIM) has developed an ISMS light: ISIS12 – Informations Sicherheitsmanagement System (Information Security Management System).
Tailored to medium-sized companies
The development of ISIS12 by NIM – which is made up of 9 companies and 2 universities – was funded by the Bavarian State Ministry for Economic Affairs, Infrastructure, Transport and Technology.
The Bavarian IT Security & Safety Cluster has assumed network management.
ISIS12 consists of a 12-step workflow for the introduction of an easy-to-establish information security management system, specifically tailored to medium-sized companies.
It comprises an easily comprehensible instruction that is accompanied by trained ISIS12 consultants. For the integrated management approach, ISMS and IT-SM are linked. The procedure can be used as a possible precursor to ISO/IEC 27001- or a BSI IT basic security certification.
With ISIS12, medium-sized companies are provided with an ISMS-light with integrated ITSM that has been specifically developed for their requirements.
The security concept to be established is based on proven standards for information security, but was appropriately adapted to render it suitable for medium-sized companies. A specially developed software tool supports the user during the ISIS12 workflow, documents the work rendered and can be used as tool for performing internal audits.