Are you looking for ISMS software that allows you to implement requirements such as ISO 27001, BSI basic protection or NIS-2 in a structured manner? otris isms helps you to consistently manage responsibilities, specifications and evidence – so that information security remains effective in everyday life.
In the system: Inventory assets, link regulatory documents, and control and document ISMS activities.
In everyday life: Rate risks, manage measures and incidents, and keep the status traceable at all times.
For audits: Provide structured evidence, prepare for audits and provide targeted support for certifications.
You can centrally manage specifications, assets, risks, incidents and measures, and document everything in a traceable manner – for evaluations, audits and certifications.
otris isms creates transparency in information security. The introduction is designed to be practical – so that you can build your ISMS in a structured manner and then develop it step by step. With otris isms, you can establish and control company-wide ISMS processes, manage important assets, evaluate risks, document incidents and measures, and create clear evaluations (e.g. SoA). Intuitive operation, clear structures, individual workflows and automated processes facilitate the daily work of your internal and external ISMS data controllers.
You can consolidate all information, processes and controls on a single platform – a key advantage of a web-based ISMS. Thanks to its central database, otris isms ensures that all parties involved have access to the latest information. This means that responsible employees are always able to provide information.
otris isms features integrated document control for guidelines, concepts and evidence. Documents are created, versioned, approved and distributed in a targeted manner. Monitoring functions document acknowledgement and highlight the need for action at an early stage.
With otris isms, you can record your assets in a structured manner – including networking, protection requirements and individual attributes. The system identifies critical assets based on a protection requirements analysis. During modelling, you link assets to specifications so that the system can automatically derive risks and measures.
Security incidents are recorded, documented and centrally managed in a structured manner within the system. otris ISMS supports clear workflows for reporting, Rating, handling and tracking incidents. Responsibilities are clearly assigned, and reporting obligations to external authorities are simplified.
otris isms integrates an established risk management system that supports the hazard rating. The probability of occurrence and potential damage are assessed in a comprehensible manner. Based on this, appropriate protective measures can be derived and documented.
The audit function automatically documents findings and converts them into measures for remedying weaknesses. It also enables individual checklists to be sent out with system support. Responses are possible even without system access, and results are evaluated automatically.
Task management is the central task and control management system, including monitoring functions. Tasks and controls are delivered centrally via the employee cockpit. Processing can be monitored by data controllers and documented in a traceable manner.
The ISMS tool supports your company with content packages for certification according to current standards. It includes catalogues for ISO/IEC 27001 and the BSI’s IT Baseline Protection Compendium. Additional content packages (VDA-ISA, B3S, CISIS12®) can be integrated according to your requirements.
otris isms simplifies new and recertifications. The software is multi-client and group-compatible and can be individually adapted to your requirements. We integrate industry-specific content, your own performance indicators and processing and evaluation procedures into the solution as required.
„The ISMS software from otris was a great help in preparing for our certification.“
Whether you are protecting information assets, complying with NIS-2 or seeking certification: otris isms supports you in setting up, operating and continuously developing your ISMS – based on established requirements. This allows you to establish information security as a practical component of your governance.
Whether you are an external security consultant serving multiple clients, working in a company or public authority, or managing the information security of a corporation as part of a team, otris isms adapts to your requirements. The software is multi-client capable and suitable for mapping multiple organisational units and information networks. This means that your ISMS remains consistently controllable even as your structures grow.
A differentiated access concept allows you to define roles and rights – depending on requirements for groups or individual ISMS data controllers. Browser-based access to the central system promotes collaboration and ensures a uniform level of information. You can direct information processes – such as the editing or publication of guidelines – to specific user groups. Checklists can be edited externally: as an encrypted HTML questionnaire that is automatically processed in the system after it has been answered.
There are three software editions to choose from, allowing you to tailor the range of functions to your needs. Standardised extensions and supplementary modules enable you to expand the system flexibly. If you have additional requirements, otris can implement a customised solution tailored to your needs. Existing systems can be connected via bidirectional REST interfaces, for example.
All logged processes and documented information can be evaluated flexibly. The independently configurable dashboards provide a quick overview of all essential ISMS processes and lead directly to clearly presented detailed information. Supplementary report queries are available for both the entire ISMS (e.g. SoA) and at object level and can be generated as reports (e.g. Excel, PDF).
You are free to choose whether you want to use the ISMS software in the cloud or on-premises. On-premises means that the system is operated on your company’s own IT infrastructure. With the cloud version, you access the servers of a secure, certified data centre (location: Germany). In both cases, you use a web browser to work with the software.
When using otris isms in corporate structures, scalability and clear responsibilities are particularly important. The solution supports the mapping of multiple organisational units and information networks and enables a differentiated role and access concept for teams, departments and data controllers. You can also choose the appropriate operating model – cloud or on-premises – in line with your IT strategy. Standardised interfaces facilitate integration into existing processes and systems, while dashboards and reports provide structured evidence for management, audits and supervision. Collaboration with external parties can also be controlled, e.g. via structured, editable checklists.
„We are very satisfied with otris – both with the system and with the advice.“
To offer you a solution that suits your requirements, there are three editions and functional extensions to choose from.
Management of assets, risks and measures based on common catalogues and standards (e.g. ISO 27001). Protection needs analysis. SoA. Management of IT security incidents.
Extended range of functions for larger organisations and corporations. Adaptable to company-specific requirements and processes. Standardised interfaces.
In addition to STANDARD
Maximum functionality for integration into business processes. Customisable to meet company-specific requirements and interfaces.
In addition to ENTERPRISE
Requirements in compliance, data protection and information security vary significantly depending on the Organisation – this is evident from feedback from projects and initial discussions. That is why the otris compliance SUITE can be combined as needed and, if necessary, supplemented with specialist solutions from the otris legal SUITE and the otris privacy SUITE. The result is a platform that fits into your governance and grows with your responsibilities.
otris isms supports organisations in establishing a structured ISMS (information security management system), operating it effectively and continuously developing it further – based on the requirements of ISO/IEC 27001:2022 and the BSI IT-Grundschutz Compendium. The focus is not only on meeting standard requirements, but also on a practical combination of governance, Risk management, compliance and operational implementation.
With otris isms, you can define the scope of your ISMS as an information network, analyse and document the organisational and regulatory context, and the resulting information security objectives, guidelines and roles in controlled documents. This creates a robust foundation for an effective ISMS – tailored to business objectives and risks.
otris isms centrally provides relevant standards and specifications catalogues (e.g. ISO/IEC 27001, BSI IT-Grundschutz) as well as threat and document templates based on them. For the defined information network, the assigned specifications can be rated in terms of applicability and effectiveness and documented in a traceable manner.
Assets can be recorded both within otris ISMS and via import templates – including networking in preparation for the protection needs analysis. Assets can also be enriched with customer-specific information.
otris isms supports various configurable process models for assessing and inheriting protection requirements. Protection objectives such as confidentiality, integrity and availability are recorded and rated in a structured manner. The protection requirements analysis results in a list of critical assets for further analysis.
Risks can be systematically identified, rated and addressed both across the entire network – based on the threat catalogue – and at asset level. Risk management measures are derived in line with specifications, responsibilities are clearly assigned and the implementation status is tracked transparently. In this way, otris ISMS supports informed decisions and risk-oriented management of information security.
As part of asset modelling, the requirements to be met are assigned to the corresponding assets. Compliance with requirements is determined automatically, for example, on the basis of binding documents assigned to the asset.
Unmet requirements automatically lead to the assignment of corresponding risks, which are identified and further considered as part of the risk analysis.
Documented rules linked to specifications, as well as their verifiable publication and distribution, are essential components of an ISMS. otris isms includes comprehensive document control – from editorial creation and approval routines to functions for publication, targeted delivery and acknowledgement monitoring.
External and internal audits as well as incidents are consolidated in otris ISMS. The solution supports question-based audits both internally and at suppliers and service providers. Audit findings are systematically documented, measures are derived and tracked until their implementation has been verified.
Central evaluations such as SoA, IT baseline protection check, guideline currency, guideline confirmation level and task management performance indicators are available to provide verifiable documentation of the established information security management system. This means you can provide information at any time – to management, auditors and supervisory bodies.
ISMS software helps you to organise information security in a structured manner. It maps central ISMS components such as specifications, assets, protection needs analysis, risks, measures, documentation and evaluations in a single system.
ISMS software provides clarity and traceability in information security management. It supports clear responsibilities, standardised processes and consistent documentation – so that you can evaluate and document the status of your ISMS topics at any time.
otris isms supports you in implementing requirements, creating and managing relevant documents, and preparing and tracking audits and measures. This allows you to build up evidence in a structured manner and make it available for audits.
otris isms can be integrated into existing structures and supports connection to other systems via interfaces. This allows information to be used consistently and processes in the ISMS to be specifically embedded in your system landscape.
Greater security, organisation, clarity and control in information security: as an ISMS software provider, we have already supported many customers. We look forward to receiving your inquiry for a guided, no-obligation demo of our ISMS solution. Request your guided demo now!
