ISMS module of the Cybervize platform

ISMS software for ISO 27001 and NIS-2, built for the European mid-market

ISMS operations with organisational structure, BIA, incident management, asset inventory, dual risk assessment, measure tracking and Statement of Applicability — in one platform, sharing data with BCM, TPRM and Assessment. Hosted in Germany.

Request an ISMS module demo

What the ISMS module covers

The ISMS module implements ISO 27001:2022 as an operating system. No Excel spreadsheet, no Word manual, no consultant-hour model for routine maintenance.

Organisational structure

Scope, roles, ISMS committee, responsibility matrix. Default templates per ISO 27001:2022 or customisable to existing organisational charts.

Asset inventory with dependency graph

Assets, asset owners, data classification, dependencies across applications, servers and suppliers. Cross-module data flow to BCM (BIA) and TPRM (supplier risk).

Dual risk assessment

Inherent vs. residual risk with measure linkage. Likelihood and impact per customer-specific matrix. Acceptance workflow with four-eyes principle.

Measure tracking and Statement of Applicability

ISO 27001 Annex A controls from assessments or audits, measure maintenance, deadline and responsibility tracking. Statement of Applicability auto-generated.

Incident management with reporting obligations

Incident registration, classification, escalation. GDPR 72-hour deadline, NIS-2 reporting obligations (24h early warning, 72h incident report, one-month final report), KRITIS reports. Templates with data fields for the responsible authorities.

Management review and reporting

Auto-populated KPIs from live ISMS operations. Templates for board reporting, supervisory board, auditors and insurers. Snapshots for auditors with revision-safe versioning.

Standards and frameworks covered by the ISMS module

The ISMS module covers the ISO 27001 family and integrates the complementary standards relevant for DACH. No fragmented multi-tool architecture.

ISO/IEC 27001:2022 as the main standard including Annex A and Statement of Applicability
ISO/IEC 27002:2022 as control reference
NIS-2 minimum measures per German BSIG § 30, mapped to ISO 27001 controls
GDPR obligations (TOMs, processing records, 72-hour reporting) integrated
BSI IT-Grundschutz: building blocks via OSCAL import from the Assessment module
KRITIS reporting obligations per BSIG § 8b and § 8c
DORA-relevant controls for financial service providers

Who the ISMS module is built for

Three constellations in which the ISMS module replaces the Excel-Word-SharePoint approach economically.

Mid-market companies before first ISO 27001 certification

200 to 500 employees, NIS-2 affected, wants to certify rather than just be compliant. ISMS module plus vCISO as adoption path. Audit-ready in 6 to 9 months, ongoing operation via the platform.

Enterprises with existing ISMS and tool migration

Existing Excel/Word/SharePoint solution grown organically, multi-site hard to map, auditors challenge revision safety. Migration via the Assessment module: existing controls imported, gaps flagged, maintenance from day 1 in the platform.

Consultancies with multiple clients

vCISO consultancies with 5 to 30 clients need multi-tenancy without mixing data. ISMS module with strict tenant isolation, RBAC for cross-client consultant view, without cross-contamination.

ISMS is one module of the Cybervize platform

The ISMS module shares the data layer, permission model and audit trail with the BCM module (Business Continuity, ISO 22301), TPRM (Third-Party Risk Management per EBA) and Assessment (OSCAL import). There are no mandatory modules: licensing is modular, modules build on each other without forcing each other.

See the full platform

FAQ about the ISMS module

What is the difference between an ISMS tool and an ISMS platform?▼

An ISMS tool is stand-alone software covering only the information security management system. An ISMS platform integrates ISMS with related disciplines such as BCM, TPRM and Assessment on one data layer. Benefit: BIA data automatically validates BCM plans, Assessment gaps generate ISMS measures, critical suppliers create BCM threat scenarios. In a pure ISMS software, these links only happen via manual synchronisation or not at all.

Which ISO 27001 version does the ISMS module support?▼

ISO/IEC 27001:2022 as main standard, including Annex A with 93 controls in four theme areas. Migration from 2013 implementations is supported via mapping templates. ISO 27002:2022 serves as control reference.

How does the ISMS module support NIS-2 concretely?▼

The ten minimum measures per German BSIG § 30 are pre-configured as mandatory controls and mapped to ISO 27001 Annex A, so no duplicate effort. The NIS-2 reporting obligations (24-hour early warning, 72-hour incident report, one-month final report) are built into the Incident Management workflow. For the board there is a management briefing template covering liability and effectiveness control. The legal assessment of NIS-2 affectedness remains with a law firm; the ISMS module delivers the operational implementation.

Can we migrate existing ISMS content from Excel or Word?▼

Yes, via the Assessment module with OSCAL import. Existing controls, risks and measures are imported in a structured way, gaps automatically flagged. Typical migration from a grown Word/Excel ISMS takes six to ten weeks, including handover to internal responsibilities.

Who can operate the ISMS module without external consulting?▼

Organisations with their own ISO or CISO who already have ISO 27001 practice operate the module independently after a two- to four-week onboarding phase. Organisations without in-house ISMS practice get the ISMS module bundled with a vCISO or as an onboarding project. Both paths are documented; the platform does not block self-service.

Where is the ISMS hosted?▼

Hosting and data processing exclusively in Germany with a German provider. AI models are operated in sovereign mode without data sharing with external model providers. GDPR-compliant with full JSON data export and scheduled data deletion.

Memberships, programmes and partnerships

Standards and frameworks covered by the ISMS module

The ISMS module covers the ISO 27001 family and integrates the complementary standards relevant for DACH. No fragmented multi-tool architecture.

ISO/IEC 27001:2022 as the main standard including Annex A and Statement of Applicability

ISO/IEC 27002:2022 as control reference

NIS-2 minimum measures per German BSIG § 30, mapped to ISO 27001 controls

GDPR obligations (TOMs, processing records, 72-hour reporting) integrated

BSI IT-Grundschutz: building blocks via OSCAL import from the Assessment module

KRITIS reporting obligations per BSIG § 8b and § 8c

DORA-relevant controls for financial service providers