Skip to content

ISMS Add-on Documentation

What is the ISMS Add-on?#

The ISMS add-on for the i-doit CMDB is a powerful extension for information security management. It supports you in implementing ISO 27001 certification and offers comprehensive features for risk management, measures management, and compliance.

Benefits of the ISMS Add-on#

  • Direct integration into IT documentation
  • Support for the ISO 27000 series of standards
  • Creation of reports such as risk matrix, Statement of Applicability (SoA), and Risk Treatment Plan (RTP)
  • Import of threats, vulnerabilities, and measures from external catalogs
  • Ideal for KRITIS, BSI default 200-3, and other security standards

System Requirements#

The ISMS add-on requires a functional i-doit installation. This documentation refers to the current version of the add-on unless otherwise stated.

The ISMS add-on consumes licensed objects

The ISMS add-on uses approximately 2015 licensed objects, see Import. Make sure that your i-doit license contains enough licensed objects to be able to use the add-on.

Download and installation#

This add-on can be installed afterward. Detailed descriptions regarding download, installation, updates, etc. can be found in the article i-doit Add-ons.

How to Use the ISMS Add-on#

  1. Define assessment criteria
  2. Define damage scenarios
  3. Configure risk classes and risk formula
  4. Create measures
  5. Identify and assess risks
  6. Assign and monitor measures
  7. Create reports

Go to setup

Object Types and Features of the ISMS Add-on#

New Object Type Group "ISMS"#

When the ISMS add-on is installed, a new object type group named "ISMS" is created in i-doit. This group includes new object types.

CSV Import and Customization#

CSV import files are available for several of these object types to quickly and efficiently import data. You can customize all objects and object types in i-doit to your individual requirements as usual.

The ISMS add-on also supports consideration of location rights to ensure secure and flexible rights management.

Reports for Evaluation and Documentation#

Additionally, the ISMS add-on installs several reports that enable extended evaluation and documentation of the information security management system.

Assigning rights#

The ISMS add-on comes with new rights that you can configure in the i-doit rights management. These rights control access to risk classes and risk calculation.

Go to setup ->