Start Immediately

BSI- compliant pre-configuration, BSI-Basic Protection Compendium and data import from the GSTOOL

  • The current BSI Basic Protection catalogues and HTML descriptions are integrated into HiScout. New versions of the basic protection compendium can be introduced step-wise at the desired time. In addition, you will receive a structured overview of the new and changed basic protection requirements from the newly published compendiums editions.

  • HiScout contains pre-configured views and reports, which expedite the implementation of basic protection and deliver presentable results in a quick manner.
  • Data from GSTOOL, CMDB, Excel and other systems can be imported into HiScout easily or can be integrated via a dynamic XML interface.

Work effectively

Automated questionnaire dispatch, non-redundant security concepts and Basic Protection-Cockpit

  • Data is collected from employees and service providers directly on-site and read-into the HiScout database after having been verified. You can create your own questionnaires with the HiScout Questionnaire add-on.
  • Services and basic services provided by external service providers can also be embedded into the security concepts.
  • A glance at the graphical evaluations of the basic protection cockpits keeps you continually updated on the current status of your information security system.

Simply Update

Comparison and parallel use of different BSI IT-Basic Protection Compendium editions

  • Newly added compendium content is displayed in a clear manner and is made available for processing.
  • In case of technical requirement changes, the evaluations from the previous version are taken over and need only be checked and supplemented if required.
  • Single information networks can be upgraded to the next compendium edition independent of one-another.

Safe Certification

Setup of certification documents to a certifiable ISMS at the touch of a button

  • Create the documents required for an ISO 27001 certification on the basis of IT-Basic Protection at the touch of a button. This includes documentation management and versioning for guidelines and IT documentation.
  • The IT-Basic Protection tool goes far beyond the BSI-requirements and enables you to administer your own security regulations and handling of security incidents. IT-Basic Protection can be seamlessly upgraded to a certifiable management system based on ISO/IEC 27001, with the information security management component HiScout ISM
HiScout GRC News

Newsletter

Exciting news and interesting facts on HiScout products and topics

Sign up for Newsletter
Kalender Icon für HiScout Termine

Important Dates

Important industry events, HiScout webinars and online seminars at a glance

To Overview
Glühbirne Icon für HiScout Magazin

Magazine

Read all our HiScout articles, publications and press releases
(available only in German language)

To the Topics
HiScout Mitarbeiter am Telefon, um über GRC Tools, BCM, ISMS, Grundschutz und Co. zu sprechen
©
Friends Stock – stock.adobe.com

Advising services at eye-level

We are experts in the field of basic protection! Let us collectively find the best solutions for your organisation.

+49 (30) 33 00 888-0
sales@hiscout.com

Step-by-step to certified IT-Basic Protection

  1. Hierarchical information networks and security concepts

    First of all, all the components which are relevant to the IT-basic protection of the information networks such as processes, applications, IT systems, industrial control systems networks, locations and generic aspects, are defined. The networks can be arranged and evaluated hierarchically. Each level can represent a different issue e.g. processes and procedures, security concepts and organisational structures. Each hierarchy can be evaluated separately, e.g. in order to create an overview of all security concepts at the Berlin site.

  2. Structural analysis with centralised and decentralised target objects

    In the structural analysis, all components of the information networks and processes, as well as security concepts are recorded and linked in their mutual dependencies. Assets or complete networks can be made available as a service or basic service in large organisations with distributed working. Sub-organisations can book these services, link them to their own security concept and use them as an own target object, with the stored level of protection. The responsibility for the basic protection check- and risk analysis lies with the provider; redundancies in security concepts are avoided.

  3. Assessment of protection requirements with automatic inheritance

    HiScout focuses on the information to be protected and inherits the identified protection requirements alongside the IT structure, in accordance with the individual target objects. It thereby considers the individual target objects that observe the cumulative effects which occur.
    The mandatory protection requirements are compared to the agreed protection in case of offered or purchased services, in order to disclose any gaps in the protection coverage. Inheritance paths and origin are displayed transparently for each target object.
    Protection requirements, protection requirement classes, damage scenarios and other parameters can be individually customised.

  4. Automatic modelling in accordance with IT-Basic Protection

    Relevant security requirements of the target objects are determined during modelling. This is required in order to evaluate the security of existing processes as well as those in the planning stage. BSI Basic Protection Compendiums and individual components can be maintained and modelled in HiScout Basic Protection. You can also store your own standard modellings for freely-definable target object types and automatically apply them.

  5. Basic Protection check with the Questionnaire function

    The individual security requirements of the basic protection components are automatically taken over. A tabular overview with graphical display shows the progress of the basic protection, core protection and standard protection and provides a quick overview of all modelled requirements of the basic protection compendium. Existing basic protection checks are integrated automatically or manually, as required. The implementation status for requirements, target object and network are clearly documented in a reporting.

  6. Risk analysis with action plan

    The HiScout risk analysis is carried out in three steps – risk overview, risk classification and risk treatment. The threats can be taken from the existing components and be enhanced manually. Using a risk matrix, the gross and net risk per hazard is automatically calculated based on the frequency of occurrence and impact. The evaluation levels and the resulting risk classes can be freely adapted to the requirements of the respective organisation. The implementation status of the measures is displayed transparently in the target objects and can be incorporated into the risk assessment. The measures are transferred to the basic protection check after the approval of the risk action plan. Risk analyses, which are no longer valid, are archived for future checks. The HiScout risk analyses fulfils the requirements for BSI standards 200-3 and 100-3, including suggested measures based on the cross-reference tables for the IT-Basic Protection Compendium.

  7. Certifiable reference reports

    The reference documents A1-A6, based on BSI standard 200-2, are created at the touch of a button and are immediately available for download. All reports can be customised according to individual specifications and company design if Customizing has been commissioned. The HiScout live reports are automatically displayed and updated.

Use BSI IT- Basic Protection Compendiums in parallel

You not only have the option of creating security concepts for various BSI compendium editions in HiScout Basic Protection, you will also receive a structured overview of new and changed basic requirements from our newly published compendium editions.

Client Management with a pre-configured authorisation system

In large organisations, companies and authorities, hierarchical structures with clients and sub-clients can be documented, and can access a HiScout instance. The data can be used generically, or client-specific. The clients and authorisations can be administered in a centralised or decentralised manner and can also be setup automatically. The HiScout authorisation system protects unauthorised access to the data and ensures data sovereignty, as well as confidentiality of the client. HiScout Client Management is used successfully in complex organisations with numerous independent sub-units.

A data pool for basic protection, data protection and risk management

The HiScout Data Protection can be extended to an integrated management system with a common database. A beautiful example of the interaction of the HiScout Basic Protection, HiScout Data Protection, HiScout ISM und HiScout BCM modules: the basic protector becomes active and surveys the processes as well as the required applications. The Emergency Manager is delighted with the collected data and uses it for the Business Impact Analysis. Meanwhile, in the directory of the processing activities, the data protector uses the currently maintained master data to record what data is processed by which application. The basic data protector can incorporate this information into its process analysis to assess the protection requirements.

HiScout technology can be upgraded and is future-proof

The HiScout GRC software is a browser-based multi-user application, which does not require any installation on the client-side. 100% of the development and support are carried out in Germany. The data model and user interfaces of the HiScout platform can be upgraded and expanded at any time without requiring programming skills, in order to realize individual requirements of our clients. We are in regular dialog with our user groups and stakeholder forums, and jointly align our development goals with practical needs and future requirements. HiScout Data Protection can be combined with other HiScout add-ons such as HiScout Questionnaire, HiScout Business Logic Engine, HiScout DataExchange and HiScout DocGen to include customized processes, questionnaires, workflows, reports and database connections.

Questionnaire

A smart add-on which saves you lots of time and work.

Discover Now!

Product data sheet

Find all essential information on the HiScout Basic Protection module here.

Request Now!

Synergies

A software for different management systems which saves time and effort.

Work more efficiently
HiScout Magazin
©
Flamingo Images – stock.adobe.com

Good to know!

Get the latest news and interesting facts related to HiScout products and topics. You will find fascinating reading material in our magazine.

Magazine
No cookies requiring consent are used on the HiScout website. By continuing to browse the site, you agree to the use of other cookies. Website visits are analysed anonymously and in compliance with data protection regulations using the web analysis tool Matomo. Further information can be found in our privacy policy.