HiScout ISM
Software for Information Security Management (ISM) in accordance with ISO 27001/2
The HiScout ISM software is aligned with the requirements of the international family of the ISO 27k series and is a powerful motor for the development, continuous optimisation and certification of an Information Security Management System (ISMS). HiScout not only focuses on documenting the work results, but also supports users in their daily procedures by standardising and automating complex and distributed security processes.
ISM tool for large organisations with individual requirements
Individual work areas and evaluations
Customise the user interface for specific tasks quickly and easily, and distribute these via a direct link to the persons-in-charge. Define any tabular evaluations of the data and make them available in Excel format or via a link.
Use in highly regulated and critical environments
Versioning, historicization and individual release processes ensure that the change history is fully traceable and audit-proof. The HiScout authorisation system, with comprehensive roles- and rights control, protects your data from unauthorised access.
Client administration with a pre-configured authorisation system
HiScout client management is successfully used in complex organisations with numerous independent sub-units. Individually determine whether the data is to be used generically or only client-based. Clients and authorisations can be administered centrally or de-centrally and can be set up automatically.
A common data pool for ISMS, data protection and emergency management
The HiScout ISMS tool can be set up as an integrated management system with a common database. Use your organisational master data, protection requirement assessments, risk analyses and action planning generically across the HiScout ISM, HiScout Basic Protection, HiScout Data Protection and HiScout BCM modules.
HiScout technology is upgradeable and future-proof
The HiScout GRC Software is a browser-based multi-user application which does not require any installation on the client-side. 100% of the development and support are carried out in Germany. The data model and user interfaces of the HiScout Platform can be upgraded and expanded at any time without requiring programming skills, in order to reflect new and future requirements.
Newsletter
Exciting news and interesting facts on HiScout products and topics
Sign up for NewsletterImportant Dates
Important industry events, HiScout webinars and online seminars at a glance
To OverviewMapping and automation of individual security processes
Data collection using online questionnaires
Data is collected from employees and service providers directly on-site in an automated process and read-into the HiScout database after verification. You can create your own questionnaires with the HiScout Questionnaire add-on.
Automated security processes
Security incidents, risk analysis, protection requirement assessments, and tracking of measures can be supported via automated processes. Internal and external stakeholders are actively notified. You can define your own workflows with the HiScout Business Logic Engine.
Seamless integration in to the existing tool landscape
Incoming and outgoing interfaces of HiScout DataExchange merge data from different systems and ensure high data quality.
Role and process-focused reporting
Integrated live reporting for each work step provides the persons-in-charge with the latest information. You can create your own management reports with HiScout DocGen.
Additional wealth of knowledge thanks to the BSI-Basic Protection-Compendium
The HiScout ISMS tool contains the full functional range of the HiScout Basic Protection module and the current IT Basic-Protection-Compendium of the German Federal Office for Information Technology Security (Bundesamt für Sicherheit in der Informationstechnik or BSI). The basic protection modules are available to you as reference. In risk analysis, you can directly take over the threats and security measures stored in BSI.
ISMS tool for KRITIS
In cooperation with SEPRO Consulting and KIK-S, we have especially put together an offer for energy suppliers having operators of critical infrastructures. Click on ISMS4Energy for more information.
ISMS – Setup and certification of your information security management system in the PDCA cycle
The HiScout ISMS software supports you throughout the entire PDCA cycle. Your Information Security Management System (ISMS) must constantly be adapted to the changing processes within the organisation – including the new technology, newly discovered weak points and new legal conditions. The PDCA cycle, which originates from Quality Management is, according to William Edwards Deming, an established procedure to set up management systems and continuously improve them.
-
PLAN –Taking stock, defining goals and action planning
Management system basics
Store all sets of rules and regulations, the specifications agreed upon contractually and individual industry norms (e.g. SOX, Euro-SOX and BAIT) in one system. Central norms such as ISO 2700X and COBIT are regularly updated. Administer your company’s entire IT security organisation, process descriptions and meetings. -
DO – Implementation of the measures
Master data management and determining protection needs
Record and maintain your assets such as IT systems, applications, services and external service providers, as well as their logical and technical connections and dependencies. Determine the protection needs of the assets from the perspective of those responsible and have them passed on automatically along the recorded structures.Risk analysis and action planning
Risk analysis can be carried out according to common market standards such as ISO 27005, ISO 31000 or BSI 200-3, and can be adapted to individual needs. Classify the hazards into risk classes by specifying their probability of occurrence and amount of damage. Assign threats to the target objects. Then plan the necessary security measures, including expenses for integrated cost planning.Action management
For generic processes, the implementation of security measures is documented in the central action management via tracking and reporting. Role-based work areas, predefined workflows and automatic notifications, (e.g. for expiring implementation deadlines) help you in ensuring that the processing is reliable and time saving. Get a quick overview on the current status of the management system at any time.Handling security incidents
The control and documentation of security incidents runs in a fully standardised manner with HiScout, and is fully transparent. -
CHECK – Success control and monitoring goal-attainment
External audits and self-assessments
HiScout maps the entire audit and self-assessment process – from planning content and criteria, to recording the degree of fulfilment and any deviations – up to their treatment through measures. Clear and management-friendly reports of the entire audit process are created at the touch of a button. You can carry out the data collection de-centrally and automatically in HTML or PDF format with the questionnaire function in HiScout Questionnaire. -
ACT – Elimination of deficiencies and improvements
The cycle starts anew
Thanks to the high level of flexibility and adaptability of HiScout, continuous improvements in your procedures and security processes are quickly stored in HiScout. In contrast to statically implemented tools, you can carry out these changes economically and without programming efforts.
Product Sheet
You will find all the essential information on the HiScout ISM module here.
Request Now!Synergies
A common software for different management systems – saves time and effort.
Work more efficiently!