ISMS according to ISO 27001
Comprehensively protected
with BIC Information Security
Information is one of the most valuable assets in any company. That’s why you need to protect it in a complete, proper manner. ISO 27001 outlines a set of rules and policies that every company can use as the foundation for a future-proof information security management system. With BIC Information Security, you can quickly build an ISMS that conforms to leading standards – without the need for complex Excel applications.
Companies from all over the world trust us
Bank on state-of-the-art technology to map your ISMS in line with ISO 27001
Save valuable time with BIC Information Security, the #1 ISMS software and enjoy the benefits of a professional, automated ISMS tool. The software based on ISO 27001 offers role-based permissions and uniform, standard-compliant processes. Reports and dashboards clearly display critical metrics for information security as well as any current areas where action needs to be taken. The automatically generated statement of applicability (SoA) keeps you informed on the current level of maturity of the ISMS.
Standardized. Secure. Smart.
The next step for your information security management: BIC Information Security provides a fast, professional way to digitalize your ISMS processes in line with ISO 27001 in an intuitive ISMS software that raises your information security to the next level.

Interactive dashboards
The central gateway for all users is the dashboard, which presents a comprehensive view of status information as well as metrics on risk analyses, measures, and proofs of effectiveness. Users can access their own to-do lists here as well. The CISO and senior management receive a clear overview of all the information that is of relevance to them, including any recommended actions.
As the central starting point, the dashboard offers all users exactly the information they need according to their defined permission levels. The intuitive navigation of the software solution guides users to the desired reports or tasks that need to be completed. With BIC Information Security, you get a GRC tool that saves a great deal of time in administrating and controlling information security processes.
Predefined reports
Using the comprehensive analytic capabilities in the BIC Information Security software solution, you can create reports that visualize information in a compact, appealing design. The statement of applicability (SOA), for example, presents a complete summary on the appropriateness and maturity of the controls listed in Annex A of ISO 27001 and the respective measures that have been implemented within the company.
These reports can be generated anytime for management reviews as well as internal and external audits at the touch of a button without having to merge information from various Excel spreadsheets or other sources. Since all data from the reports in BIC Information Security is stored in an audit-proof archive, you can easily utilize it to compare individual risks over longer periods of time.


Workflow-driven support for recording risks and measures
Workflows are defined for the entire ISMS to support users throughout the recording process. These workflows are based on an authorization system and define which users can edit which data in which status. This specifies the areas in which the individual users have read or write access as well as what type of create, edit or approve actions they can perform in the ISMS tool.
The workflow clearly defines which permissions each user has. These are granted once and determine the user’s role. This minimizes the risk for accidental or false entries in the system and ensures that users are not overwhelmed with too much information.
Email automation
BIC Information Security automatically sends an email to inform the affected users when a defined event occurs. When the status of an action changes and, therefore, triggers a change in responsibilities, that new person will be informed instantly.
The automatic email notifications in BIC Information Security facilitate day-to-day tasks by eliminating the need to send regular reminders to co-workers about their current list of to do’s. Since the system takes on this task, it also provides transparency on the status of the different tasks that need to be completed.

With BIC Information Security and the ISO Standard 27001 into the future of information security
The security of the assets in your company has top priority and is a prerequisite for long-term business success. Create the basis for a successful, powerful information security management system with BIC Information Security.
BIC Information Security:
The business side
BIC Information Security was developed based on ISO 27001 and incorporates the vast hands-on experience gained in numerous implementation projects.
ISO 27001 is an internationally recognized standard for information security management. It outlines the requirements to successfully document and implement an ISMS. The goal of an ISMS is to systematically manage information security in order to protect the confidentiality, integrity and availability of information and assets as well as efficiently identify and reduce potential threats. The ISO/IEC 27001 standard is comprised of over 30 documents that support companies throughout an ISMS implementation.
ISO/IEC 27001:2013 is the leading choice for certification among companies that do not require more specific frameworks (e.g., for cloud services, cloud computing, energy sector).
Benefit from intuitive, modern software to protect your most important corporate assets
An ISMS without complicated Excel applications has never been as easy as with BIC Information Security. Find out more about the ways BIC makes your everyday work easier and what other possibilities BIC GRC offers in different areas of corporate management.