Our ISMS/DSMS Portal
Your solution to support your management system
Through the organized exchange of information within the system on the basis of Microsoft SharePoint, the ISMS/DSMS portal is a lean and efficient solution for all business processes, compliance requirements and legal data privacy requirements according to the ISO standard 27001, the data privacy basic regulation (GDPR) and the IT basic protection developed by the Federal Office for Information Security (BSI) supported. The portal helps you to manage information security and data protection in an integrated way and thus avoid duplication of work. It maps all building blocks necessary in your company for the implementation of various management systems. This includes functions such as document control and document management including automatic versioning, the management of internal audits and supplier audits, a register of information assets, risk management, processing descriptions, data privacy impact assessments, contract and action management, reporting and business intelligence solutions for mapping quality-relevant KPIs as well as project and action management for continuous improvement of the management system.
Our Know-How secures your success
By using the portal, you are opting for a method that has been tried and tested and certified many times within the framework of international certifications, through which complex information is stored in a structured manner in a cloud or on local servers. The processes are automated and are offered by us as an add-on solution that uses your Microsoft SharePoint. We regard your information security and data protection requirements as a holistic project and have therefore created a solution with this modular portal in which all digital requirement profiles for data privacy and information security can be configured. In the following you will learn more about the individual product modules within the ISMS/DSMS portal.
The product modules
Document control and document management
The central provision of the information and documentation relevant for your employees enables the continuous further development of the processes documented within the portal and avoids duplication of work. An important sub-function here is document control and document management within individual organizational units for the processes to be processed. These organizational units can be adapted to any enterprise organization and can therefore also be divided into internationally active companies according to individual countries and in several languages. Access to the documents is location-independent and is controlled by corresponding release and publication options. This enables every employee to access the information relevant to him or her and to track important business processes. All objects within the portal are audit-proof through automatic backup processes and archiving. The documents are stored in several versions and can thus also be traced back in their older versions.
Management of internal audits and supplier audits
A distinction is made between internal audits, which your data protection officer must carry out regularly, and supplier audits. In both cases, a status is checked, evaluated and then corrected if differences between the actual and target status have been analyzed.
For the implementation of the audits, the management defines a process description and allocates the responsibilities for planning, execution, documentation and follow-up of the so-called quality audits. This also ensures that a regular review of the functionality and effectiveness of the management system is carried out and that suggestions for improvement are developed and implemented. The audit is then planned, filed and documented at a central location within the portal. The user receives an overview of the current audits and the resulting measures via the central audit dashboard. The written audit results are used for a review with the management regarding the planning, implementation and control of measures to optimize this management system.
Directory of Information Values (Asset Registers)
Your relevant information needs protection. In addition to your hardware and software, the networks and organizational units as well as the company building and personnel, this includes your business processes, personal data or strategic information, prototypes, samples and products. The protection requirements of your data, objects and processes cover all risks of data loss and are assigned to an information value within the portal that takes dependencies into account and passes them on accordingly. If, for example, a document with the need for protection is classified as “high”, the server on which the document is located or the room in which the server is located and the building in which the room is located are also classified with the same value.
In our portal, this inheritance of protection needs is calculated fully automatically, thus reducing the complexity for the user. In the portal, the directory of information values (asset registers) is versioned, securely digitized, accessible from anywhere, can be evaluated by reporting and presented in a filterable form. This creates an awareness of your information values.
Records of processing activities
As a company, you are legally obliged to draw up a register of your processing activities. This results from Art. 30 of the GDPR. In our portal, the processing descriptions are archived, organized and filterable, secure, versioned, retrievable from anywhere and stored for evaluation. This increases transparency and avoids additional work.
The directory records the need for action with regard to your processing operations and data protection impact assessment (DPIA). It creates transparency for those responsible for processing within your company and increases the ability to provide information to those affected or to supervisory authorities.
Ultimately, the individual processing descriptions provide information about all personal data collected from you as well as their processing and use. They also allow insight into who has access to this data, to whom it is transmitted, which legal bases have been used to store, process and transmit this data, which deletion periods exist and which data protection measures and technical organisational measures (TOMs) are being implemented.
Privacy Impact Assessment
The ata protection impact assessment (DPIA) examines whether intended data processing fulfils the legal, technical and organisational requirements. A risk analysis is also carried out in this context. An essential basis for the implementation of the DPIA are the processing descriptions.
Art. 35 para. 1 GDPR stipulates that companies must carry out a DPIA , for example in the case of risky data processing. This is generally the case if a form of processing is used – for example when new technologies are used – which poses a high risk to personal rights and freedoms.
The DPIA must be started as early as possible in the development phase of the processing activities, even if some of the processing operations are not yet known. The continuous updating of DPIA throughout the life cycle of the project not only ensures that data protection is duly respected, but also encourages the development of compliance solutions. With the help of the ISMS/DSMS portal the data are archived, organized and filterable, securely stored, versioned, retrievable from everywhere and evaluable. This creates transparency for all DPIA processes.
Contract management
All relevant contracts for information security and data protection are stored centrally in the contract management integrated within the ISMS/DSMS portal. This includes contract templates and text modules for convenient data entry, which can then be saved with all associated documents and are available for further processing at any time. In addition, they can be linked to other contracts via the management system and provided with tasks for compliance with contractual obligations. A flexible authorization and role concept as well as a full-text search and extensive filter functions enable fast processing of contract documents, which can be stored directly via drag & drop. In addition, approval and release processes are integrated into the workflow. Contract reporting and controlling takes place via personalized dashboard views, automatic notification when deadlines expire, and individual reports and evaluations.
Measure management
Our measure management solution is based on powerful Microsoft technologies that provide a wide range of applications for handling information and documents. Simple operation and transparent documentation of the processes enable you to keep track of all initiated measures. Within action management, areas such as document control, audits, risk management and CIP (Continuous Improvement Process) are centrally merged and monitored. An automatic reminder and resubmission function enables timely implementation.
Complaint and supplier master data as well as electronic forms (3D, 8D, inspection report, etc.) are managed within the action management. In addition, a workflow is incorporated into the task management, which starts as soon as a new notification is entered and informs the department responsible for clarifying further measures. With the help of the status query (open/new, in progress, everything completed) all measures as well as their further processing within the task management (my tasks, open tasks, pending tasks) can be tracked.
Reporting / KPIs / Dashboards
The integrated reporting and BI functionality within the ISMS/DSMS portal provides a transparent overview of the information collected. Complex data is provided here in the form of dashboards and reports for retrieval or can be requested by subscription via e-mail as Excel or PDF export. The reports are available in different languages and provide a complete overview of large amounts of information. The added value lies in the preparation and the filter functions within the portal, which can be adapted to the usage behaviour of your employees. Relevant information is merged, displayed clearly in diagrams or tables or can be hidden by filter functions, so that the dashboards ultimately differ according to the area of responsibility of the employees. Reports can be used to process information from different parts of the organization together. Finally, the information can be evaluated or assessed using metrics. These are closely linked to reporting. While the report delivers the actual values from the system, key figures relate them to the target values.
Project management
The organization of your project management can also be integrated into the ISMS/DSMS portal. We support you in the creation of project management methods as well as the development of efficient project and multi-project organizations and the creation of project management manuals. By participating in committees of the Project Management Institute (PMI)® we ensure that the current trends in project management are taken into account in our methods and tools. The tools include processes such as project application and prioritization, project planning, project management, project change and project completion. In addition, forms and documents for project management can be created via the portal and project procedure models can be developed. Ultimately, this tool allows the project to be handled and personalized in clearly defined structures and processes. This enables targeted and open communication within the project and transparent cross-departmental collaboration. Effort and costs are also presented transparently.
Our ISMS/DSMS Portal
Your solution to support your management system
Through the organized exchange of information within the system on the basis of Microsoft SharePoint, the ISMS/DSMS portal is a lean and efficient solution for all business processes, compliance requirements and legal data privacy requirements according to the ISO standard 27001, the data privacy basic regulation (GDPR) and the IT basic protection developed by the Federal Office for Information Security (BSI) supported. The portal helps you to manage information security and data protection in an integrated way and thus avoid duplication of work. It maps all building blocks necessary in your company for the implementation of various management systems. This includes functions such as document control and document management including automatic versioning, the management of internal audits and supplier audits, a register of information assets, risk management, processing descriptions, data privacy impact assessments, contract and action management, reporting and business intelligence solutions for mapping quality-relevant KPIs as well as project and action management for continuous improvement of the management system.
Our Know-How secures your success
By using the portal, you are opting for a method that has been tried and tested and certified many times within the framework of international certifications, through which complex information is stored in a structured manner in a cloud or on local servers. The processes are automated and are offered by us as an add-on solution that uses your Microsoft SharePoint. We regard your information security and data protection requirements as a holistic project and have therefore created a solution with this modular portal in which all digital requirement profiles for data privacy and information security can be configured. In the following you will learn more about the individual product modules within the ISMS/DSMS portal.
The product modules
Document control and document management
The central provision of the information and documentation relevant for your employees enables the continuous further development of the processes documented within the portal and avoids duplication of work. An important sub-function here is document control and document management within individual organizational units for the processes to be processed. These organizational units can be adapted to any enterprise organization and can therefore also be divided into internationally active companies according to individual countries and in several languages. Access to the documents is location-independent and is controlled by corresponding release and publication options. This enables every employee to access the information relevant to him or her and to track important business processes. All objects within the portal are audit-proof through automatic backup processes and archiving. The documents are stored in several versions and can thus also be traced back in their older versions.
Management of internal audits and supplier audits
A distinction is made between internal audits, which your data protection officer must carry out regularly, and supplier audits. In both cases, a status is checked, evaluated and then corrected if differences between the actual and target status have been analyzed.
For the implementation of the audits, the management defines a process description and allocates the responsibilities for planning, execution, documentation and follow-up of the so-called quality audits. This also ensures that a regular review of the functionality and effectiveness of the management system is carried out and that suggestions for improvement are developed and implemented. The audit is then planned, filed and documented at a central location within the portal. The user receives an overview of the current audits and the resulting measures via the central audit dashboard. The written audit results are used for a review with the management regarding the planning, implementation and control of measures to optimize this management system.
Directory of Information Values (Asset Registers)
Your relevant information needs protection. In addition to your hardware and software, the networks and organizational units as well as the company building and personnel, this includes your business processes, personal data or strategic information, prototypes, samples and products. The protection requirements of your data, objects and processes cover all risks of data loss and are assigned to an information value within the portal that takes dependencies into account and passes them on accordingly. If, for example, a document with the need for protection is classified as “high”, the server on which the document is located or the room in which the server is located and the building in which the room is located are also classified with the same value.
In our portal, this inheritance of protection needs is calculated fully automatically, thus reducing the complexity for the user. In the portal, the directory of information values (asset registers) is versioned, securely digitized, accessible from anywhere, can be evaluated by reporting and presented in a filterable form. This creates an awareness of your information values.
Records of processing activities
As a company, you are legally obliged to draw up a register of your processing activities. This results from Art. 30 of the GDPR. In our portal, the processing descriptions are archived, organized and filterable, secure, versioned, retrievable from anywhere and stored for evaluation. This increases transparency and avoids additional work.
The directory records the need for action with regard to your processing operations and data protection impact assessment (DPIA). It creates transparency for those responsible for processing within your company and increases the ability to provide information to those affected or to supervisory authorities.
Ultimately, the individual processing descriptions provide information about all personal data collected from you as well as their processing and use. They also allow insight into who has access to this data, to whom it is transmitted, which legal bases have been used to store, process and transmit this data, which deletion periods exist and which data protection measures and technical organisational measures (TOMs) are being implemented.
Privacy Impact Assessment
The ata protection impact assessment (DPIA) examines whether intended data processing fulfils the legal, technical and organisational requirements. A risk analysis is also carried out in this context. An essential basis for the implementation of the DPIA are the processing descriptions.
Art. 35 para. 1 GDPR stipulates that companies must carry out a DPIA , for example in the case of risky data processing. This is generally the case if a form of processing is used – for example when new technologies are used – which poses a high risk to personal rights and freedoms.
The DPIA must be started as early as possible in the development phase of the processing activities, even if some of the processing operations are not yet known. The continuous updating of DPIA throughout the life cycle of the project not only ensures that data protection is duly respected, but also encourages the development of compliance solutions. With the help of the ISMS/DSMS portal the data are archived, organized and filterable, securely stored, versioned, retrievable from everywhere and evaluable. This creates transparency for all DPIA processes.
Contract management
All relevant contracts for information security and data protection are stored centrally in the contract management integrated within the ISMS/DSMS portal. This includes contract templates and text modules for convenient data entry, which can then be saved with all associated documents and are available for further processing at any time. In addition, they can be linked to other contracts via the management system and provided with tasks for compliance with contractual obligations. A flexible authorization and role concept as well as a full-text search and extensive filter functions enable fast processing of contract documents, which can be stored directly via drag & drop. In addition, approval and release processes are integrated into the workflow. Contract reporting and controlling takes place via personalized dashboard views, automatic notification when deadlines expire, and individual reports and evaluations.
Measure management
Our measure management solution is based on powerful Microsoft technologies that provide a wide range of applications for handling information and documents. Simple operation and transparent documentation of the processes enable you to keep track of all initiated measures. Within action management, areas such as document control, audits, risk management and CIP (Continuous Improvement Process) are centrally merged and monitored. An automatic reminder and resubmission function enables timely implementation.
Complaint and supplier master data as well as electronic forms (3D, 8D, inspection report, etc.) are managed within the action management. In addition, a workflow is incorporated into the task management, which starts as soon as a new notification is entered and informs the department responsible for clarifying further measures. With the help of the status query (open/new, in progress, everything completed) all measures as well as their further processing within the task management (my tasks, open tasks, pending tasks) can be tracked.
Reporting / KPIs / Dashboards
The integrated reporting and BI functionality within the ISMS/DSMS portal provides a transparent overview of the information collected. Complex data is provided here in the form of dashboards and reports for retrieval or can be requested by subscription via e-mail as Excel or PDF export. The reports are available in different languages and provide a complete overview of large amounts of information. The added value lies in the preparation and the filter functions within the portal, which can be adapted to the usage behaviour of your employees. Relevant information is merged, displayed clearly in diagrams or tables or can be hidden by filter functions, so that the dashboards ultimately differ according to the area of responsibility of the employees. Reports can be used to process information from different parts of the organization together. Finally, the information can be evaluated or assessed using metrics. These are closely linked to reporting. While the report delivers the actual values from the system, key figures relate them to the target values.
Project management
The organization of your project management can also be integrated into the ISMS/DSMS portal. We support you in the creation of project management methods as well as the development of efficient project and multi-project organizations and the creation of project management manuals. By participating in committees of the Project Management Institute (PMI)® we ensure that the current trends in project management are taken into account in our methods and tools. The tools include processes such as project application and prioritization, project planning, project management, project change and project completion. In addition, forms and documents for project management can be created via the portal and project procedure models can be developed. Ultimately, this tool allows the project to be handled and personalized in clearly defined structures and processes. This enables targeted and open communication within the project and transparent cross-departmental collaboration. Effort and costs are also presented transparently.
Related Services
Based on Microsoft SharePoint® technology, the SharePoint® Processing Descriptions app makes it easy to create your directory of processing activities. Notifiable processing can be quickly and easily captured using a form. All data relevant for a process directory can be automatically merged and evaluated by saving them in the SharePoint® portal.
Uniform processes, standards, forms and methods are necessary for the successful handling of projects. Uniform project management standards create transparency in the company and are the basis for a common understanding of project management. Our project management experts offer you methodical consulting of projects and support the project manager and the whole team in the selection and application of suitable methods.