ISMS

• R2C_SECURITY is a multi-tenant system.
• The organizational structure can be mapped using the client hierarchy in order to map the scope of the ISMS for the organizational structure
• Due to the multi-client capability, an organization structure of any depth can be mapped

• R2C_SECURITY is an open-standard system.
• The software enables you to work in accordance with the requirements of national and international norms and standards, e.g. ISO 27001, 27002, 27005, 27019, 27701, IT basic protection catalogue, B3S, BAIT, VAIT
• Additional standards, industry requirements, legal requirements, internal guidelines and company standards can be easily integrated and managed.
• The area of application, i.e. which standards, specifications and guidelines apply to the ISMS, can be determined individually for each client.

• Management of business processes and assets of any type, such as information, applications, IT systems, infrastructure, buildings, rooms, personnel
• Mapping of business process and asset hierarchies in any depth
• Designation of responsibilities, maintenance of descriptions and further detailed information as well as the possibility of defining optional mandatory fields
• Analysis of the damage effects for individual business processes and assets on the basis of freely configurable damage scenarios
• Implementation of protection requirement analyses for the protection goals of confidentiality, integrity, availability and authenticity, including assets / business processes, as well as automatic inheritance of the protection requirement with a configurable inheritance direction
• Further protection goals and assessment dimensions can be freely defined and optionally switched on
• Implementation of business impact analyses (BIA)
• Establishing links to risks, protective measures, controls, information security incidents, contingency plans, processing activities
• Dashboards, reports and evaluations for monitoring company and time-critical business processes and assets
• Upload documents using drag & drop
• Excel-based interface for uncomplicated import & export (manual, time-controlled and automatic)
• Flexible expandability to include customer-specific properties (customizing)

• Recording and documentation of risks in information security and classification into freely configurable risk categories
• Designation of responsibilities
• Integration of individual threat and vulnerability catalogs to carry out detailed risk analyses
• Carrying out protection goal-related risk analyses with automatically inherited effects
• Extended risk assessment based on individual hazard catalogs
• Individual consideration of risks before and after the implementation of risk-reducing protective measures (gross / net consideration)
• Definition of risk treatment strategies (e.g. reducing, avoiding)
• Submission of declarations for the acceptance of residual risks
• Establishing connections to protective measures, assets, business processes, information security incidents
• Dashboards, reports and evaluations for monitoring the risk situation
• Upload documents using drag & drop
• Excel-based interface for uncomplicated import & export (manual, time-controlled and automatic)
• Flexible expandability to include customer-specific properties (customizing)

• Recording and comprehensive documentation of protective measures, from planning and implementation to the appropriateness and effectiveness test as well as cost recording and scheduling
• Designation of several responsibilities
• Linking protective measures with requirements / controls from norms, legal requirements, internal guidelines and company standards as a basis for GAP analyses and audits
• Establishing links to risks, assets, business processes, information security incidents, controls, processing activities
• Sending e-mail notifications to remind you when actions are due
• Dashboards, reports and evaluations for monitoring the degree of fulfillment
• Upload documents using drag & drop
• Excel-based interface for uncomplicated import & export (manual, time-controlled and automatic)
• Flexible expandability to include customer-specific properties (customizing)

• Fast recording and comprehensive documentation of information security incidents
• Appoint incident handlers
• Allocation of affected business processes and assets as well as risks that have occurred
• Classification of the impact on the protection goals of confidentiality, integrity, availability and authenticity as well as assessment of the criticality and damage incurred
• Definition of protective and improvement measures

An audit is a quality management instrument that examines whether the specified protection goals have been achieved, the relevant security requirements are met and the company-critical values are adequately protected. Internal and external audits as well as self-tests can be carried out in R2C_SECURITY. Which norms and standards, which parts of them or which business processes should be audited, can be decided depending on the situation.

In addition to the extensive options within an audit, test procedures can be defined for each audit test point, samples and results documented and - in the event of deviations - findings can be created, comprehensively described and assigned to a controller. Standard evaluations and reports present the audit results reliably, transparently and comprehensibly.

• Comprehensive lists and detailed views - the columns shown in a list and their order can be customized for each user. Lists also have extensive sorting and filtering options that can be used to efficiently search for elements in the current list. Filter definitions can be saved on a user-specific basis and activated with a click on the filter.
• Simple list export to EXCEL and CSV files - All lists can be exported as Excel or CSV files in order to carry out further analyses and evaluations on the basis of the exported data. All visible elements of the current list are exported with the information from the displayed columns.
• Full text search - The integrated search function enables a full text search for all transaction data created in the application and displays the search results in the context of the rights of the logged in user.
• Journal entries and change comments - All changes made to the retrieved element, e.g. an asset, are automatically journalized and can also be described or specified by the user. Changes, decisions and resolutions on the element are always traceable, even years later.
• Atlases - Atlases contain a hierarchical representation (tree structure) of all elements of this type that have been linked to one another. Atlases can be freely configured for specific clients or created across clients.
• My portfolio - the overview page "My Portfolio" gives an overview of the responsibilities of the current user and thus of all active elements for which this user is selected as a controller.
• Drag & Drop for Documents - Documents can be uploaded to the application using drag & drop.