Information Security Management System (ISMS): For the security of your information. In today's world, information, information processing systems and data are exposed to many dangers. Failure of technology, human error, force majeure, cyber attacks, organizational deficiencies - all of these are risks to the security of information in companies. Numerous laws (e.g. IT Security Act, EU GDPR), regulations and industry-specific regulations and standards (e.g. B3S, IT security catalogue) therefore require systems and rules to ensure information security in a company over the long term. Information has become so important that its protection has top priority and must be ensured responsibly and continuously.

High information security thanks to ISMS software

A professionally organized information security management system (ISMS) is essential in order to successfully meet these requirements and the challenges of information security in the company and to maintain protection goals.

An ISMS establishes procedures and rules in the company in order to permanently control, monitor, maintain and continuously improve information security. How an ISMS can be set up is regulated by ISO standards (e.g. ISO 27001) or the specifications of the Federal Office for Information Security (BSI). Building an ISMS in accordance with the ISO 27000 series of standards (e.g. ISO / IEC 27001) or in accordance with the specifications of the BSI or industry-specific standards (B3S) and operating it successfully and long-term in accordance with the regulatory requirements is not possible without the support of software-based ISMS solutions.

Services of the information security software solution in R2C_SECURITY

With the ISMS solution from R2C_SECURITY, you have an efficient, standard-open tool for managing your ISMS processes that is tailored to your information security concepts, in order to initiate, implement, monitor and continuously check and improve procedures and measures for information security. R2C_SECURITY supports you in all phases of the process, from the selection of the relevant standards to the certifiable organization.

The most important functions of our ISMS solution

  • R2C_SECURITY is a multi-tenant system.
  • The organizational structure can be mapped using the client hierarchy in order to map the scope of the ISMS for the organizational structure
  • Due to the multi-client capability, an organization structure of any depth can be mapped


  • R2C_SECURITY is an open-standard system.
  • The software enables you to work in accordance with the requirements of national and international norms and standards, e.g. ISO 27001, 27002, 27005, 27019, 27701, IT basic protection catalogue, B3S, BAIT, VAIT
  • Additional standards, industry requirements, legal requirements, internal guidelines and company standards can be easily integrated and managed.
  • The area of application, i.e. which standards, specifications and guidelines apply to the ISMS, can be determined individually for each client.
  • Management of business processes and assets of any type, such as information, applications, IT systems, infrastructure, buildings, rooms, personnel
  • Mapping of business process and asset hierarchies in any depth
  • Designation of responsibilities, maintenance of descriptions and further detailed information as well as the possibility of defining optional mandatory fields
  • Analysis of the damage effects for individual business processes and assets on the basis of freely configurable damage scenarios
  • Implementation of protection requirement analyses for the protection goals of confidentiality, integrity, availability and authenticity, including assets / business processes, as well as automatic inheritance of the protection requirement with a configurable inheritance direction
  • Further protection goals and assessment dimensions can be freely defined and optionally switched on
  • Implementation of business impact analyses (BIA)
  • Establishing links to risks, protective measures, controls, information security incidents, contingency plans, processing activities
  • Dashboards, reports and evaluations for monitoring company and time-critical business processes and assets
  • Upload documents using drag & drop
  • Excel-based interface for uncomplicated import & export (manual, time-controlled and automatic)
  • Flexible expandability to include customer-specific properties (customizing)
  • Recording and documentation of risks in information security and classification into freely configurable risk categories
  • Designation of responsibilities
  • Integration of individual threat and vulnerability catalogs to carry out detailed risk analyses
  • Carrying out protection goal-related risk analyses with automatically inherited effects
  • Extended risk assessment based on individual hazard catalogs
  • Individual consideration of risks before and after the implementation of risk-reducing protective measures (gross / net consideration)
  • Definition of risk treatment strategies (e.g. reducing, avoiding)
  • Submission of declarations for the acceptance of residual risks
  • Establishing connections to protective measures, assets, business processes, information security incidents
  • Dashboards, reports and evaluations for monitoring the risk situation
  • Upload documents using drag & drop
  • Excel-based interface for uncomplicated import & export (manual, time-controlled and automatic)
  • Flexible expandability to include customer-specific properties (customizing)
  • Recording and comprehensive documentation of protective measures, from planning and implementation to the appropriateness and effectiveness test as well as cost recording and scheduling
  • Designation of several responsibilities
  • Linking protective measures with requirements / controls from norms, legal requirements, internal guidelines and company standards as a basis for GAP analyses and audits
  • Establishing links to risks, assets, business processes, information security incidents, controls, processing activities
  • Sending e-mail notifications to remind you when actions are due
  • Dashboards, reports and evaluations for monitoring the degree of fulfillment
  • Upload documents using drag & drop
  • Excel-based interface for uncomplicated import & export (manual, time-controlled and automatic)
  • Flexible expandability to include customer-specific properties (customizing)
  • Fast recording and comprehensive documentation of information security incidents
  • Appoint incident handlers
  • Allocation of affected business processes and assets as well as risks that have occurred
  • Classification of the impact on the protection goals of confidentiality, integrity, availability and authenticity as well as assessment of the criticality and damage incurred
  • Definition of protective and improvement measures


An audit is a quality management instrument that examines whether the specified protection goals have been achieved, the relevant security requirements are met and the company-critical values are adequately protected. Internal and external audits as well as self-tests can be carried out in R2C_SECURITY. Which norms and standards, which parts of them or which business processes should be audited, can be decided depending on the situation.

In addition to the extensive options within an audit, test procedures can be defined for each audit test point, samples and results documented and - in the event of deviations - findings can be created, comprehensively described and assigned to a controller. Standard evaluations and reports present the audit results reliably, transparently and comprehensibly.

  • Comprehensive lists and detailed views - the columns shown in a list and their order can be customized for each user. Lists also have extensive sorting and filtering options that can be used to efficiently search for elements in the current list. Filter definitions can be saved on a user-specific basis and activated with a click on the filter.
  • Simple list export to EXCEL and CSV files - All lists can be exported as Excel or CSV files in order to carry out further analyses and evaluations on the basis of the exported data. All visible elements of the current list are exported with the information from the displayed columns.
  • Full text search - The integrated search function enables a full text search for all transaction data created in the application and displays the search results in the context of the rights of the logged in user.
  • Journal entries and change comments - All changes made to the retrieved element, e.g. an asset, are automatically journalized and can also be described or specified by the user. Changes, decisions and resolutions on the element are always traceable, even years later.
  • Atlases - Atlases contain a hierarchical representation (tree structure) of all elements of this type that have been linked to one another. Atlases can be freely configured for specific clients or created across clients.
  • My portfolio - the overview page "My Portfolio" gives an overview of the responsibilities of the current user and thus of all active elements for which this user is selected as a controller.
  • Drag & Drop for Documents - Documents can be uploaded to the application using drag & drop.

A little insight into our ISMS software

ISMS dashboard: business processes and assets

ISMS dashboard: risks and protective measures

Risk assessment

Tabular risk overview

Hierarchical representation of assets and associated risks and protective measures

Preparation of a Statement of Applicability (SoA) report

What issues around governance, risk & compliance is your company currently dealing with?

Your Contact to Schleupen SE

We are at your disposal for all questions and suggestions. Personal and competent.