BiznetBiznet

Our genuine product ISMart, as an effective and sustainable Information Security Management System (ISMS) tool that expedites, facilitates, registers, reports and manages compliance with the ISO 27001 standard.

We may come across the following problems frequently when we aim to set up a successful organizational ISMS:

computer-icon Having difficulty in managing risks associated with large amount of information

computer-icon Overlooking modifications made in the risk environment

computer-icon Problems regarding the security organization structure

computer-icon Inability to ensure an up-to-date asset inventory

computer-icon Inability to follow up easily the information and approval processes regarding information security task assignments

computer-icon Failure to correlate the selected controls with the results of risk assessment process

computer-icon Difficulties encountered during document creation and updates based on controls

computer-icon Inability to assess ISMS efficiency

It is important to use an effective software capable of keeping all processes under control to overcome all these problems.

ISMart is a software developed by Biznet software team to effectively manage all processes included in the organizational information security system.  It provides tools that allow ISMS to be installed and sustained in compliance with the ISO/IEC  27001 standard and audited and directed in compliance with the ISO/IEC 27002 standard. Basically, ISMart contains functional modules including “risk management”, “assessment-evaluation”, “incident management”, “internal audit”, “work flow” and “document management”.

ISMart application does not only reduce manpower and time required for ISO 27001 certification significantly, but also helps follow up ad monitor planning of daily security-related works and defined actions.

ISMart responds to the requirements required by the standard as follows:

 

 

ABOUT ISMART

 

Requirements of the ISO/IEC 27001      Those Fulfilled by ISMart
  • A comprehensive risk analysis, and its follow-up and update
  • Making and following up risk processing plans
        Risk Management Module

  • It provides comparable and re-producible results.
    • It provides ease and guidance for setting up a proper and complete system with pre-defined asset categories, threat categories and controls.
    • It offers multiple risk calculation methodology
    • It fulfills requirements defined by risk evaluation and risk processing procedures.

    It provides capability of monitoring between results of risk analysis and controls selected.
  • Preparation of risk evaluation, risk processing plan and applicability statement
        Reports

  • It provides detailed information about the current state of the ISMS by generating various reports. (Asset inventory, risk evaluation report, risk processing plan, risk processing action report, applicability statement, etc.)
  • It provides useful data to the management by sorting the data in the risk evaluation report according to various parameters.
  • It provides different means to users to compile the reports in a manner to contain different information and generate comparable reports.
  • Implementation of security and awareness programs to all users under the ISMS
      Assessment-Evaluation Module

  • It is an important component to identify training needs in actualization of the ISMS, raise awareness among, and train users constantly and assess their level of security knowledge. Assessment-evaluation module serves this purpose.
  • Preparation and control of guidance documents for implementation of the ISMS
        Document Management Module

  • This module allows correlation of ISMS documents with objects such as assets, actions and work flows.
  • Documents can be categorized under different titles and their versions can be followed up.
  • Constant monitoring and review of the ISMS as a living process
      Internal Control Module / Incident Management Module

  • It provides planning of internal controls, recording of results and planning and efficiency-review of corrective / preventive actions for regular review of the ISMS.
  • It allows follow-up of the efficiency of assigned controls.
  • It makes it easier to record recommendations, feedbacks and security violations reported by users and third parties, follow them up and take necessary precautions. Users are able to follow up the update and the assigned person for requests they initiate.
  • Administrative capabilities ensuring sustainability of the ISMS
        Workflow Module

 

  • ISMart allows all employees to participate in information security management system within their access authorities granted in connection with their job. Organizational structures can be integrated into ISMart.
  • With this module, user authorities and approval mechanisms that are needed in modules such as risk management, assessment and evaluation, incident management and internal control are defined.

        Other Capabilities

  • ISMart is a WEB-based software developed according to “n”- layered WEB architecture. In its project, Java technologies were used and the application J2EE standards were taken as basis. Among its capabilities are LDAP integration, detailed role-based authorization of users, logging of user actions.
  • It has scalability capability that makes it possible to it in all organizations from the smallest organization with few users to those with thousands of users.
  • It can be set up and configured easily from the application interface.

For more information about ISMART you can contact with our experts!