ISIS12 helps you meet information security management requirements by bringing together the strengths of different standards, and is specially tailored to SMEs.

What companies and organisations is ISIS12 suitable for?

ISIS12 was specifically designed for SMEs with 50 to 1,500 computer-supported workstations. Local authorities and other organisations can also successfully apply ISIS12.



Aligning with ISO/IEC 27001 and IT-Grundschutz (IT Baseline Protection Manual)

A catalogue of measures tailored to business-critical applications in SMEs

A clear approach

ISIS12 offers a straightforward, 12-step process of clearly expressed guidance on IT documentation and IT service management.

Implementing requirements set out in the EU GDPR

Harnessing the ISIS12 approach to implement and document the requirements set out in the EU GDPR

ISIS12 – comprehensive protection in 12 steps

The ISMS alternative for authorities and SMEs.

ISIS12 was developed by the Netzwerk Informationssicherheit im Mittelstand (Network for Information Security in SMEs – NIM) at the Bavarian IT Security Cluster, and is a straightforward information security management system (ISMS) specifically for SMEs and public authorities. It came about because the established standards are difficult for SMEs to implement – the IT-Grundschutz is concrete, but too comprehensive, and ISO 2700x provides structure, but is too abstract. However, information security is just as important in large, global corporations. That’s because they, too, must address growing challenges like corporate espionage, data protection and the need for high IT availability.

IT service management processes based on ITIL have also been integrated and, combined with the PDCA process set out in the ISIS12 model, provide a sustainable, documented management approach at the strategic and operational levels.

swiss it security

Send a request

Leave us your e-mail address and we will gladly get in contact with you

Are you interested in our solution?


Services for implementing ISIS12

  • Checking your IT infrastructure and processes for potential risks and identifying areas for improvement
  • Subsequently preparing a report on your security situation
  • Implementing the ISMS based on existing documentation
  • Producing custom documents to meet ISMS requirements
  • Cross-sector expertise from our consultants – swift success through flexible approaches
  • Seamlessly shift to another ISMS
  • A security consultant experienced in audits reviews the effectiveness of your ISMS
  • Receive training to prepare for upcoming audits


Download info sheet

Find all of our services on our info sheet.


*Mandatory field


Thank you for your interest!

You can download the product sheet by clicking the button below.


*Mandatory field


*Mandatory field