What companies and organisations is ISIS12 suitable for?
ISIS12 was specifically designed for SMEs with 50 to 1,500 computer-supported workstations. Local authorities and other organisations can also successfully apply ISIS12.
Benefits
Aligning with ISO/IEC 27001 and IT-Grundschutz (IT Baseline Protection Manual)
A catalogue of measures tailored to business-critical applications in SMEs
A clear approach
ISIS12 offers a straightforward, 12-step process of clearly expressed guidance on IT documentation and IT service management.
Implementing requirements set out in the EU GDPR
Harnessing the ISIS12 approach to implement and document the requirements set out in the EU GDPR
ISIS12 – comprehensive protection in 12 steps
The ISMS alternative for authorities and SMEs.
ISIS12 was developed by the Netzwerk Informationssicherheit im Mittelstand (Network for Information Security in SMEs – NIM) at the Bavarian IT Security Cluster, and is a straightforward information security management system (ISMS) specifically for SMEs and public authorities. It came about because the established standards are difficult for SMEs to implement – the IT-Grundschutz is concrete, but too comprehensive, and ISO 2700x provides structure, but is too abstract. However, information security is just as important in large, global corporations. That’s because they, too, must address growing challenges like corporate espionage, data protection and the need for high IT availability.
IT service management processes based on ITIL have also been integrated and, combined with the PDCA process set out in the ISIS12 model, provide a sustainable, documented management approach at the strategic and operational levels.

Services for implementing ISIS12
Basic check-up
- Checking your IT infrastructure and processes for potential risks and identifying areas for improvement
- Subsequently preparing a report on your security situation
Documentation and process creation
- Implementing the ISMS based on existing documentation
- Producing custom documents to meet ISMS requirements
Introducing the ISMS
- Cross-sector expertise from our consultants – swift success through flexible approaches
- Seamlessly shift to another ISMS
(Pre-)audit
- A security consultant experienced in audits reviews the effectiveness of your ISMS
- Receive training to prepare for upcoming audits