ibi systems iris is a software for ISMS and GRC management – sustainable and economically valuable. The special added value lies in the integrative applicability, the integrated know-how such as best practice standards, controls or measures as well as the sustainable and secure technology based on ASP.NET.

The advantages of ibi systems iris are convincing and result in a large number of awards and distinctions – for example with the IT Innovation Award in the IT Security category and with the Industry Prize of Huber Verlag für Neue Medien GmbH.

Licensing is based on the named user license model. The operation of the software can be carried out within the framework of a SaaS model by ibi systems. Alternatively, the operation on the server of the customer is possible (On Premises).

  • integrative
  • integrated
  • sustainable

A major advantage of ibi systems iris lies in the intelligent support of selected business processes. For example, efficiency gains of more than 30% are achieved in the “Security Management” area.


Dr. Stefan Wagner, Managing Director, ibi systems GmbH

Security Management

Information Security Management System (ISMS)

ibi systems iris supports the launch, operation and optional certification of an information security management system (ISMS) according to common standards.

With the help of the software the Statement of Applicability can be created and other relevant documents (policies, protocols etc.) can be managed. Gap analyzes and audits as well as the recording of findings (e.g., vulnerability, deviation) are just as possible as the recording, evaluation, treatment and monitoring of IT risks including management and tracking of measures. In addition, security incidents can be managed in ibi systems iris.

  • ISO/IEC 27001
  • ISO/IEC 27002
  • ISO/IEC 27019
  • IT-Grundschutz
  • BAIT
  • B3S

Security Audits

With ibi systems iris you plan and manage all security audits in your company as well as a comprehensive follow-up with all identified audit findings and the resulting risks and measures.

It is possible to specify an assessment object (asset, process, etc.) for each audit and to distribute the tasks in the audit process (audit templates, planning, assessor, reviewer, etc.). The findings identified during the audit (e.g., vulnerabilities) can be directly assigned to measures to remedy them or risks can be derived from these findings.

  • Cloud Computing (C5)
  • VDA – ISA
  • individual
    assessment catalogs

Business Continuity

With ibi systems iris you implement a system-based emergency management according to common standards.

The ibi systems iris software enables the performance of business impact analysis (BIA) and the recording of business continuity and recovery plans (emergency manuals). Emergency scenarios and events are recorded, documented and treated. ibi systems iris supports a holistic emergency management including risk analysis.

  • BSI 100-4
  • ISO 22301
  • ISO 22313

Governance Management

Internal Control System (ICS)

With ibi systems iris you operate an effective and efficient internal control system (ICS) and reduce the effort while at the same time increasing transparency.

In addition to the definition of the control context (organizational structure, assets, processes, rules, etc.) ibi systems iris enables the administration of individual control templates as well as the planning and assignment of controls including e-mail notifications. Controls are carried out by a wizard, including proofs, documents and findings. In addition, the resulting risks can be recorded, evaluated and treated.

  • IDW PS 951
  • ITIL

Corporate and IT Governance

ibi systems iris guides your business through internally and externally defined requirements and policies. Make sure you comply with these requirements and define and plan measures that ensure their implementation and thus the achievement of the company’s goals.

ibi systems iris enables the recording, administration and versioning of all internal and external requirements and policies. Audits as well as measures to check or ensure compliance with requirements and policies can be defined, planned and performed.

  • Sarbanes-Oxley Act
  • Versicherungsaufsichtliche Anforderungen an die IT
  • Bankaufsichtliche Anforderungen an die IT

Risk Management

Enterprise Risk

Capture all relevant risks in just one system and ensure the best possible comparability of all risks through a uniform approach.

ibi systems iris enables the recording, evaluation, treatment and monitoring of all relevant risks in the company. These can be categorized (operational, financial, strategic) as well as risk treatment and prevention measures defined and tracked. Risks are evaluated in terms of damage impact and likelihood of damage with freely configurable values (e.g., 5 x 5 risk matrix).

  • ISO 31000
  • ISO 31010

IT Risk

With ibi systems iris you operate an effective and efficient risk management according to common standards.

All relevant assets, processes, threats and vulnerabilities in ibi systems iris are recorded. The risk can be identified, described and evaluated. For risk treatment measures are defined and tracked. The risk evaluation and treatment is carried out in an iterative process, including continuous monitoring of the risk and measures with the help of controls and indicators.

  • ISO 27005
  • BSI 100-3
  • BSI 200-3

Operational Risk

With ibi systems iris you capture the risk of losses caused by the inadequacy or failure of internal processes, people and systems, or by external events. This includes legal risks that are particularly relevant for banks and insurance companies.

ibi systems iris enables the linking of risks with legal regulations as well as a categorization of the risks e.g., according to Basel II/III. The monitoring of the risks takes place, for example, with the help of indicators, which can be included in the risk evaluation. In addition, for each risk a risk owner can be assigned, which evaluates the risk for example and defines measures for the treatment.

  • Basel II
  • Basel III
  • Solvency II

Compliance Management

Compliance Audits

ibi systems iris supports and ensures compliance with increasingly complex and heterogeneous external requirements, laws and regulations. With ibi systems iris you have an effective compliance management tool according to best practice.

With ibi systems iris, all external requirements, laws and regulations can be recorded. Comprehensive management of compliance risks is just as possible as controlling compliance through compliance audits. Compliance violations are recorded and measures for their treatment are defined as part of the follow-up process.

  • ISO 19600
  • ISO 37001
  • ONR 192050

Data Protection

ibi systems iris supports the development and operation of an effective data protection management system (DPMS). In this way, you meet the requirements of EU-GDPR and other relevant laws and regulations with the help of an intelligent tool.

ibi systems iris enables the recording and administration of data protection-relevant processes according to EU-GDPR. With the help of the software, data protection risks, including management and tracking of measures, can be recorded, evaluated and treated (art. 35 EU-GDPR, Data protection impact assessment). In addition, data protection incidents can be collected and processed. For example, when performing assessments, findings can be identified and risks derived and treated.

  • BDSG
  • ISO 27018

Directives & Policies

With ibi systems iris you always ensure that you comply with relevant directives and policies. Check compliance and document the approval process of exceptions.

In addition to the recording and management of all directives and policies, it is possible to manage exceptions including documentation of requests and, if necessary, associated approvals. Requests are categorized (e.g., release, statement) and consistent decisions are made on similar requests through intelligent adoption of historical approvals.

  • Code of conduct
  • Anti Corruption Guideline
  • Compliance Guideline