ibi systems iris
Integrated ISMS and GRC solution

Overview

ibi systems iris – Your central platform for ISMS & GRC

ibi systems iris is a modular software platform for information security management (ISMS) and GRC (governance, risk, and compliance). The ISMS and GRC software supports both medium-sized companies and corporations in a variety of specific use cases: e.g., application security checks, management reviews according to ISO 27001, implementation and maintenance of controls according to ISO 27002, supplier audits according to DORA, management of compliance risks, and much more.

It can be used across all industries – from manufacturing, retail, and finance to energy, healthcare, public administration, services, and IT. It is aimed at key decision-makers and those with responsibilities such as CISOs, ISOs, IT security officers, CEOs, CTOs, CIOs, IT managers, risk and audit managers, and compliance officers.

With ibi systems iris, you can consolidate all relevant data and processes in a central system and benefit from full transparency, faster reporting, and more efficient workflows.

Development and location are exclusively in Germany, ensuring the highest security and quality standards.

Compliance with relevant requirements

through guided implementation audits against internal and external requirements
(e.g., ISO 27001, NIS-2, DORA, VAIT, etc.)

Informed decisions

through centralized, transparent data

Optimized collaboration

via a common platform for all stakeholders

Scalable multi-client capability

including a fine-grained permission concept for secure data and access separation

Solution Areas

iris enables a holistic mapping of all ISMS/GRC data and processes in a central system. Similar to leading GRC frameworks, policies, controls, risks, analyses, and findings can be managed company-wide. Thanks to its modular structure, iris adapts flexibly to different requirements.

The platform includes functions for Information Security Management, ICS and Corporate Governance, Business Continuity Management (BCM), Requirements and Audit Management, Risk Management, and the Internal Control System (ICS).

Information Security Management

Establishment, operation, and audit of a standard-compliant ISMS, e.g., according to ISO 27001, IT-Grundschutz, TISAX, or CISIS12

Creation of the Statement of Applicability (SoA)
Management of security documents such as guidelines and protocols
Performance of gap analyses and audits
Recording of findings, vulnerabilities, risks, and incidents
Tracking and implementation of measures

ICS & Corporate Governance

Operation of an Internal Control System (ICS)

Definition, planning, and assignment of controls, including automatic notifications for performance
Management and versioning of internal and external requirements and guidelines (e.g., COBIT, ITIL, SOX)
Verification of the compliance with these specifications
Planning, documentation, and tracking of audits and measures

Business Continuity Management

Establishment of a comprehensive emergency management, e.g., in accordance with ISO 22301 or BSI 200-4

Business Impact Analyses
Development and storage of emergency and recovery plans
Planning and execution of emergency drills
Recording, documentation, and handling of emergency events
Holistic risk analysis and measures planning

Requirements & Audit Management

Management of requirements and performance of audits

Management of internal policies, directives, and guidelines, including documented approval process
Categorization and historization of exception requests for consistent decisions and transparency
Planning, performance, and follow-up of internal and external security and compliance audits
Definition of measures and reporting

Risk Management

Management of all relevant risks in accordance with common standards, e.g., ISO 27005

Systematic identification of risks from different sources
Uniform recording, analyses, handling, and monitoring of risks
Support for consistent risk analyses through configurable risk maps
Mapping of risks with assets, threats, and vulnerabilities
Targeted control and tracking of measures

Compliance & Data Protection

Central management of all regulatory requirements, laws, and standards

Mapping of requirements, e.g., GDPR, MaRisk, DORA, NIS-2
Performance of compliance audits and tracking of violations
Integrated Data Protection Management System (DPMS)
Recording of processing activities and performance of Data Protection Impact Assessments (DPIA)
Documentation and tracking of data protection incidents

Highlights

Individually customizable list views

All list and tree views in ibi systems iris can be customized to suit individual users. You can flexibly show or hide the attributes that are relevant to you as columns, allowing you to prepare information according to your own needs.

ibi systems iris offers further support by allowing you to define complex filter parameters and link them together. The filters can also be customized and saved for specific user groups or for each user individually. Lists containing the relevant information can be exported to common file formats with just one click of the mouse.

Clear detail views

All information and mappings for a dataset are stored in several tabs. The overview of the dataset summarizes this stored information and allows you to add and edit mappings to other elements of ibi systems iris.

This allows you to view all important information about a dataset in a clear, detailed view and, for example, display and edit the listed information about a risk on a single page without having to jump back and forth between multiple pages.

Intuitive user guidance and integration of third parties via iris apps

The iris apps, which were first launched in mid2025, are used in the areas of requirements management and assessment performance. These apps intuitively guide the user through the defined workflow and at the same time allow interaction with, for example, assessment responsibilities or requirements processors without media discontinuity.

In the area of assessment performance, third parties can also be easily involved by sending a link, for example, to answer a supplier assessment questionnaire. You can then process the results directly in ibi systems iris.

The iris apps are gradually being expanded to include additional functions. Please feel free to contact us for more information.

Contextual help

ibi systems iris supports you in your daily work with comprehensive context-sensitive help that can be accessed on every page in the software. The help page dynamically adapts to the area currently displayed.

It contains helpful information about the structure of the current page and the underlying functionalities and internal processes. Clear application examples provide suggestions for using the individual functions in ibi systems iris. Explanatory diagrams also support you with complex topics.

Integrated reporting

With ibi systems iris, you can report quickly, target-group-specific and reliable. The integrated reporting engine enables you to create state-of-the-art reports according to your own wishes and needs:

Many integrated standard reports with central administration possibility
Individual adaptability of standard reports according to your own wishes
Creation of your own reports according to individual requirements and needs in expert mode
Automatic storage of reports as documents in ibi systems iris
Export of reports in various file formats (word, pdf, excel, e-mail)

Configurable dashboards

With meaningful widgets in the dashboards, the ISMS software ibi systems iris provides you with a concise summary of relevant information on all data stored:

Dashboards with predefined widgets, such as risk map, upcoming findings, active assessments, or an overview of all open measures
Dashboards for every functional area with central administration possibilities
Possibility of independent creation of individual dashboards by the user via drag-and-drop, including free scaling and positioning (creation / editing in the integrated designer)
Drill-down functionality within the widgets down to the individual dataset

REST API for connecting third-party systems

The REST API provides standardized interfaces for connecting any third-party system, for example for importing and exporting assets from a CMDB, for integrating an request portal or for the automated creation of assessments.

Functions

My iris

Central management cockpit with interactive dashboards
Numerous ready-made dashboards (e.g. “My tasks and deadlines“, “Management review“, “Risks“, “Assessments“
Individual creation of dashboards with integrated dashboard designer

Repository

Creation, management and versioning of standards, laws, regulatory and internal requirements
Management of statements and exceptions
Features for collaborative work on requirements

Architecture

Asset and process management with measure recommendations
Protection requirements, business continuity management and business impact analysis

Assessments

Creation, scheduling and performance of assessments based on templates in a modular system
Automated audit planning
Intelligent recommendations for measures
App for the performance of assessments with intuitive user guidance

Findings

Overview, recording and processing of findings (e.g., vulnerabilities)
Management of damage events

Indicators

Creation and management of indicators
Controlling the continuous recording of measurements
Actions for breached or not fulfilled values

Risks

Creation, evaluation and treatment of risks
Definition of risk treatment options
Categorization of risks

Emergency

Creation of emergency scenarios
Execution of emergency drills
Creation of real emergency events
Creation of emergency manuals

Measures

Overview and management of measures
Detailed tracking of the implementation status of measures

Documents

Overview and management of documents
Verification of document validity
Classification of documents

Reporting

Export of reports based on manageable templates (word, pdf, excel, e-mail)
Export of all filterable and customizable lists (excel, csv)
Individual report generation with integrated report designer

Launch and training

Professional support in configuration and launch

Benefit from our experience in configuration and launch of ibi systems iris. Optimal realization considering your individual needs and aims is in our focus.

Integration of relevant content and data migration

Relevant content can be uploaded directly after the launch of ibi systems iris via the software’s integrated import center. Such content can be any set of rules and regulations (e.g., laws, standards and norms etc.) or any assessment template (e.g., VDA-ISA etc.).

If an existing system is to be replaced by ibi systems iris, it is important to migrate the existing database quickly and easily. For this initial data migration, the software ibi systems iris offers useful import functions based on excel. For example, the assets including the modeling of the relations to each other can be imported. Of course, our specialists and data experts are always available for complex migrations.

Training

Expand your know-how through our training program and get detailed expert knowledge about all functions of the ibi systems iris software. Your participation will be confirmed by a certificate. To do so, select the appropriate topic focus for you from our comprehensive training program.

Individual training courses are also offered as an option. In these, relevant areas of solution are presented in detail and the supporting use of the ISMS and GRC software will be illustrated.

Basically, the training program is suitable for all users of the ibi systems iris software and, in particular, at the following group of people:
Information Security Officers, Data Protection Officers, IT Security Consultants, responsibles for Compliance, Internal Control Systems, Risk Management, IT Security Management, etc.

Customer Journey

MEET UP

Getting to know and presentation of the use case

CONSIDERATON

Product presentation and handover of further documents

EVALUATION

Coordination of operation, readiness check, proof of concept

ACQUISITION

Coordination of offer

GO LIVE

Configuration coordination and installation

ROLLOUT

Data migration and permissions management

SERVICE

Training, support, customer briefings, user days, etc.

March 8th 2023

iris Expert - Dashboarding
May 19th 2023

iris Expert - Reporting
September 14th 2023

iris Expert - Dashboarding
November 23rd 2023

iris Expert - Reporting

Previous Next

Individual training courses are also offered as an option. In these, relevant areas of solution are presented in detail and the supporting use of the ISMS and GRC software will be illustrated.

Consulting

In addition to the ISMS and GRC software ibi systems iris, we offer comprehensive and competent consulting services. These services are always accompanied by the use of the offered software. Our competent and highly qualified consultants have years of experience in this environment. We know how to set the decisive parameters to guarantee your project success.

Know-how and quality

Our consulting is based on excellent know-how accumulated over the years and always takes place in close cooperation with our customers.

Qualification and interdisciplinarity

We pay attention to a high qualification of our consultants and in the composition of the team on an interdisciplinary background. Through this interdisciplinarity, we can always ensure the right consulting approach for you.

Methodology and software support

Our consulting approach is based on best practices, which we support through the ISMS and GRC software ibi systems iris.

License and operating

License

The ISMS and GRC software is based on the named user license model. For each user, a user-registered access is set up in ibi systems iris. Each active user occupies a license, which always includes the full range of functions. The permissions of a user can be defined individually and with fine granularity by creating and assigning roles.

Operating

The operation of the ibi systems iris software is possible through its installation in your data center (on premises) and as a service by ibi systems (SaaS) in an ECO 5-Star and ISO 27001-certified data center.

Technology

iris is based on modern web technology and is completely web-based – it can be accessed via any current browser. Its multi-client capability allows parallel operation for multiple organizational units with individual permissions. Extensive configuration options (role assignments, form layouts, risk models) ensure that iris can be optimally adapted to your infrastructure. Security mechanisms such as encrypted connections (HTTPS) and optional client certificates are integrated.

References

Due to the industry-independent approach of our software ibi systems iris, we can individually address the needs of our diverse customers. The personal support of our customers by our experienced technical experts is a matter of course for us even after piloting and implementation. The resulting close partnership enables us to respond specifically to customer requirements and to align the further development of our software with the needs of our partners.

The following is a selection of our customers:

Information Materials

We would be happy to send you our Product Information and a Factsheet on the REST API. You can request these using the form on the right-hand side.

Demo and contact

See the added value of ibi systems iris for yourself: Request a no-obligation demo now or get in touch with our experts. We would be happy to present the solution in your individual environment and explain its range of functions, integration options, and licensing options.

Send inquiry

ibi systems iris Integrated ISMS and GRC solution