ibi systems
References
ibi systems
A selection of our references
Customer Feedback
“With ibi systems iris, you get an efficient and user-friendly management tool that enables you to holistically manage sustainability within your organization. The software provides you with a comprehensive view of your sustainability risks while helping you prioritize and track findings and necessary actions. The control process built into the tool can be easily adapted to your organization and requirements. With the ability to generate flexible reports at the click of a button, you always have a complete overview of sustainability within your company.”
“The ibi systems software proved to be an invaluable asset during the design, implementation, and operation of an ISO/IEC 27001-compliant and now certified Information Security Management System (ISMS) for the Transportation division of Thales Germany! The software we used delivers significant added value to our ISMS process, not least due to its ease of use.
The collaboration with ibi systems was straightforward and constructive from the very beginning. A knowledgeable contact person was always available to answer questions. This close communication made the software’s implementation phase particularly smooth.”
“With ibi systems iris, we have successfully replaced our Excel-based process for recording and calculating all operational risks with a suitable software solution. This makes it easy to ensure the quality of our operational risk data. In addition, the integrated, automatically generated reports allow us to meet both internal group reporting requirements and external outsourcing requirements—with minimal effort!”
“ibi systems iris has been providing us with significant support in the areas of quality management and internal control systems (ICS) for many years. This allows us to centrally manage regular audits through the software and efficiently assign, conduct, document, and evaluate them.”
Practical Examples
ICS - software-supported ICS according to PS 951 / ISAE 3402
Customer: Bank, Munich
Topic: ICS – PS 951 / ISAE 3402
Tasks: conception, software support, project support
Starting position and objective
- Alignment of the process and control objectives according to the international framework Cobit 5
- Transferring the existing ICS into a software-supported approach with systematic assessments to control and avoid risks
Procedure and solution
- Support in creating concrete controls from Cobit 5 templates
- Ensuring the multiple use of these controls in different assessments (for example, in parallel assessments with different assessment objects)
- Definition of standardized questionnaires for individual topics (e.g., event management, authorization management, etc.)
- Ensuring that all relevant and risky IT core processes are taken into account by means of standardized questionnaires
- Connection of the adjusted controls with the process or control objectives of the Cobit 5 standard (thereby: simplified coordination of the assessment contents at the service providers of the customers)
Operational Risk Management according to Basel II
Customer: Bank, Munich
Topic: Basel II (OpRisk) – recording, calculation and reporting
Tasks: Adaptation (interfaces), introduction and operation of the software “ibi systems iris”
Starting position and objective
- Replacement of the Excel-based recording and calculation of all operational risks by means of a suitable software solution
- Connection of the existing loss database
- Illustration of the updated organizational and process structure
- Automated international group reporting according to Basel II
Procedure and solution
- Introduction of the “ibi systems iris” software including recording and integration of the organizational and process structure as well as connection of the existing loss database
- Extension/programming of individual reports for the automatic international group reporting according to Basel II
- Support for matching all relevant data
- Fulfill requirements for OpRisk data regarding historicization
- Ongoing determination of data quality (providers, processes, assets) and coordination of necessary corrections
Information security - development of an ISMS incl. support of the certification according to ISO 27001
Customer: Energy supplier, Regensburg
Topic: Certification according to the IT security catalog for energy suppliers (ISO 27001 and 27019)
Tasks: Project support, implementation of an information security management system based on the software “ibi systems iris”, certification support
Starting position and objective
- Introduction of an ISMS based on the IT security catalog published by the Federal Network Agency and its certification in accordance with ISO 27001 until 31 January 2018
- Ensuring adequate protection against threats to telecommunications and electronic data processing systems necessary for secure network operation
Procedure and solution
- Introduction of the ibi systems iris software including recording and filing of the organizational and asset/process structure
- Workshops as well as trainings for the establishment of the standard requirements as well as implementation of measures and documentation
- Imaging and continuous improvement of the ISMS using the ibi systems iris software
- Implementation of risk management with ibi systems iris
- Preparation of successful certification
- Preparation for the roll-out of the ISMS to the entire group
Information security - business impact analysis and risk assessments
Customer: Media group, Luxembourg
Topic: ISMS – BIA, self-assessments, risk assessment
Tasks: Customizing and introduction of the software “ibi systems iris”
Starting position and objective
- Replacement of excel-based recording and evaluation of assets, deviations, risks and measures
- Providing a software solution for assisting in performing of assessments (regarding ISMS)
- Global centralized data management to improve data quality and consistency
- Reduction of high cost for external consultants in the past
Procedure and solution
- Introduction of the “ibi systems iris” software including recording and integration of the organizational and process structure
- Transfer of historical inventory data (assets, risks, measures) from the previous ISMS cycles
- Extension/adaptation of the software to customer-specific requirements
- Creation of reports as well as export possibilities in order to be able to transfer data collected in “ibi systems iris” to the “old world” to improve the acceptance (e.g., use of existing excel macros for risk aggregation etc.)
Information security - introduction of an ISMS based on ISO 27001
Customer: Media company, Munich
Topic: Data protection and ISMS according to existing standards (EU-DSGVO, ISO 27001)
Tasks: Provision and customizing of the software “ibi systems iris”
Starting position and objective
- Introduction of an ISMS based on ISO 27001
- Integration of relevant compendiums and test templates
- Consideration of the requirements of the EU GDPR in the tool
Procedure and solution
- Provision and installation support for the software “ibi systems iris”
- Preparation and provision of relevant compendiums and test templates for import into “ibi systems iris”
- Customizing of the “ibi systems iris” software with regard to the EU-GDPR
Information security - ISMS with tool-based risk management
Customer: Insurer, Neunkirchen
Topic: ISMS with focus on risk management
Tasks: Introduction support and configuration of the software “ibi systems iris”
Starting position and objective
- Introduction of an Information Security Management System (ISMS)
- Consideration of IT-Grundschutz
- Tool-based risk management
Procedure and solution
- Installation support and configuration of the software “ibi systems iris”
- Training on how to use tool-based risk management with “ibi systems iris”
Information security - ISMS according to ISO 27001/2
Customer: Service company, Gütersloh
Topic: ISMS – BIA, self-assessments, risk assessment
Tasks: Customizing and introduction of the software “ibi systems iris”
Starting position and objective
- Replacement of excel-based recording and evaluation of assets, deviations, risks and measures
- Providing a software solution for the holistic support of the ISMS
- Worldwide deployment and centralized data management to improve data quality and consistency
Procedure and solution
- Introduction of the “ibi systems iris” software including recording and integration of the organizational and process structure
- Transfer of historical inventory data (assets, risks, measures) from the previous ISMS cycles
- Extension/adaptation of the software to customer-specific requirements
- Creation of reports as well as export possibilities in order to be able to transfer data collected in “ibi systems iris” to the “old world” to improve the acceptance (e.g., use of existing excel macros for risk aggregation etc.)
Information security - management according to VDA-ISA
Customer: Producing company, Nuremberg
Topic: VDA-ISA self-assessments, risk management
Tasks: Customizing and introduction of the software “ibi systems iris”
Starting position and objective
- Replacement of an existing software solution (Verinice)
- Worldwide use through local ISOs
- Establishment of a central repository for VDA-ISA self-assessments of all Group units
- Establishment of a system-supported risk management
Procedure and solution
- Introduction of the software “ibi systems iris” including recording and integration of the organizational and process structure
- Data transfer of all previous VDA-ISA assessments since 2011
- Provision of a VDA-ISA template for self-assessments
- Creation of an individual report for the evaluation of self-assessments
- Training on the design of risk management in “ibi systems iris”
Information security - management of requests / exceptions
Customer: Automotive group, Wolfsburg
Topic: Management of IT-Security requests / exceptions
Tasks: conception, implementation, introduction
Starting position and objective
- Management of exceptions by defined rules for certain business processes (e.g., sales request to release the USB port)
- Ensuring consistent decisions
Procedure and solution
- Development of a system for the management of requests
- Recommendation to reject or approve requests based on historical decisions
Interested in working together?
Are you interested in using one of our software solutions? Contact us to schedule a personal consultation and/or a no-obligation demo.