ibi systems iris
Integrated ISMS and GRC solution
Compliance with relevant requirements
through guided implementation audits against internal and external requirements
(e.g., ISO 27001, NIS-2, DORA, VAIT, etc.)
ibi systems iris
Solution Areas
The solution areas of ibi systems iris encompass “SECURITY, GOVERNANCE, RISK, and COMPLIANCE management.”
The focus is on appropriate implementation, assessing effectiveness, ensuring traceability, and enabling control across a wide range of application scenarios and use cases in these areas. The platform provides comprehensive support to organizations, from the structured collection of relevant information through its evaluation to sustainable management and continuous improvement. The integrated view of the individual disciplines makes it possible to transparently map dependencies and interactions and manage them in a targeted manner.
The consistent mapping of requirements, risks, controls, and measures creates a robust database that supports both operational and strategic decisions. At the same time, it provides high transparency regarding the current status as well as developments and trends. This not only facilitates compliance with regulatory requirements but also strengthens organizations’ ability to identify risks early, respond appropriately, and sustainably develop their governance and security structures.
Scope of functions:
ibi systems iris enables the structured mapping of an information security management system across its entire lifecycle.
Information assets are recorded and classified according to their protection requirements. Threats and vulnerabilities are systematically identified and translated into a transparent risk assessment.
Security measures are planned, documented, and their implementation monitored. Audit results and security incidents are recorded in an integrated manner and incorporated into a continuous improvement process.
In particular, the solution supports requirements from ISO/IEC 27001, ISO/IEC 27002, and BSI IT-Grundschutz.
Benefits:
A high level of traceability is achieved for the information model and the underlying ICT architecture.
The adequacy and effectiveness of measures are demonstrated through documented controls, reduced risks, and improved audit results.
Organizations gain a transparent view of their security status and can manage security measures in a targeted manner.
Scope of functions:
ibi systems iris supports the structured mapping of governance structures, including policies, responsibilities, and control mechanisms.
Controls are defined, embedded within the organization, and their implementation is documented.
The platform enables the linking of governance requirements with risks and operational processes.
Management reports present the current status of controls and governance structures.
Supported features include comprehensive activities related to ICS or quality management, as well as audit requirements from IDW PS 951 and ISAE 3402.
Benefits:
The adequacy and effectiveness of governance structures can be assessed through complete documentation and mapping to requirements, as well as verification of their implementation via documented controls.
Management receives a solid basis for decision-making and a transparent view of responsibilities and control mechanisms.
Scope of functions:
ibi systems iris supports the systematic recording and implementation of regulatory and legal requirements.
External requirements are translated into internal requirements and measures, and their implementation is monitored.
Among other things, the platform enables the documentation of evidence, the recording and reporting of incidents, required resilience and BCM measures, and appropriate audit planning.
Data protection requirements are supported through the recording of processing activities and technical measures.
This supports specific requirements and best practice standards such as BSI 200-4, ISO 22301, GDPR, BDSG, MaRisk, NIS-2, and DORA.
Benefits:
Adequacy and effectiveness result from the comprehensive mapping of regulatory requirements and are demonstrated through controls and audits to ensure implementation.
Organizations reduce liability risks and enhance their regulatory compliance.
Scope of functions:
ibi systems iris enables integrated risk management in which risks are systematically identified, assessed, and prioritized.
Risks are directly linked to requirements, controls, and measures.
The platform supports the definition of risk treatment strategies as well as the continuous monitoring and reassessment of risks.
Historical assessments enable the traceability of risk evolution.
Supported standards include ISO 31000, ISO 27005, and COSO ERM.
Benefits:
The appropriateness of the risk assessment stems from the structured methodology and comprehensive documentation.
The effectiveness of risk management is verifiable through the linkage to measures and controls.
Management gains a consistent and reliable view of the risk situation and can make informed decisions.
Highlights
Individually customizable list views
All list and tree views in ibi systems iris can be customized to suit individual users. You can flexibly show or hide the attributes that are relevant to you as columns, allowing you to prepare information according to your own needs.
ibi systems iris offers further support by allowing you to define complex filter parameters and link them together. The filters can also be customized and saved for specific user groups or for each user individually. Lists containing the relevant information can be exported to common file formats with just one click of the mouse.
Clear detail views
All information and mappings for a dataset are stored in several tabs. The overview of the dataset summarizes this stored information and allows you to add and edit mappings to other elements of ibi systems iris.
This allows you to view all important information about a dataset in a clear, detailed view and, for example, display and edit the listed information about a risk on a single page without having to jump back and forth between multiple pages.
Intuitive user guidance and integration of third parties via iris apps
The iris apps, which were first launched in mid2025, are used in the areas of requirements management and assessment performance. These apps intuitively guide the user through the defined workflow and at the same time allow interaction with, for example, assessment responsibilities or requirements processors without media discontinuity.
In the area of assessment performance, third parties can also be easily involved by sending a link, for example, to answer a supplier assessment questionnaire. You can then process the results directly in ibi systems iris.
The iris apps are gradually being expanded to include additional functions. Please feel free to contact us for more information.
Contextual help
ibi systems iris supports you in your daily work with comprehensive context-sensitive help that can be accessed on every page in the software. The help page dynamically adapts to the area currently displayed.
It contains helpful information about the structure of the current page and the underlying functionalities and internal processes. Clear application examples provide suggestions for using the individual functions in ibi systems iris. Explanatory diagrams also support you with complex topics.
Integrated reporting
With ibi systems iris, you can report quickly, target-group-specific and reliable. The integrated reporting engine enables you to create state-of-the-art reports according to your own wishes and needs:
- Many integrated standard reports with central administration possibility
- Individual adaptability of standard reports according to your own wishes
- Creation of your own reports according to individual requirements and needs in expert mode
- Automatic storage of reports as documents in ibi systems iris
- Export of reports in various file formats (word, pdf, excel, e-mail)
Configurable dashboards
With meaningful widgets in the dashboards, the ISMS software ibi systems iris provides you with a concise summary of relevant information on all data stored:
- Dashboards with predefined widgets, such as risk map, upcoming findings, active assessments, or an overview of all open measures
- Dashboards for every functional area with central administration possibilities
- Possibility of independent creation of individual dashboards by the user via drag-and-drop, including free scaling and positioning (creation / editing in the integrated designer)
- Drill-down functionality within the widgets down to the individual dataset
REST API for connecting third-party systems
The REST API provides standardized interfaces for connecting any third-party system, for example for importing and exporting assets from a CMDB, for integrating an request portal or for the automated creation of assessments.
Functions
My iris
- Central management cockpit with interactive dashboards
- Numerous ready-made dashboards (e.g. “My tasks and deadlines“, “Management review“, “Risks“, “Assessments“
- Individual creation of dashboards with integrated dashboard designer
Repository
- Creation, management and versioning of standards, laws, regulatory and internal requirements
- Management of statements and exceptions
- Features for collaborative work on requirements
Architecture
- Asset and process management with measure recommendations
- Protection requirements, business continuity management and business impact analysis
Assessments
- Creation, scheduling and performance of assessments based on templates in a modular system
- Automated audit planning
- Intelligent recommendations for measures
- App for the performance of assessments with intuitive user guidance
Findings
- Overview, recording and processing of findings (e.g., vulnerabilities)
- Management of damage events
Indicators
- Creation and management of indicators
- Controlling the continuous recording of measurements
- Actions for breached or not fulfilled values
Risks
- Creation, evaluation and treatment of risks
- Definition of risk treatment options
- Categorization of risks
Emergency
- Creation of emergency scenarios
- Execution of emergency drills
- Creation of real emergency events
- Creation of emergency manuals
Measures
- Overview and management of measures
- Detailed tracking of the implementation status of measures
Documents
- Overview and management of documents
- Verification of document validity
- Classification of documents
Reporting
- Export of reports based on manageable templates (word, pdf, excel, e-mail)
- Export of all filterable and customizable lists (excel, csv)
- Individual report generation with integrated report designer
Launch and training
Professional support in configuration and launch
Benefit from our experience in configuration and launch of ibi systems iris. Optimal realization considering your individual needs and aims is in our focus.
Integration of relevant content and data migration
Relevant content can be uploaded directly after the launch of ibi systems iris via the software’s integrated import center. Such content can be any set of rules and regulations (e.g., laws, standards and norms etc.) or any assessment template (e.g., VDA-ISA etc.).
If an existing system is to be replaced by ibi systems iris, it is important to migrate the existing database quickly and easily. For this initial data migration, the software ibi systems iris offers useful import functions based on excel. For example, the assets including the modeling of the relations to each other can be imported. Of course, our specialists and data experts are always available for complex migrations.
Training
Expand your know-how through our training program and get detailed expert knowledge about all functions of the ibi systems iris software. Your participation will be confirmed by a certificate. To do so, select the appropriate topic focus for you from our comprehensive training program.
Individual training courses are also offered as an option. In these, relevant areas of solution are presented in detail and the supporting use of the ISMS and GRC software will be illustrated.
Basically, the training program is suitable for all users of the ibi systems iris software and, in particular, at the following group of people:
Information Security Officers, Data Protection Officers, IT Security Consultants, responsibles for Compliance, Internal Control Systems, Risk Management, IT Security Management, etc.
Customer Journey
MEET UP
Getting to know and presentation of the use case
CONSIDERATON
Product presentation and handover of further documents
EVALUATION
Coordination of operation, readiness check, proof of concept
ACQUISITION
Coordination of offer
GO LIVE
Configuration coordination and installation
ROLLOUT
Data migration and permissions management
SERVICE
Training, support, customer briefings, user days, etc.
Individual training courses are also offered as an option. In these, relevant areas of solution are presented in detail and the supporting use of the ISMS and GRC software will be illustrated.
Basically, the training program is suitable for all users of the ibi systems iris software and, in particular, at the following group of people:
Information Security Officers, Data Protection Officers, IT Security Consultants, responsibles for Compliance, Internal Control Systems, Risk Management, IT Security Management, etc.
Consulting
In addition to the ISMS and GRC software ibi systems iris, we offer comprehensive and competent consulting services. These services are always accompanied by the use of the offered software. Our competent and highly qualified consultants have years of experience in this environment. We know how to set the decisive parameters to guarantee your project success.
Know-how and quality
Our consulting is based on excellent know-how accumulated over the years and always takes place in close cooperation with our customers.
Qualification and interdisciplinarity
We pay attention to a high qualification of our consultants and in the composition of the team on an interdisciplinary background. Through this interdisciplinarity, we can always ensure the right consulting approach for you.
Methodology and software support
Our consulting approach is based on best practices, which we support through the ISMS and GRC software ibi systems iris.
License and operating
License
The ISMS and GRC software is based on the named user license model. For each user, a user-registered access is set up in ibi systems iris. Each active user occupies a license, which always includes the full range of functions. The permissions of a user can be defined individually and with fine granularity by creating and assigning roles.
Operating
The operation of the ibi systems iris software is possible through its installation in your data center (on premises) and as a service by ibi systems (SaaS) in an ECO 5-Star and ISO 27001-certified data center.
Technology
iris is based on modern web technology and is completely web-based – it can be accessed via any current browser. Its multi-client capability allows parallel operation for multiple organizational units with individual permissions. Extensive configuration options (role assignments, form layouts, risk models) ensure that iris can be optimally adapted to your infrastructure. Security mechanisms such as encrypted connections (HTTPS) and optional client certificates are integrated.
References
Due to the industry-independent approach of our software ibi systems iris, we can individually address the needs of our diverse customers. The personal support of our customers by our experienced technical experts is a matter of course for us even after piloting and implementation. The resulting close partnership enables us to respond specifically to customer requirements and to align the further development of our software with the needs of our partners.
The following is a selection of our customers:
Information Materials
We would be happy to send you our Product Information and a Factsheet on the REST API. You can request these using the form on the right-hand side.
Demo and contact
See the added value of ibi systems iris for yourself: Request a no-obligation demo now or get in touch with our experts. We would be happy to present the solution in your individual environment and explain its range of functions, integration options, and licensing options.