• EN
    • DA
    • NO
    • SE
Kamstrup
Naviair_Logo
TopDanmark
Logo_Satair_2 (2)
Sund og Bælt logo

Tired of workarounds in Excel or Jira?

Excel is perfect for calculation. Jira is perfect for project management. RISMA is perfect for ISMS compliance. Everything in our solution is built with experts and modified by customers to perfectly match your needs requirement so you can ISO comply in the most efficient and seamless way.

Gain Total Visibility

With a glance, you’ll have a total overview through a complete mapping of your information assets allowing you to easily identify and close gaps.

60ad07021195130be814998b_Blue checkmark_RISMA-03

Complete visual mapping of all your information assets

60ad07021195130be814998b_Blue checkmark_RISMA-03

Manage policies and proceduresin the process library

Gain Total Visibility
Tailored Action Plan

Tailored Action Plan

Turn your insights and gaps into a tailored and comprehensible action plan with follow-up actions and controls to ensure things get done and on time.

60ad07021195130be814998b_Blue checkmark_RISMA-03

Create transparency across the different departments

60ad07021195130be814998b_Blue checkmark_RISMA-03

Create annual wheels with automatic controls

60ad07021195130be814998b_Blue checkmark_RISMA-03

Help employees save time and resources

Continuous Compliance

With on-going controls, you can make sure gaps remain closed. It ensures your continuous compliance and supports the 114 Annex A control objectives in ISO27001.

60ad07021195130be814998b_Blue checkmark_RISMA-03

Automation ensures tasks are completed correctly & ontime

60ad07021195130be814998b_Blue checkmark_RISMA-03

Central catalog of IT Controls

Continuous Compliance
Report & Documentation

Report & Documentation

Easily extract a complete Statement of Applicability (SoA) document, report on progress, and get a full documentation of the organization's security.

60ad07021195130be814998b_Blue checkmark_RISMA-03

Risk documentation report

60ad07021195130be814998b_Blue checkmark_RISMA-03

Report progress on the action plans

GRC Intelligence Center

Adopt a proactive approach. Stay on top of your governance, risk, and compliance, and get a complete status and performance overview across your organization. 

60ad07021195130be814998b_Blue checkmark_RISMA-03

Build confidence with board and regulators, as well as with partners and customers by establishing a strong data governance and status framework

60ad07021195130be814998b_Blue checkmark_RISMA-03

Actively measures custom-defined KPIs across solutions, individuals, teams, and related companies

60ad07021195130be814998b_Blue checkmark_RISMA-03

Measure GRC efforts over time by gathering historical data that indicates your compliance score and performance.

read more here
GRC-Intelligence-Center_Smaller-size

Get an overview and action plan so you can systematize your information security

All your needs in a seamless ISO 27001 solution

Let's talk

Key features in our ISMS solution

SUPERVISION WITH IT SYSTEMS
SUPERVISION WITH IT SYSTEMS
The feature enables you to get an overview of your various IT systems, so you can evaluate them.
INTERNAL AUDITS
INTERNAL AUDITS
Internal audits give you an overview of the actions you need to take to achieve compliance across the entire organization.
POLICY MANAGEMENT
POLICY MANAGEMENT
The process library gives you the opportunity to structure your policies and procedures and create awareness about them.
GET OVERVIEW AND CHECK
GET OVERVIEW AND CHECK
A clear gantt chart will help you to keep track of the progress of your efforts, while an annual overview will give you insights into whether people are doing their controls or not.
AUTOMATE PROCESSES
AUTOMATE PROCESSES
You can automate processes, making it easy for your organization to ensure that delegated tasks are followed up by the individual.
CREATE AWARENESS
CREATE AWARENESS
You can communicate directly with colleagues when, for example, they need to confirm that they have read and understood new updates – e.g. new policies or procedures.

ISO 27701 - Combined ISMS and GDPR solution

Information security plays an important role in the EU’s General Data Protection Regulation, which aims to ensure that all companies increase information security, create transparency, and secure data subjects’ rights when it comes to big data flows inside an organization. By combining our ISMS solution with our GDPR solution, you and your colleagues can work towards complying with the data protection regulation and following the ISO 27701 standard at the same time.

General Data Protection Regulation

General Data Protection Regulation

Manage compliance frameworks, controls, risks, policies, and reporting in one integrated solution.
Read about our GDPR solution  ➝
Risk Management

Risk Management

Define, assess, analyze and mitigate your organization’s risks and turn your insight into strategic assets.
Read about our Risk solution ➝

ISO 27001 Compliance
We guide you through the process step by step

Risk Assessment

Risk Assessment

 Identify information assets

Identify information assets

 Gather information

Gather information

 Gap Analysis

Gap Analysis

 Mitigating Actions and Controls

Mitigating Actions and Controls

Risk Assessment

Firstly, you need to identify the risks of your organization. For example, coronavirus, theft, hacking, ransomware, and system crashes. The risk assessments help you gain an overview so you can narrow your efforts to areas that are above your risk appetite. The risk assessments are based on our threat and vulnerability catalogs as well as probability. Then, you can do an impact assessment - FIT, CIA, or your own setup.

Identify information assets

You must identify information assets that are relevant to your information security – i.e. data controllers, data processors, suppliers, and systems. It will provide an overview of the scope of your information security work. This means you get a strategic management tool that helps you determine the objectives, boundaries, and responsibilities of your IT security policy.

Gather information

Using a structured questionnaire, based on the control objectives of the ISO 27001 standard, you are guided through the information gathering process. The ISMS solution makes it possible to delegate information tasks to different people, so the most qualified employees provide the input. You can also create specific questionnaires that target your data processors and system administrators.

Gap Analysis

Once the necessary information has been collected, you need to create and associate risks with your systems and data processors. This will allow you to do a gap analysis where you compare the 114 Annex A control objectives with your information. Along the way, you can easily extract a complete Statement of Applicability (SoA) document and get a full documentation of the organization's security measures.

Mitigating Actions and Controls

When the gap analysis has been made, you will have a 114-step plan for your further work. Link controls or initiatives at each step that minimize the gap and mitigate the identified risk. Controls may include, for example, samples, logs, and back up tests

Implementation of ISO 27001 solution

Our ISO 27001 ISMS software has an intuitive user interface, making it easy to work with. However, the implementation process can be a big task to handle on your own.

To get the best possible start with RISMA's ISMS software, our colleagues in Customer Success are ready to help you get started on a planned implementation process. They will also continuously support you so that you get the most value out of your solution.

Learn more  ➝
Onboarding

Learn how we can fit into your business

Explore how we can simplify your ISO compliance journey through our platform.

GET started
Ready to try RISMA
A GRC Platform To Bring The Organization Together

A GRC Platform To Bring The Organization Together 

Power your organisation by connecting data, teams, action and reporting in an integrated GRC platform.  

Whether you deploy one, two, or all our solutions, RISMA GRC platform provides great value by boosting collaboration, increasing visibility, and saving time for everyone involved.

Explore our GRC platform ➝
Ikoner

INTERNAL AUDIT
STREAMLINED

Effortlessly automate, document and report all your controls - including assessment, mitigation and monitoring in one simple platform.

LEARN MORE
Arrow Right
RISK MANAGEMENT ORGANIZED

RISK MANAGEMENT
ORGANIZED

Define, assess, analyze and mitigate your organization’s risks and turn your insight into strategic assets.

LEARN MORE
Arrow Right
GDPR Compliance Unified

GDPR Compliance
Unified

Manage compliance frameworks, controls, risks, policies, and reporting in one integrated solution.

LEARN MORE
Arrow Right

FAQ

What is ISO / IEC 27701?

Arrow

It is called ”Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines".

According to Dansk Standard, it is a management tool that provides knowledge of workflows and measurement that organizations should establish to achieve adequate protection of personal data.

It is an extension of ISO 27001 for information security. Thus, it extends the standard with special requirements for the processing of personal data.

What are the benefits of obtaining ISO/IEC 27001/2 certification for my organization?

Arrow

ISO/IEC 27001/2 certification is not a legal requirement, but many organizations choose to implement the standard in order to benefit from ISO's best practices and gain a competitive advantage.

Certification provides a robust framework for effective information security management, enabling organizations to proactively mitigate the risk of cyber attacks and limit the impact of data breaches, thus ensuring business continuity. '

Some of the benefits of obtaining ISO/IEC 27001/2 certification include:

  • Improved trust and confidence from stakeholders
  • Increased customer satisfaction and loyalty
  • Enhanced reputation and credibility
  • Improved risk management and decision making
  • Greater efficiency and productivity in managing information security
  • Compliance with legal and regulatory requirements.

What is the Statement of Applicability (SoA) in ISO 27001 documentation?

Arrow

The Statement of Applicability (SoA) is a status report that outlines an organization's work on information security and is an integral component of the ISO 27001 standard. Essentially, it serves as a declaration of an organization's chosen level of information security in a given process, along with the rationale behind selecting respective measures. The SoA provides a valuable link between an organization's risk assessment and risk treatment.


The SoA is an indispensable tool in relation to information security, as it contains justifications for the inclusion or exclusion of specific security measures. As a result, an organization must evaluate all information security controls - including those that may not be applicable to a particular case - to ensure comprehensive and effective information security management. The SoA typically includes a list of security controls and their corresponding justifications for selection or exclusion.


The SoA can be a valuable tool for demonstrating compliance with external stakeholders, such as regulatory bodies or clients. It can also be used as a reference for ongoing security management, providing a clear overview of the security measures and their justifications. The SoA is an essential part of ISO 27001 certification, as it demonstrates that an organization has identified and implemented appropriate security measures to manage and mitigate its risks.

What is ISMS (Information Security Management System)?

Arrow

ISMS is an abbreviation for Information Security Management System, which is a management system for managing the information security of organizations. With an effective ISMS, organizations can ensure business continuity by proactively mitigating the risk of cyber-attacks and limiting the impact of potential data breaches.

Implementing an appropriate level of information security requires a comprehensive understanding of the organization's departments and workflows. ISO 27001 can be used as a starting point for information security work. Although the standard does not directly specify specific security measures, it describes best practices for managing security both internally and externally through its 114 Annex A control objectives.

The goal is to protect three important aspects of information:

  • Confidentiality - to ensure that information is not accessible or disclosed to unauthorized persons, devices, or processes.
  • Integrity - to ensure that information is complete and accurate and protected against corruption.
  • Availability - to ensure that information is accessible and usable by authorized users.