Information Security Management · ISMS

Setting up and operating ISMS according to ISO 27001, BSI IT-Grundschutz, and NIS 2

ANYVA supports the structured setup and ongoing operation of an information security management system – with a direct link to the data protection system and traceable documentation.

Arrange a demo View all modules

Scope of functionality

✓Asset management with a process orientation
✓Risk Assessment & Risk Management
✓Information Security TOMs
✓Vulnerability management
✓Action Tracking (PDCA)
✓Internal Audit Management
✓ISO 27001 / BSI / NIS-2 Documentation

The approach

Information security as a continuous process – not a one-off project

An ISMS is not a state that is achieved once and then maintained. It must be continuously operated, audited, and improved. ANYVA supports this ongoing operation with structured workflows, traceable decisions, and auditable documentation.

Desktop computer

Asset Management

Capture systems, applications and infrastructure and link them with processes, data and risks. Changes to assets automatically impact risk assessment.

Scales

Risk assessment

Assess risks based on real asset and process data. Document and track threats, vulnerabilities, and likelihood of occurrence in a structured manner.

Shield

Information Security TOMs

Security measures apply simultaneously to ISMS and DSMS – without redundant maintenance in two systems.

🔍

Vulnerability management

Link CVEs and vulnerabilities directly to affected assets and risks. Make the impact on processes immediately visible.

✅

Measures & PDCA

Manage security measures with responsible persons, deadlines, and effectiveness checks – comprehensible and auditable.

📊

Audit management

Plan, conduct and document internal audits. Seamlessly manage deviations, corrective actions and evidence.

Supported Frameworks

ISO 27001, BSI-Grundschutz and NIS-2

ANYVA aligns itself with established standards, without mechanically replicating them. The platform provides the structures; your organisation fills them with content.

🔐

ISO 27001

Information Security Management System

Structured implementation of requirements according to ISO/IEC 27001 – from risk analysis and control objectives to the Statement of Applicability.

The Acropolis

BSI IT-Grundschutz

IT Security Standard for Public Authorities and Businesses

BSI-oriented structures for organisations that build on the BSI Compendium or aim for BSI Basic Protection certification.

🌐

NIS-2

Network and Information Security Policy

Implementing the NIS2 Directive requirements in a structured way – risk management, reporting obligations, security measures, and supply chain security.

ANYVA supports the structured implementation of these standards – certification additionally requires external audits by accredited bodies.

Data protection connection

Information Security Management System (ISMS) and Data Security Management System (DSMS) on a data model

The key difference to isolated ISMS tools: ANYVA connects information security and data protection on a shared data model. This avoids duplication of effort and makes interrelationships visible.

What this means in practice:

→TOMs apply to both ISMS and DSMS simultaneously – maintain once, twice as effective
→IT risks are linked to data protection risks – automatically, without manual transfer.
→Connecting assets to ISMS and VVT without duplicate entry
→An audit trail for both systems – no separate evidence folders

In practice, that means

✓TOMs apply to ISO 27001 and the GDPR simultaneously.

✓Risk assessments cover ISMS and data protection.

✓A common audit trail for both areas

✓CVE Management impacts data privacy risks

✓Less duplication of effort in ongoing operations

Head-to-head comparison

Conventional Tools vs. ANYVA

Conventional ISMS tools

ANYVA

Separate data models for ISMS and DSMS

A common data model for both areas

Maintain TOMs for each discipline separately

One-time setup for TOMs – effective for both ISO 27001 and GDPR simultaneously

IT risks and data protection risks considered in isolation

Risks automatically have a reciprocal effect on both compliance areas.

Vulnerabilities recorded for IT security only

CVEs directly influence GDPR risks.

Manual document reconciliation required for audits

Full audit trail on demand

Practical scenario

What happens three months before an ISO 27001 audit?

Audit preparation in a classic ISMS means weeks of manual work. ANYVA makes the difference tangible.

Classic approach

✗Manually compiling evidence from different systems

✗Check controls and document manually

✗Deviations can only be identified by the inspector.

✗Prepare ISMS and DSMS evidence separately

⚠ Weeks of preparation – despite this, incomplete evidence may still be possible

With ANYVA

✓Audit trail is created continuously in operation

✓Control assignments are permanently documented

✓Gaps always visible – not just at the audit

✓ISMS and DSMS from a single system, demonstrable together

✓ Audit preparation in hours, not weeks

Build an ISMS in a structured way

In a demo, we'll show you how ANYVA builds your ISMS – from the initial risk analysis to audit-ready proof.

Arrange a demo View platform