User:Gerhardkron/sandbox

The software opus i supports creating, maintaining and certifying management systems used in information technology (information security management according to ISO 27001 and/or BSI´s IT-Grundschutz, data privacy management). opus i is used by small and medium-sized companies, agencies and international companies in Germany, Austria and Swiss to implement national and international policies and regulations.

opus i can be used in several languages, English and German are already implemented. opus i was released in 2009 as successor of the also modularly built management system BDAdmin. The name opus i derives from the latin term opus (work) and information technology.

ISO 27001 / ISO 27002 / ISO 27005
opus i supports creating and maintaining an Information security management system as described within the ISO 27001. The texts of the norms are completely contained in opus i. The 17 controls of the ISO 27001 and the 133 controls of the ISO 27002 are displayed in a tree structure and enable lucid editing. Every control is provided with description, implementation instructions and additional information. Implementation information like initiator and implementor, date or reasoning can be deposited for every control. External documents are assigned to the control via links. For every displayed process an individual risk analysis can be created in form of a risk matrix. opus i fully supports the ISO 27005 and automatically generates the risk treatment and the statement of applicability.

BSI´s IT-Grundschutz
The German ISMS standard IT-Grundschutz of the BSI is as well supported by opus i as is the ISO 27001. The IT structure analysis, modelling the objects of an IT asset, the determination and transfer of protection requirements and the basic security check are implemented as described in the BSI Standards 100-1 and 100-2. The original BSI modules (about 70), the threat descriptions (about 650) as well as the safeguard descriptions (about 1200) are included and can be read and printed in reports and work papers. For every IT-Grundschutz safeguard the corresponding ISO 27001 controls can be displayed.

ISO 27001 and BSI´s IT-Grundschutz
For complete display of the 150 ISO controls they can be connected to the threats and safeguards of the IT-Grundschutz. Via the Risk analysis and the defined acceptance criteria (acceptable risk, ALARP and inacceptable risk) the threats provided by the IT-Grundschutz (about 500) are classified within the three acceptance levels and mark the relevance of the about 650 IT-Grundschutz safeguards. Editing an ISO 27001 process while at the same time editing an IT asset according to BSI´s IT-Grundschutz is possible.

Other Data Privacy Policies and Regulations
Because of its open structure in opus all data privacy policies and regulations can be depicted and edited.

Planned management systems
According to the developer the support of the following management systems is planned: auditing the licenced management systems ISO 27001, IT-Grundschutz and data privacy according to the ISO 19011; ITIL; ISO 27000; quality management, ISO 9000. All management systems are to be directed in the area of information technology.

Local, National and International Implementation
Local work within the management system is in opus i done via the main application (Windows). For national and international implementation the web-based application opusiSporWEB is provided. Browser-based and thus platform-independent it is simply a mirror of the main application whose data are transferred in the main application.

Databases
opus i is delivered with its own cost-free SQL database. The following databases can be used liable for cost: Microsoft SQL Server with SQL or Windows authentication, MySQL, Oracle, DB2, SYBASE, Informix, PROGRESS.

Weblinks
http://www.kronsoft.com

Category: Application software Category: Business software Category: Risk management software