LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is ISIS12, and where does it fit in the ISMS landscape?

ISIS12 is a lightweight 12-step ISMS for small and mid-size organisations, developed by the Bayerischer IT-Sicherheitscluster — easier than ISO 27001 but not internationally recognised.

ISIS12 ("Informations-Sicherheitsmanagement in 12 Schritten") gives a fixed cookbook:

  1. Leitlinie erstellen — basic security policy stating goals and target security level.
  2. Mitarbeiter sensibilisieren — awareness training; involve all staff in the IS process.
  3. IS-Team aufbauen — set up the org: ISB (security officer), DSB (data-protection officer), IT staff, user reps.
  4. IT-Dokumentation aufbauen — framework/operations/emergency docs, a "central base template".
  5. IT-Service-Management einführen (ITIL-style) — define the base processes: maintenance, change, incident.
  6. Kritische Anwendungen identifizieren — business-impact analysis (CIA, max. tolerable downtime / MTA, SLA).
  7. IT-Struktur analysieren — map applications to systems and infrastructure; inherit protection needs.
  8. Sicherheits-Massnahmen modellieren — pick the matching Bausteine from the ISIS12 catalogue.
  9. Ist-Soll-Vergleich — gap analysis against the catalogue (possibly a first maturity rating).
  10. Umsetzung planen — cost estimate, prioritise and consolidate the measures.
  11. Umsetzen — actually deploy controls (define responsibilities, deadlines, resources).
  12. Revision — review plan, continuous improvement through further cycles, optional certification.

Pros / Cons (recurring across all ISMS frameworks):

Pro Contra
Simple, very concrete License fee
Tailored to KMU Not internationally recognised
Doesn't scale to large orgs

Tip: If your customer is a 30-person German SME with no compliance pressure, ISIS12 may be the right tool. If they sell into US enterprise, they'll be asked for ISO 27001 instead.

Go deeper:

  • doc ISIS12 / CISIS12 — the 12-step ISMS for SMEs and municipalities from the Bavarian IT-Sicherheitscluster, and its successor CISIS12.

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 14, 2026