The compliance information security management system in 12 steps (CISIS12) is an information security management system with which you can independently certify your information security. The CISIS12 standard is a complete Information Security Management System (ISMS). CISIS12 offers a compact and simple introduction to information security, especially for small and medium-sized companies and municipalities. 


The introduction according to CISIS12 is carried out in the following steps:

  1. Create guideline
  2. Raise awareness among employees
  3. Establish information security team
  4. Define IT documentation structure
  5. Introduce IT service management process
  6. Identify critical applications
  7. Analyze IT structure
  8. Modeling security measures
  9. Compare target and actual
  10. Plan implementation
  11. Implement
  12. Revision

Your Experts

The standard includes the description of the standard, an introduction manual and a catalog of measures. CISIS12 concrete measures for the planned and ongoing increase in information security and uses a classification according to "can", "should" and "must". CISCI12 adds an additional layer with compliance aspects to the ISIS12 standard, which was established several years ago.

CISIS12 is a practical introduction to an ISM, especially for SMEs and municipalities for which certification according to ISO 27001 represents a major hurdle due to the scope and complexity. This also enables problem-free later migration to ISO 27001 and provides a good basis for this.

Our range of audit and training services related to ISIS12 is suitable for companies and organizations of all sizes. Do you have any questions about CISIS12? 

Contact us!