QSEC simple information security (ISMS)

Exactly what you are Missing

Have you previously perceived the world of GRC and IT security as a tedious and time-consuming duty? The coordination of processes, guidelines and standards is complex and constant changes make it difficult to maintain an overview?

Thanks to QSEC, this is a thing of the past: With our holistic software, we offer a complete solution that not only elegantly combines your governance, risk and compliance requirements, but also integrates your data and IT security, including all the standards that are relevant to you.

The customisability of QSEC is your key to a tailor-made solution that fits perfectly into your industry-specific and internal requirements. Take a relaxed and worry-free approach to certification processes: QSEC guides you purposefully through any operational processes, enabling you to minimise risks and master compliance with confidence.

With QSEC, you are choosing a solution with which time savings, efficiency and comprehensive coverage are no longer pipe dreams, but your new reality.

The perfect solution

for your ISMS and your industry

The Swiss army knife for your information security

IT departments value our software for the countless evaluations and configurations for perfect analysis, control and optimisation of your digital identities, roles and authorisations.

Tailor-made for business users

For your business users, we have designed every element so that it is pleasant and completely intuitive to use – and can be customised by your IT department at any time within minutes.

QSEC
Functions

Basic functionalities

Centralised search for managed elements (e.g. measures, responsibilities, ...) and configurable data filtering.

Measures management

Enables centralised maintenance, evaluation and rejection of measures.

Compliance

Storage of compliance requirements (laws, guidelines, standards, etc.) and evaluation according to various maturity models.

Information asset management

Storage of business processes, IT assets and information values. The module is the basis for assessments in the context of ISMS and data protection.

Data protection

Recording and evaluation of GDPR requirements including contract management (DL and AV contracts) and data protection impact assessment.

Incidents

Separate area for processing security incidents, can be linked to other modules (e.g. IT risk, data protection, IT assets, processes, etc.).

IT risk management

Risk management process for IT assets in accordance with the ISO 27005 and/or BSI IT-Grundschutz methodologies.

Document and contract management

Management of IT and information security documents, supported by workflows for document maintenance (approvals, recertifications, distribution).

Optional add-on modules

Expand QSEC performance in a targeted manner

Business continuity management (BCM)

The BCM module implements the requirements of ISO 22301 and BSI IT-Grundschutz 100-4/200-4:

Analysing the business processes using a BIA (Business Impact Analysis)
Continuation of the GAP analysis of the connected resources
Management of emergency planning documents
Evaluation and communication of the analyses in the reporting area

Service provider management

This module implements an end-to-end service provider management process:

Identification of service providers, required checks and evaluations
Complex contract management
Fulfilment of extended legal requirements such as the Supply Chain Act
Tracking and evaluation of analyses in the reporting area
Generation of audit reports or reports for management
Freely customisable information content

Working according to BSI IT-Grundschutz

The module supports the procedure methodology of IT-Grundschutz and the associated fulfilment of standards 200-1 and 200-2:

Provision and timely updating of the IT-Grundschutz compendia
Utilisation and evaluation of the requirements/hazards required in the compendia on the assets provided for this purpose
Automated assessment transfer
Asset-related transfer of relevant requirements and risk assessments from old compendia to current versions

CONNECTIVITY PAKET

In addition to the basic functions, from the QSEC Professional Edition you also receive the integrated connectivity package, which specifically extends your QSEC range of functions.

AD import
Utilisation of the QSEC API
Extended administration (customisation of functionalities and user interface)
Event and incident recording app (reporting of security incidents without logging into QSEC)
Catalogue entry and maintenance tool (configuration of QSEC catalogues in the compliance function for individual adaptation or new creation)
Project recording application (recording of project activities without accessing QSEC)

QSEC
Standards

Key standards by your industry

You can select standards depending on the QSEC edition.

The basic standards GDPR and ISO 27001 are included in every edition.

Standards are available for which the licensor updates the question catalogue of the respective standard within 12 months of publication – and standards for which the licensor only updates the respective question catalogues on request for a fee.

Cross-industry standards

ISO 27001
ISO 27005
ISO 22301
EU DSGVO
ISO 9001
ISO 14001
ISO 20000
ISO 45001
BSI IT-Grundschutz
NIS 2

Water

B3S Water

Healthcare

B3S Gesundheit
ISO 13485
IEC 80001

Energy

ISO 27019
IT security catalogue
DIN SPEC 27009
DIN ISO 50001
Smart Meter
gateway
B3S Energy

Finances

BaFin BAIT
BaFin KAIT
BaFin VAIT
BaFin MaRisk
Basel II
PCI DSS
DORA

Trade/Services

PCI DSS

Industry/Automotive

VDA TISAX
IATF 16949 – Automotive QM

Logistics

Tapa
ISO 28000
Zoll

Authorities

BSI-Standards 200-1
BSI-Standards 200-2
BSI-Standards 200-3
BSI-Standards 200-4
BSI IT Grundschutz
Kompendien

Make a quick disvovery call

Frequently asked questions

How do I start implementing ISMS software?

The first step is to assess your specific security and compliance requirements and then choose ISMS software that fulfils these requirements. Many vendors, such as QSEC, offer demo versions or consultations to help you choose the right solution and facilitate the implementation process.

How can QSEC help my company?

The ISMS software QSEC helps your company to protect sensitive data, meet compliance requirements, minimise security risks and increase efficiency in the management of security processes. It enables the centralised management of security policies, risk assessments, compliance checks and preparation for external audits.

Is QSEC suitable for companies of any size?

QSEC is flexibly designed to meet the needs of organisations of all sizes. QSEC offers scalable solutions that can grow with your organisation and adapt to your changing security and compliance requirements.

How does QSEC support the preparation for certifications?

QSEC provides organisations with step-by-step guidance, best practices and ready-made templates to prepare for certifications such as ISO 27001, simplifying the process of meeting certification requirements by automating workflows and providing documentation and evidence management tools.

What reporting and analysis functions does QSEC offer?

QSEC provides advanced reporting and analytics capabilities, including customisable dashboards and in-depth security posture assessments. It enables the generation of compliance reports, risk analyses and performance indicators to support management decisions.

How does QSEC support risk and security management?

QSEC enables comprehensive risk and security management by identifying, assessing, treating and monitoring security risks. Risk assessments and risk mitigation measures can be implemented in QSEC. The software supports the creation of risk treatment plans and continuously monitors the effectiveness of the implemented controls.

What interfaces does QSEC offer to other systems?

There are standard interfaces to the Active Directory and the mail system. Other systems can also be connected via an API.

What customising options does QSEC offer?

Customised extensions can be made in the QSEC ISMS system. These enhancements, such as data fields or checklists, can be customised in the functions, measures, business processes, information, asset groups, documents and security incidents. Such extensions can also be implemented directly by the customer via the administration tool. Alternatively, Nexis GRC also offers this service.