Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Elemental
Newcomer II
‎06-26-2020 10:34 AM
‎06-26-2020 10:34 AM

ISO 27001 or Cyber Security Risk Assessment Software

Hi all

 

I was wondering if anyone could recommend a 'cheap' (under $50,000 AUD) 'ISO 27001 / ISMS' software for managing our ISMS? Alternatively, can anyone recommend a 'CyberSecurity Risk Management Software'?

 

Our primary reasons for needing this software is to use it to undertake, track and manage information security risk assessments. Secondary reasons include an asset register, central repository for our Statement of Applicability, Document Control Register, Security Calendar and to track ISMS Surveillance Audits (but we can manage a lot of that using excel spreadsheets if needed).

 

I have already looked at a few products, including:

 

Neupart

ISO Manager

ISO Pro

InfoSaaS

ISMS.online

Cyber Security Evaluation Tool (CSET - Homeland Security).

 

There are other products that are outside of our price range such as RSA Archer and Service Now GRC.

 

I have no doubt there are others that I have missed. Feel free to add to this list. 

 

Cheers

Luke

Reply
0 Kudos
2 Replies
AppDefects
Community Champion
‎06-26-2020 01:53 PM
‎06-26-2020 01:53 PM

Don't get fooled by fancy GRC products. Most we give you the software for nothing. Then you will spend the next 3 years and 10 FTEs "customizing" it for your organization. I love Open IT GRC, which has regular releases and strong community support. It comes a a VM image which makes deployment easy. Another perennial favorite is Google's GGRC (here).I have also seen other supporting tools to capture IT processes combined with it to make give the commercial tools a run for their money.

Reply
Elemental
Newcomer II
‎06-28-2020 09:54 AM
‎06-28-2020 09:54 AM

Hi AppDefects

 

Thank you very much for your response, I really appreciate it and it was very helpful.

 

Since your post, I have started to investigate Eramba/OpenGRC - it looks amazing! I am going to spin up a dev/test environment (I tried the online demo).

 

I had a look at googles GGRC. I am really keen to look at this as well (it looks like I will have to download Docker for windows). I can only find the github site with the code, is there a dedicated support site? I googled images and videos of GGRC (just to see what the interface looked like) but it does not come up with much.

 

I will have a play around with it tomorrow.

 

Cheers

 

Luke

Reply
0 Kudos