Identify Risks Faster,
Take Decisive Action

Risk analysis as defined by BSI 200-3 with CompuDMS, based on "IT-Grundschutz"
(IT baseline protection)

Why should you perform risk analysis with CompuDMS?

The fast way to your
specific risk analysis

Easily add additional threats

Professional presentation of
risk analysis results

CompuDMS Risk Analysis

Graphic: CompuDMS Workflow "Risk Analysis"
Graphic: CompuDMS Workflow "Risk Analysis"

Basic risk analysis based on BSI standard 200-3

While the "IT-Grundschutz" (IT baseline protection) methodology is designed for an average need for protection, higher or more specific protection needs can be analyzed and evaluated with the standard 200-3 issued by the BSI (Bundesamt für Sicherheit in der Informationstechnik, German Federal Office for Information Security). To this end, the BSI has compiled a list of 47 fundamental threats. This list serves as the basis for evaluating risks with CompuDMS. If needed, CompuDMS enables you to add additional, company-specific threats to include into the risk analysis.

CompuDMS supports you in compiling and analyzing these threats and delivers a clear presentation of the results of the analysis, based on the purpose of use.

Automatic risk evaluation based on frequency of occurrence and consequences

For each relevant threat you provide an estimate for the frequency of occurrence and the extent of damage (consequences). CompuDMS uses these factors to classify the resulting risk, based on the risk matrix from the BSI standard 200-3, as low, medium, high, or very high.

Systematic assignment of risk treatment measures

After risk classification, a decision is required how to deal with risks classified as medium, high, or very high. According to BSI standard 200-3, risks can, through appropriate measures, be avoided, reduced, transferred, or accepted. With CompuDMS, you can record the measures deemed necessary to deal with a risk and assign them to the corresponding risk.

Once recorded, measures can naturally be used for future risk analyses as well.

Tailored risk reports and clear, well-structured catalogs of measures

To receive a comprehensive and detailed overview over risks, measures and threats, CompuDMS offers many configurable reports. You can choose to display

  • just the threats identified as relevant for a risk,
  • just the assigned measures,
  • the complete evaluation of a risk category or
  • an overview of all risk analyses performed so far.

The resulting reports can be filed audit-proof in the integrated document management system (DMS).

You can easily integrate the reports into your existing security concept or utilize them as part of a certification process for certifications such as ISO 31000, ISO 27001, or ISO 9001.

Get to know the many opportunities risk analysis with CompuDMS can offer for yourself.

Do you need more information?

Do you have questions about risk analysis with CompuDMS, about interfaces, or want to find out more about the features our software offers?

Just call us at +49 2203 202080 or message us. We are looking forward to you!

Top