In order to be able to plan and track measures in a targeted manner, it is important that you know what your information processing model looks like. Because no matter whether you operate an ISMS, BCMS, CSMS or DSMS, it is always about protecting sensitive information. That is why TTS trax offers sophisticated functions for asset inventory, i.e. business processes, information assets and corporate assets, such as systems, networks, service providers or buildings. Furthermore, assets can be intelligently linked to form the basis for analyses, measures and reporting of the various disciplines. Damage potentials are determined on the basis of various criteria that can be individually configured by you and inherited between the assets. With these features alone, you can in a very short time achieve excellent results, such as reports on the criticality of business processes or comparative protection needs analyses.
Thanks to our our many years of varied experience from customer projects, we know what effective risk management must be able to achieve today:
- The current risk exposure, i.e. the current liability risk, must be readable, because what good are all the tables with initial and target risks, after all, if you don't know where you currently stand?
- Risks, like most aspects of our everyday professional lives, are subject to a life cycle. An active risk management needs to be supported, therefore, that beyond merely identifying and assessing risks, also includes adjusting, summarising or changing them.
These are all integral parts of TTS trax. In addition, trax also includes a variety of features to improve your risk management efficiency, such as use of flexible threat and measure catalogues, automated workflows, forms, dashboards or KPIs. Identify and assess your risks based on the asset inventory. You need to determine net or gross risks? Both are no problem in trax. To treat unacceptable risks, you can either use the measures suggested by trax or define your own individual measures. Furthermore, trax automatically keeps various overviews such as Threat Register, Controls Register or Statement of Applicability up to date, saving you time and effort.
Define and plan all information security measures in one place, whether they are needed to address findings from audits, handle security incidents, treat risks, or improve your management system. Combine measures to further increase efficiency. To better prepare for reviews and audits, link evidence and maintain it in trax.
To periodically track the implementation status, you can use forms and workflows that you can even automate and schedule to send.
To support the continuous improvement process, organise any suggestions for improvement from internal or external audits, management reviews, feedback from stakeholders, or from internal work meetings into TTS trax and evaluate them based on their criticality.
Record and evaluate suggestions for improvement, define suitable measures, and track implementation via measure tracking. This way, you can always have an eye on how your management system is developing and are able provide information at any time.
Determine the effectiveness of your management system with key performance indicators (KPIs) and, if necessary, derive control measures. In TTS trax, you can define and record any KPIs, e.g., for evaluating your management of security incidents, the up-to-dateness of documents, the CIP, or risk management.
Clear graphics show the historical development and form the basis for good communication with your management.
TTS trax provides you with forms and workflows to capture, edit and evaluate ISMS-relevant information, allowing employees/collaborators to participate in your ISMS without having to be logged into trax; this does not even require access to trax. Another feature to support you in your practical work are automated resubmissions. This allows you to set schedules for your workflows, to have dispatches and reminders automatically sent at set times or intervals.
With forms and workflows, TTS trax supports you in various, recurring activities, giving you more time to focus on the more exciting work, such as the further development of the ISMS, BCMS or DSMS.
With the compliance module, TTS trax supports you in assessing compliance with external and internal specifications in departments, locations or with service providers. To this end, the compliance module offers a framework where you can comfortably configure questionnaire templates from which you can then create questionnaires that are readily distributed using trax forms.
Send a questionnaire to a service provider and review the answers in real time. Derive measures from the answers if necessary. Afterwards you can have the system generate a detailed questionnaire report. The compliance module opens up many new application possibilities for TTS trax: Use it to conduct internal audits, audit contractors and service providers, perform information security assessments and project audits. Please contact us for ready-made questionnaire templates.
TTS trax supports you in setting up your Business Continuity Management System (BCMS) in many ways. Use the Business Impact Analysis, to systematically determine your organisation's requirements for the response and recovery processes within the framework of the BCMS. Define potential BCM scenarios, that could lead to the interruption or disruption of your critical business activities, such as a power outage or ransomware attack. Use trax in your threat analysis to determine the impact of BCM scenarios on your critical business activities and develop appropriate BCM strategies to prevent mission-critical damage.
Last but not least, you can also use trax to develop plans for business continuity and recovery and define and track appropriate implementation measures. This way, you can always keep track of whether you are actually adequately prepared in case of emergency.
If you already operate an ISMS, you can even use trax to organise the integration of management systems in a very practical way. Use the functions for the continuous improvement process together, manage measures together or carry out an integrated business impact analysis.
TTS trax integrates the aspects of data protection according to the GDPR into the processes of information security management. To implement the GDPR, you may need to perform data protection impact assessments (DPIAs), as, for example, when new technologies are used or certain personal data is processed.
Trax supports you in creating an inventory of processing activities, in deciding whether a data protection impact assessment is necessary for certain procedures, and in conducting data protection impact assessments. By integrating with the existing information security management system, trax avoids having the double data maintenance of data protection management and information security management.
The basic version of TTS trax includes licenses for one client and three users as well as the TTS trax basic functions:
- Asset management
- Risk management
- Measures tracking
- Measures/Security Controls catalogue Annex A of ISO/IEC 27001
- TTS standard threat catalogue
- Language packages: German / English
- Technical Support
- Further development