TTS trax - ISMS Tool

TTS trax is the smart tool that supports you in setting up and operating your ISMS. With trax, you can easily and intuitively record and maintain business processes, information assets to be protected and supporting assets. The implementation of protection requirement analyses and the risk assessments based on them is significantly simplified.

Manage the continuous improvement process by creating and tracking measures for the findings from audits, security incidents, management reviews or stakeholder feedback. For the implementation of measures, you can bundle these into tasks, assign them to people and monitor the implementation status. Define and collect key performance indicators (KPIs) for the ISMS and generate overviews for the management review. The dashboard always provides you with an overview of the current data from your ISMS.

With the data protection management module, you can expand trax and integrate data protection into the processes of the information security management system. Trax enables you to carry out data protection impact assessments and create a record of processing activities.

The Business Continuity Management module supports you in analyzing the impact of emergency scenarios on business processes in order to develop a planned and organized approach to emergencies and thus ensure business continuity.

With state-of-the-art concepts, short response times, intuitive usability and automated functions, you can manage typical tasks easily and efficiently. In addition, TTS trax is individually configurable and easily adaptable to sector and customer-specific requirements.

TTS trax functions

• Value inventory
  • Creation of the relevant business processes
  • Recording and linking the values / information to be protected in the processes
  • Creating and linking the supporting assets (e.g. plants, systems, buildings)
  • Determining the damage potential
  • Deriving the protection requirements
• Risk management and risk analysis
  • Carrying out risk assessments (gross or net) with the creation of risk treatment plans
  • Statements of applicability (SOA)
  • Presentation of residual risks
  • Determination of initial risks
  • Defining the desired target risks and determining measures
  • Automated presentation of the current risk exposure (actual risks)
• Tracking of measures
  • Bundling of measures into tasks
  • Implementation tracking of measures and tasks with email-based forms and workflows
  • Assignment of evidence to support audits and inspections
  • Automatic generation of the Statement of Applicability (SOA)
  • Generation of risk treatment plans
• Continuous improvement process
  • Organization of internal and external suggestions for improvement from audits, management reviews, stakeholders or internal work meetings
  • Recording and evaluating suggestions for improvement
  • Definition, tracking and implementation of suitable measures
• Key performance indicator
  • Measurement of the effectiveness of the management system
  • Historical development with clear graphics
• Interfaces
  • Adaptation or import of data from external sources by connecting to third-party systems, such as asset management or ticket management systems
  • Updating and importing data automatically or manually after approval
• Audit management
  • Recording findings from audits, penetration and vulnerability scans and evaluating them according to their criticality
  • Define and track remediation measures
• Data protection management
  • Integration of GDPR-compliant aspects of data protection into information security management processes
  • Carrying out data protection impact assessments
  • Creation of a register of processing activities
  • Avoiding duplicate data entry by dovetailing data protection management and information security management
• Business continuity management

  • Creating emergency scenarios that could lead to the interruption or disruption of regular business operations

  • Creating BCM strategies to reduce the impact of business interruptions

  • Creating plans to maintain business operations and restore business activities

  • Create implementation prerequisite measures and define activation requirements

  • Defining the roles and resources required to implement the plan in the event of a crisis

  • Planning all concrete activities for execution in emergencies and describing their interrelationships

• Configuration options
  • Creating and managing threat and action catalogs
  • Configure individual security objectives, damage and damage impact categories
  • Edit probabilities of occurrence
  • Own risk matrix
  • Definition of any tags for filtering and creating individual views
• Multiple user accounts possible
• Multi-client capable
• On-premises, SaaS
• German / English

TTS trax added value

• Intuitive
  • In TTS trax, every function is where you expect it to be
• Fast
  • TTS trax combines state-of-the-art technologies to create a unique experience of speed
• Optimized
  • TTS trax is equipped with a variety of automated functions that drastically reduce effort
• Customized
  • In TTS trax, you can configure all settings via the GUI so easily that you don't need any support
• Risk exposure in real time
  • Management will be delighted
• Secure with ISO 27001 certification
  • In addition to consulting, the scope of application also includes the development and operation of TTS trax