We are very pleased to inform you that extensive new features and updates to the CRISAM® Knowledge Packs are available for you to download.
In the release of minor version V 34.01, obsolete sources have been removed so that this version consumes fewer resources.
In this release, the control objectives have been technically updated, mappings in ISO 27001:2022 have been updated and translations have been improved. Available since the beginning of June 2023.
In this release, the control objectives have been technically updated and the mapping to the new NIS Fact Sheet 9/2022 has been integrated.
Adaptation of the BCM catalog to ISMS catalog, compliance BSI 200-4 (CD 2.0), compliance ISO22301:2019, new resource modules (e.g. finance, personnel), new container modules (e.g. scenario, business continuity plan).
The evaluation of the BCM modules is now possible in accordance with BSI 200-4 and ISO 22301:2019 and supports the evaluation of the respective standard. You can find an overview of the resource modules and the Conatiner modules on our website.
- Fundamental revision of the content of the control target questions incl. Descriptions and response guidelines (new control objectives, reassessments and elimination of control objectives)
- Summary of many processing activities from Germany to “Processing activity DSK”
- Summary of processors in the cloud and as service providers to “processors”
- New processing activities for Switzerland, Bremen public and Saxony-Anhalt public
- New modules for mapping generic risks for the affected party (with / without probability of occurrence)
You also benefit from our numerous customization options in the area of data protection in CRISAM® Web Access. With the latest updates in CRISAM® Web Access, many standard forms such as those for processing activities, data categories or data transmission are already included. In addition, further new fields have been added to the forms, such as the legal basis, data subjects, data types and recipients as enumerations.
- A check of all control targets to ensure that the paragraphs and hyperlinks are up to date and have been changed, with updated access data in each case.
- Further control objectives have been added for the following topics:
- Information to security authorities – Security Police Act
- Electronic signature – Signature and Trust Services Act
- Whistleblower protection – Whistleblower Protection Act
- Measurement and calibration law – Measurement and Calibration Act, Measuring Instruments Ordinance 2016
An “IT Legal” compliance evaluation of the new topics mentioned above is possible in conjunction with the ISMS (IT Risk Management) catalog V. 34.
The Knowledge Pack SOC2 is now available. SOC2 is an international standard for service organizations (e.g. for cloud solutions) and is intended to ensure availability, confidentiality, integrity and data protection. SOC2 is also certifiable. This pack contains 15 building blocks and 61 control objective questions, as well as the mapping of the Common Controls of the COSO framework, which forms the basis for SOC2 compliance. Furthermore, the mapping to ISO 27001 and 27001 (both in the 2013 and 2022 versions) is included, based on the AICPA mapping table.