ISIS12 or Information Security Management in 12 Steps is a German program to simplify the establishment of an Information Security Management System (ISMS) according to ISO 27001 in small and medium-sized enterprises. It was developed in Germany by the Network for Information Security in the Small Firm Sector (Netzwerk für Informationssicherheit im Mittelstand) to allow for the lack of ressources and infrastructure in SMEs to fully implement an ISMS. To achieve that particular threat scenarios are left out and clear guidelines are provided. ISIS12 works as an iterative process and comprises 12 steps:

  1. Define guideline
  2. Train employees
  3. Set up information security team
  4. Define IT documentation structure
  5. Implement IT service management process
  6. Identify critical applications
  7. Analyze IT structure
  8. Model security measures
  9. Compare targets and performance
  10. Plan implementation
  11. Implement
  12. Revise ISIS12 can be independently certified.