isms4all.com

What It Is

ISMS4All is a modern ISMS/GRC platform for small and medium-sized businesses in German-speaking markets. Its core goal is to help organizations build a certifiable ISO 27001:2022 information security management system, while handling regulatory requirements such as DORA and NIS2 in the same workspace. It is more focused on management, processes, risk, and compliance implementation than on traditional network perimeter protection or endpoint detection.

Core Capabilities and Deployment

The platform covers governance, roles and responsibilities, policies, processes and BCM, asset management, risk management, controls, measures, testing, assurance, incident handling, and reporting. Assets can be assigned protection requirements based on confidentiality, integrity, and availability; processes can record criticality, RTO, and RPO; and risks can be linked to assets, processes, and measures. Its value lies in consolidating the scattered documents, spreadsheets, and evidence involved in building an ISO 27001 system into a traceable platform. For deployment, it supports shared hosting in Germany, fully managed dedicated virtual machines in Germany, and customer self-hosting. The Pro plan can optionally include VPN, while in the self-hosted model the customer controls data, updates, hardening, and backups.

Compliance, Management, and Integrations

Compliance is one of the product’s strengths. The materials explicitly state alignment with ISO/IEC 27001:2022 and ISO/IEC 27002:2022, while also taking into account DORA and NIS2 requirements around risk, testing, incidents, and reporting. Management features include approval and review workflows, management reports, audit materials, status overviews, and incident logging and tracking. For integrations, it offers a REST API, import/export, Entra ID or local user management, MFA, and optional integration with siaris ai.go, which provides AI queries, content maintenance, and risk/measure analysis using locally hosted models in Germany.

Pricing

Pricing is relatively transparent: Basic shared hosting starts at €149/month, including 5 users and 5GB, with a €90 setup fee and a minimum term of 1 month; Pro dedicated fully managed hosting starts at €699/month, including 25 users and 25GB, with a €199 setup fee and a minimum term of 12 months; Individuell self-hosted licensing starts at €499/month, with unlimited users and storage and a minimum term of 12 months. For SMEs, the Basic plan has a relatively accessible entry cost; for organizations with stricter data-control requirements, self-hosting is likely the better fit.

Pros, Cons, and Who It’s For

Its advantages include clear positioning, a complete module set, flexible deployment options, transparent pricing, and support for standard text templates, automated workflows, and APIs. The drawbacks are that the vendor does not disclose its own ISO 27001/SOC 2 or similar certifications, internationalization support and real-time alerting capabilities are not clearly described, and it should not be treated as a replacement for technical security protection systems. It is suitable for SMEs that are starting or formalizing an ISMS, organizations affected by DORA/NIS2, external information security officers, and compliance consulting teams.

Access from China

The materials do not provide information about access from mainland China, payment methods, or local services, so its availability from China is unknown. If companies in China need similar capabilities, they may want to prioritize evaluating local GRC/ISMS tools, ISO 27001 consulting tools, MLPS and compliance management platforms, with particular attention to Chinese-language support, data residency, invoicing, and local compliance adaptation.