News and information about verinice.

Learn everything that is important

The risk landscape is becoming increasingly complex and dynamic - maintaining business continuity is a top priority for organizations of all sizes and sectors. verinice, the leading open source solution for information security management, is introducing updates for integrated emergency management: The two products "verinice Business Continuity Management BCMS (200-4)" and "verinice Business Continuity Management BCMS (ISO 22301)" have received numerous new features and improvements. Both are available as free add-ons for verinice in the Shop. They provide organizations with a robust foundation for their BCMS and seamless integration with existing information security management systems (ISMS).

verinice Business Continuity Management BCMS (200-4)

This update provides a comprehensive basis for implementing and maintaining a BCMS, compliant with BSI standard 200-4, and integrates a detailed requirements catalog and a sample database. A key feature of the update is the introduction of a new Business Impact Analysis (BIA) view, which provides a graphical representation of process and resource dependencies. This simplifies the review and consolidation of BIA parameters, which supports a more efficient design of business continuity measures. In addition, the requirements catalog for BSI standard 200-4 has been implemented as a module in a separate information network, which provides a condensed overview of all relevant requirements of the standard. The 200-4 standard is also practicable for first-time users and SMEs thanks to the stage model that can also be implemented in verinice with reactive, structural and standard BCMS and supports the step-by-step development of a BCMS. The newly integrated standard reports enable documentation and communication, e.g. to management.

verinice Business Continuity Management BCMS (ISO 22301)

The update for the ISO 22301 version builds on the compatible foundation between the BSI 200-4 standard and ISO 22301 to exploit synergies between these standards. In addition to the introduction of the new BIA view, this update also includes structural adjustments in the ISM perspective. Furthermore, new BCM standard reports have also been introduced for the BCMS according to ISO 22301, which enable a clear presentation of the results of each phase of the PDCA cycle and thus simplify analysis and reporting.

Tutorials are now available for both application perspectives (both 200-4 and ISO 22301), which provide step-by-step instructions for getting started and are helpful for BCM implementation in verinice.

BCM as the perfect complement to an ISMS

The addition of BCM functionalities to verinice underlines the importance of a holistic view of information and business process security. BCMS and ISMS complement each other ideally by forming a robust line of defense against various threats to business continuity and information security. The integration of both systems in verinice enables organizations to be prepared for emergencies and crises while ensuring the security of sensitive information. This synergy enables a comprehensive risk assessment and management strategy that optimizes both business resilience and critical data protection.

With the updates, verinice supports organizations seeking seamless integration and management of their BCMS and ISMS. By continuously developing and adapting to current standards, verinice demonstrates its role as an ideal tool in the field of information security and emergency management.

Do you have questions or would you like to exchange ideas with other verinice users? We offer the community forum for this purpose. Or you can contact us directly:

verinice WiBA

In cooperation with neam IT Services GmbH, SerNet publishes the additional module "verinice WiBA - Weg in die Basis-Absicherung" free of charge in the verinice.SHOP.  The "Weg in die Basisabsicherung" (WIBA) stands for a practice-oriented approach that the Federal Office for Information Security (BSI) has developed specifically for local authorities to facilitate and accelerate the implementation of IT baseline protection.

Through test questions in topic-specific checklists, WiBA enables institutions to make a well-founded assessment of their information security  - even without in-depth knowledge of the basic protection methodology. The BSI checklists form the basis for efficiently identifying and implementing the necessary security requirements. With verinice as a platform, the leading open source software for information security management, the implementation of the WiBA checklists is seamless: thanks to the specially developed sample organization and report templates, verinice provides users with a structured and clearly defined way to implement basic protection. The WiBA add-on module is available for both verinice.PRO and the verinice standalone version.

WiBA is tailored to the needs of local authorities. With the link to the IT baseline protection profile "Basic Protection for Local Government Version 3.0", WiBA enables a practical and directly implementable security strategy that confidently supports organizations on their way to improved IT security.

The additional module "verinice WiBA - the path to basic security" is based on the expertise of neam IT-Services GmbH. The company is a long-standing verinice partner and has also been awarded verinice contributor status with this contribution. Contributors are members of the partner network who also contribute to the further development of the ISMS tool in terms of content.

Domain pulse

Meet the SerNet team with verinice on February 22 and 23, 2024 at Domain pulse in Vienna. Domain pulse is a meeting place for leading experts, companies and interested parties from the world of domains. verinice will also be there, represented by Sirin Torun from the verinice team and Dr. Johannes Loxen, Managing Director of SerNet. Together they will present the new NIS 2 domain on the verinice.veo web platform.

Until now, the BSI Criticality Ordinance was aimed in particular at larger companies. With the new NIS 2 directive, many more companies now have to deal with and demonstrate cyber security and resilience. One of the requirements of NIS 2 is that registrars and registries of domains are obliged to collect and maintain complete domain name registration data in compliance with EU data protection law. With the NIS 2 domain on verinice.veo, verinice offers web-based support in fulfilling the legal requirements.

Would you like to visit us at our stand at Domain pulse and make an appointment in advance? Then write us a message on LinkedIn with your preferred date.


The verinice.XP - the conference for information security and data protection around the open source tool verinice - will take place on February 28, 2024. The digital event is aimed at IT decision-makers, security managers and data protection officers. Tickets are available via the conference website at

Thanks to our sponsors sila consulting GmbH and neam IT-Services GmbH.

The 2024 program

The keynote "NIS2 and KRITIS umbrella law - what's in store for companies and authorities?" will be presented by Paul Weissmann (OpenKRITIS, Insignals GmbH) and Dr. Marian Corbe (RST Informationssicherheit GmbH). It will shed light on the expansion of the regulation of critical infrastructures in Germany through the NIS2 implementation and the KRITIS umbrella law. Other topics include "The standard data protection model 3.0 and verinice", which focuses on the continuous evaluation of technical and organizational measures (TOM) in data protection. The programme also includes "KRITIS wastewater: implementation with verinice" and "WiBA - your tool-based path to basic protection".

Workshops on 27.02.

verinice.XP will be complemented by workshops on the day before (February 27). Participants will have the opportunity to delve deeper into specific topics and learn from experts. Scheduled this year are:

  • Data protection with verinice DSMS
  • Security concept according to BSI standards 200-2 and 200-3 with verinice ISMS
  • BSI IT baseline protection projects with verinice
  • ISMS according to B3S hospital with verinice

For detailed information on the individual workshops, visit the official website of verinice.XP. The workshops can be attended independently of the conference.

Do you have questions about verinice.XP? Feel free to write to us at


[Translate to English:] verinice 1.27

verinice and verinice.PRO are now available in version 1.27 - the download is possible via the verinice.SHOP or the customer repository. With this release, the verinice.TEAM delivers the revision of the Business Continuity Management (BCM) and the new overview report "Management Summary IT-Grundschutz". In addition, RPM packages are now provided for AlmaLinux 8 and RHEL 8.

The BCM according to BSI standard 200-4 has been adapted to the current status and expanded with extensive functionalities:

  • The new Business Impact Analysis (BIA) view graphically displays dependencies between processes and target objects for a better overall assessment.

  • The new reports for business continuity, including a sample organization, are available in the separately downloadable product Business Continuity Management BCMS (200-4).

The new overview report Management Summary IT-Grundschutz presents the most important data on IT BAseline Protection (depending on the chosen protection approach, e.g. structural analysis, protection requirements assessment, IT-Grundschutz check and risk analysis) in a compact graphical form.

RPM packages are provided for verinice 1.27 for Red Hat Enterprise Linux (RHEL) 7 and CentOS 7, as well as for RHEL 8 and AlmaLinux 8. Due to the end of support for CentOS and RHEL 7 on June 30, 2024, the RPM packages for these versions will be provided for the last time with verinice 1.27! All users are recommended to migrate to AlmaLinux 8 or RHEL 8 as soon as possible.

Administrators of a verinice.PRO server please also note the security information at the end of the Release Notes.

Support needed for updating to verinice 1.27? Contact us via the contact form or reach us via mail to

As one of the first ISMS tools, verinice offers support for the EU directive NIS2. The "NIS2 verinice risk catalog" was developed in close cooperation between the Verband Deutscher Maschinen- und Anlagenbau (VDMA) and the verinice team at SerNet GmbH. The new catalog supports organizations in meeting the NIS2 requirements and ISO/IEC 27001:2022. It is available directly at the verinice.SHOP in a free and a paid version and is therefore ready for immediate use.

The NIS2 Directive imposes increased IT security requirements on companies in the EU from October 2024: It applies to companies that, depending on their size and turnover, act as essential or important service providers in sectors such as energy, transport, health and digital infrastructure. The timely establishment of an information security management system (ISMS) in accordance with ISO 27001 is one possible way to meet the requirements of the directive.

Advantages of the verinice risk catalog

The "NIS2 verinice Risk Catalog" is based on the "verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition", which has been available for many years. A team at SerNet customer and VDMA member Krones AG has mapped the NIS2 requirements to the current ISO/IEC 27001:2022 and made them available to the verinice team via the VDMA. Thanks to the cooperation between VDMA and SerNet, this mapping can now be made available to the general public. In addition to the already extensive contents of the risk catalog, 24 requirements of NIS2 have now been added, which are linked to the corresponding requirements of ISO/IEC 27001:2022 and are thus also taken into account in the risk analysis. The catalog is aimed at companies of all sizes and types and is an essential resource for achieving and maintaining compliance with the NIS2 directive and ISO/IEC 27001:2022. The use of this catalog enables risk management processes to be accelerated and optimized thanks to its detailed and comprehensive preparation

Availability and live demo

The "NIS2 verinice risk catalog" is an add-on module for use in the ISMS tool verinice from version 1.26. It can be obtained from the verinice store and integrated into the tool. Two versions are available:

  • The paid full version of the "verinice risk catalog" including access to the original ISO standards (licensed via Beuth-Verlag), which has been expanded to include the mapping of the NIS2 guideline to ISO27001:2022.
  • The free version (German only), which only contains the catalog content of the ISO standard in encrypted form - for licensing reasons, full access is only available in the paid full version.

If you are already using the risk catalog together with verinice, you can use the NIS2 content of the VDMA at no additional cost by downloading the ZIP file again. If you want to test everything free of charge, you can do so with the EVAL version of the verinice client and the free NIS2 catalog.

The verinice team offers the opportunity to get to know the catalog better. In regular webinars, the team demonstrates the risk catalog and, in the future, the NIS2 integration in verinice as an extension for an ISMS. Stanislav Striegler, who made a significant contribution to the realization of the "NIS2 verinice risk catalog", leads the live demos himself and is happy to answer questions.

The verinice team is starting the new year with the release of version 1.27: The release date is scheduled for the first calendar week of 2024. The version brings new functions, detailed changes and bug fixes.

Relevant innovations in verinice 1.27 include the further integration of emergency management (BCM) according to BSI standard 200-4 with now comprehensive reporting, the integration of a "Management Summary Report IT-Grundschutz" and the provision of verinice for RHEL 8 / Alma Linux 8.

The verinice team is happy to assist with updates. An (existing) support contract or the support budget (verinice.SHOP) can be used for this. Please contact us to arrange an appointment.

The updated versions of two BSI minimum standards are available for verinice: The minimum standard for using external cloud services and the minimum standard for logging and detecting cyber attacks. Both are available free of charge in the verinice shop for use in verinice (German only). 

The minimum standard for the use of external cloud services formulates security requirements according to § 8 para. 1 BSIG.  It addresses the two scopes of use and shared use of external cloud services.  In version 2.1 the implementation notes and the reference table have been updated based on Edition 2022 of the IT-Grundschutzkompendium.

In version 2.0, and with it a completely new structure, the minimum standard for logging and detecting cyber attacks is available. It is intended to ensure a uniform approach to the detection of cyber attacks and substantiates the building blocks OPS.1.1.5 Logging and DER.1 Detection of security-relevant events from the modernized IT-Grundschutz. A significant innovation is the extensive integration of the "Logging Guideline for the Federal Government" (PR-B), which was previously available as an annex. 

The minimum standards of the Federal Office for Information Security (BSI) are primarily aimed at the federal administration. Other organizations such as state administrations or companies can also achieve a minimum level of security with their help. Companies and authorities that follow the BSI minimum standards benefit from a clear structure and orientation as far as ensuring the security of data and systems is concerned. Working with the minimum standards in the ISMS tool verinice also offers all the advantages of centrally managing information security - users can focus fully on implementing security requirements.

For more information and discussion, visit the verinice.FORUM or watch the latest videos on YouTube.

verinice.XP 2024

The next verinice.XP digital via Zoom will take place on February 28th, 2024. There, everything will revolve around information security and data protection with verinice. Various workshops on verinice will also be offered via Zoom on the day before the conference. The call for papers and ticket sales have already started. Conference tickets are available for 95 €.

Call for Papers
You would like to contribute something to verinice.XP and have an idea for an exciting presentation? Then submit your proposal using the form at The program committee, consisting of Michael Flürenbrock (SerNet), Volker Jacumeit (DIN), Boban Kršić (Fresenius), Isabel Münch (BSI) and Jens Syckor (TU Dresden), will review the contributions. Do you implement interesting projects with verinice or use the tool for special application scenarios? We are particularly pleased to receive practical examples from the application. Co-speakers are also welcome. All speakers receive free access to the conference.

About the verinice.XP
For many years, IT decision-makers, security managers and data protection officers from different companies, institutions and authorities have been coming together at verinice.XP. They all use verinice for the management of information security or data protection. At the conference, participants can share their best practices with the verinice team and with each other. The verinice.XP is organized annually by SerNet.



verinice gets an update: Version 1.26.1 is now available in the verinice.SHOP or in the customer repository. With the release, the verinice team fixes two bugs. Read more about verinice 1.26 and 1.26.1 in the Release Notes.

The verinice team has corrected the signing of verinice packages to SHA-256, which is particularly relevant for Windows users. Before the update, some users occasionally received warning messages from Microsoft Defender when installing the client on Windows. This issue is now history with the latest version.

In addition, the team has improved the handling of Unicode encoding to prevent a theoretically possible path traversal (see CWE-176: Improper Handling of Unicode Encoding for details). However, exploitation is not evaluated as real in verinice's usage scenario.

We recommend this update to all verinice users, especially those who received Microsoft Defender warnings during the client installation on Windows.

Search News

Press contact:

Claudia Krell


Deutsch English Lingua italiana Český jazyk
Contact us

We are here for you!

Our sales team will be happy to help you with any questions you may have about SerNet's verinice products and services - personally and tailored to your individual interests.

You can reach us directly by phone at +49 551 370000-0.
Send us an email at

* mandatory fields
© SerNet GmbH, 2024