SerNet has released the open source ISMS tool verinice in version 1.16. With this release, the team focuses on data protection and especially the GDPR. The combination of verinice and the Data Protection Module now makes it possible to comfortably document processing activities and to implement contracted data processing in compliance with EU law.
The Data Protection Module supports the documentation of contracted data processing, contracting parties and services in accordance with Article 28 GDPR. Corresponding contracts can be integrated directly. Data protection expert Sirin Torun, who designed the Data Protection module, also draws attention to the ADV controls that she developed herself: "They form a catalogue of measures that supports the verification and documentation of order processing. The ADV controls can also be used for initial or follow-up audits."
For the list of processing activities according to the GDPR, the Data Protection Module provides an example catalogue with samples of procedures including exemplary solutions for typical data protection problems - easily adaptable to the respective company, enterprise and authorities and can be extended as required. Torun emphasizes: "A special feature is that the technical and organizational measures (TOMs) can be selected from the ISO 27001 controls or the German BSI IT Baseline Protection measures and are assigned to the data protection objectives of Article 32 GDPR". This enables users to find their way quickly and work efficiently. The resulting interface between data protection and information security management means a considerable value for users. Especially if the ISMS is documented with verinice, costs can be reduced and the documentation effort can be reduced.
All data from the Data Protection Module can also be aggregated in reports. A total of 12 reports summarize the necessary information on a special area or on an overview topic.
The Data Protection Module is currently only available in German. Also it requires a verinice subscription. SerNet is planning further updates for the data protection module in the near future. The next topics on the roadmap are data protection risk management and risk analysis as well as data protection impact assessment. Users of the current data protection module should have access to these new features.
verinice 1.16 also has some innovations to show for the implementation of the new BSI IT Baseline Protection. The Baseline Protection Compendium has been revised, an implementation status for requirements and measures has been added, an identifier marks links clearer and new object types represent the diverse documentation tasks of the modernized IT Baseline Protection. As well as the Data Protection Module, the new IT Baseline Protection is only available in German.
Details about verinice 1.16 can be found in the release notes and about the Data Protection Module on the product page in the verinice.SHOP (German only) – interested parties can also participate in one of our webinars and get a first impression.
CentOS 7 is supported by verinice since the current 1.15 version – users can now switch to the newer version of the Linux distribution.
Updating servers from CentOS 6 to 7 is not possible, hence verinice must be set up and configured again. If needed, SerNet and the verinice.TEAM offer support with the transition. The verinice appliance will be available for CentOS 7 in a few weeks and will also simplify the reinstallation. Daniel Murygin, team lead software development: "Customers who are burning, but can now start with verinice 1.15 on a CentOS 7 server."
According to the end-of-support schedule, maintenance updates for the CentOS 6 series will be available until November 30, 2020. verinice will be available for CentOS 6 for the time being. Customers can continue to work with the combination verinice / CentOS 6 and schedule the change for a later date.
The verinice.TEAM has released the ISMS tool verinice in version 1.15. Main changes are the integration of the Modernized IT Baseline Protection issued by the German BSI (Federal Office for Information Security) and support of the EU GDPR. Publisher SerNet provides verinice and verinice.PRO for download in the verinice.SHOP or in the customer repository. The release also includes enhancements in various areas such as search and indexing, report query, and the web frontend.
verinice 1.15 and the enhanced Data Privacy Module enable working with the EU GDPR. The extended Module will be available for download in the verinice.SHOP or in the update repository soon: In addition to the mapping of the dircetory of processings, it also supports the required documentation for contract data processing. Until the deadline in May, additional extensions for the Modul are planned. They include risk management for data privacy and the data privacy impact assessment.
verinice 1.15 is the first version that implements the Modernized IT Baseline Protection according to the new BSI standards 200-1, 200-2 and 200-3.
More updates for verinice are on the horizon this year. These are intended to integrate the still missing content from the BSI. verinice Product Owner Michael Flürenbrock: "Users should be able to work with the latest version of the new Baseline Protection in verinice in a timely manner." In particular, risk management and the migration from the previous IT Baseline Protection Catalog to the IT Baseline Protection Compendium are among the expected BSI updates.
verinice users will receive the new versions as part of their ongoing subscriptions.
In verinice 1.15 the REST interface was expanded. The verinice.TEAM is working closely with Chemnitz (Germany) based c.a.p.e IT, manufacturer of the OTRS-based ticket system KIX. Thus, after Greenbone / OpenVAS now another IT service management (ITSM) tool is directly linked to verinice.
The verinice.XP from 21 to 23 March 2018 evolves around verinice. All users of the ISMS tool are invited to Berlin In addition to lectures on innovations such as the Modernized IT Baseline Protection and data privacy in verinice, participants can also expect reports from daily practice, e.g. for use at Berlin Brandenburg Airport, Europ Assistance or for industries such as finance and insurance, water companies and hosters. Tickets and more information at verinicexp.org.