What you want to know

Yes, verinice is permanently developed by the verinice.TEAM:

  • Employees at SerNet and at external contractors work heavily on verinice to introduce new features and enhance existing ones, test the software and remove bugs. In addition collaborations with German and international researchers lead to Bachelor and Master degrees for students - and to better verinice software.
  • The verinice roadmap is documented and developed in verinice.WIKI, a web service that all verinice.PARTNERS and customers can use to add their desired features as part of the overall development plan in a transparent way. Open Source at work!. If you miss something in verinice.WIKI it will never appear in the software - but if you add it to verinice.WIKI it will become a part of the roadmap.
  • In addition to this short and mid term plannings we elaborate the future in long term: Developers meet from time to time to discuss the future of platforms. This addresses both the free verinice.CLIENT and the server verinice.PRO.

verinice.EVAL is available for test purposes: This evaluation version is free of charge and is almost feature complete – only the reporting is not included. Thus all the properties of an ISMS tool can be tested. The reporting function is only available in the full version of verinice.

verinice.EVAL is available (for free) at the verinice.SHOP.

verinice is free, open and extensible: this allows you to map any standard with the tool. Already integrated are the BSI IT baseline protection (German and English), ISO 2700x and VDA ISA. Thanks to the extensive import functions it is possible to add further standards and catalogs depending on your requirements.

The standards that can be implemented with verinice include (list not exhaustive):


  • ISO 27001
  • ISO 27002
  • ISO 27004
  • ISO 27005 (IT risk analysis)
  • ISO / IEC 27018
  • ISO 27019  
  • BCBS 239
  • ISAE 3402
  • ISO 22301 (BCM)
  • MaRisk-E
  • SREP
  • SSAE 16

verinice also allows for a wide variety of German standards to be implemented. Those include e.g. 

  • BSI 100-1 
  • BSI 100-2
  • BSI 100-3 (IT-Risikoanalyse)
  • BSI 100-4
  • IDW PS 330
  • IDW PH 9.330.1
  • IDW PS 880
  • IDW PS 951
  • IDW FAIT 1-3

Please contact us if you want to know if a special standard can be mapped in verinice. Just send an e-mail to our team at verinice@remove-this.sernet.de

verinice works with the "BSI-Grundschutzkataloge" (BSI IT Baseline Protection Catalogs) which are free content on the BSI websites. Further, the German BSI has officially permitted the use of "BSI-Grundschutzkataloge" in verinice - for paying a license fee in exchange. The catalogs are integrated in English as well. 


Das Verwalten einer Verarbeitungsübersicht (Verfahrensverzeichnis = Verzeichnis der automatisierten Verfahren mit denen personenbezogene Daten verarbeitet werden) nach § 4g II i.V.m. § 4e BDSG ist mit verinice inklusive Berücksichtigung der technisch-organisatorischen Maßnahmen gemäß der Anlage zu §9 BDSG vollständig möglich. 

Seit verinice 1.7 ist ein Maßnahmen-Katalog mit technischen und organisatorischen Maßnahmen nach § 9 BDSG gem. IT-Grundschutz oder VDA ISA verfügbar. Ebenso steht ein Report zur Verfügung, der die Ausgabe der Verarbeitungsübersicht nach BDSG inkl. Berücksichtigung der Maßnahmen ermöglicht. (Download der dafür nötigen Report-Vorlage und Beispiel-Organisation)

verinice itself is a tool only for information security management. It assists you to establish, maintain and improve the information security management in your organization. However, network scans are possible with the Greenbone Security Manager (GSM), which transfers results to verinice. The GSM-verinice-linking enables automated responsibility assignment as well as automated success verification via scan updates.

verinice uses a zip file containing the IT Baseline Protection Catalogs. When downloading via Safari this zip file unpacks automatically, so it can not be indicated in verinice.

Disable the automatic unpacking of zip files in Safari: Safari Preferences > General> Open safe files after downloading.


Alternatively, you can use a different browser (such as Chrome / Firefox).

In order to integrate the new IT Baseline Protection Catalog for verinice.PRO immediately, the cache of the application server needs to be emptied. Proceed as follows:

1. Stop the Tomcat server.

2. Delete all contents of the folder /var/cache/tomcat/temp/.

3. Now change the file "veriniceserver-plain.properties". It is located in the directory /usr/share/ tomcat6/webapps/veriniceserver/WEB-INF/ and contains the settings which IT Baseline Protection Catalog should be used (if not already done).


4. Restart the Tomcat server.

The standard language of verinice is the one used by the operating system (recognized by environment variables).

You can change this manually by editing the file <verinice-install-dir>/verinice.ini:

  • -Dosgi.nl=en
  • -Dosgi.nl=de


Choose the first entry for Englisch language or the second one for German.

If verinice is installed on Windows 7 or Vista within "C:\Programms\", the update must be executed with administrative rights (see the link). Otherwise the update can't be deployed. 

Otherwise the update can't be deployed due to the "VirtualStore" mechanism of Windows Vista / Windows 7:


Alternatively verinice can be installed to a folder, where your normal user has writing permission, e.g. under C:\<User>\.

For getting proper verinice MySQL database dumps under Linux, you should use the MySQL service with the following option in the file /etc/my.cnf. 




After editting this file, you should restart the MySQL service. 

(Thanks to R. Maczkowsky, m-privacy.de)

To import the data from the application "GSTOOL", you need to know the current port number of the running SQL server. You need this information make the correct settings for importing data from "GSTOOL" into verinice.

The SQL server runs on the system where GSTOOL is installed. Click on "Windows Start" / "Run...". Type "cmd" in the command line. Click on "OK". A new window will appear. There you should type the command: "netstat -a -b". A table with current connections will be shown. Now you have to look for the information about "[sqlservr.exe]". The status information in the third column shows the "LISTEN" information. There you will find the hostname and the port number of the "[sqlservr.exe]". See also the screenshot below.  

If you want to set a relation between two types of objects which is not implemented in verinice, you can add it yourself. 

The file "SNCA.xml" contains the description of all relation types. Add your missing relation here.

For verinice.PRO:

  • You can find the file in the directory <tomcat-directory>/WEB-INF

For the standalone version of verinice:

  • The jar-file "sernet.gs.server.jar" contains these settings. Please use programs like WinZIP to open this jar-file. 


Please enter a new relation as <huirelation>. You will find examples in this file.

Using the CSV-Import-Wizard enables you to import any given object into verinice in table form.

Please have a look at the verinice manual (Chapter 11.6) for further details.

Deutsch English Lingua italiana Český jazyk
Contact us

We are here for you!

Our sales team will be happy to help you with any questions you may have about SerNet's verinice products and services - personally and tailored to your individual interests.

You can reach us directly by phone at +49 551 370000-0.
Send us an email at vertrieb@remove-this.sernet.de.

* mandatory fields
© SerNet GmbH, 2024