Deming

Deming is an open source tool for managing an Information Security Management System aligned with ISO/IEC 27001. It helps organizations plan, monitor, and report on security measures so they can track control effectiveness, verify that security requirements are met, and support continuous improvement.

It supports the performance assessment work of ISO 27001 Chapter 9 by helping define what to measure, choose methods, schedule checks, assign responsibility, and analyze results. It provides control lists, control planning, action plan management, a coverage view, and ISMS steering meeting reports, and ships referentials including ISO 27001, ISO 22301, NIS2, DORA, PCI DSS, and NIST SP 800-53. Administrators can import their own referentials from a spreadsheet.

Deming uses PHP and JavaScript with the Laravel framework and stores data in MariaDB, MySQL, PostgreSQL, or SQLite. It is GPL licensed and can be run with Docker or installed on Debian and Ubuntu.