ISMS Builder

ISMS Builder is a self-hosted web platform for managing an Information Security Management System. It covers the compliance lifecycle from policy authoring to audit evidence for ISO 27001:2022, NIS2, GDPR/DSGVO, BSI IT-Grundschutz, and related frameworks, with no cloud required and data kept on your server.

Modules span policy management, a Statement of Applicability with cross-mapping, risk register, asset and supplier management, business continuity, and audit findings. Access uses JWT cookie auth, bcrypt passwords, enforceable TOTP 2FA, and role-based access control, and every create, update, delete, and login action is recorded in an audit log. Data is stored in JSON files or SQLite, with optional local Ollama semantic search and keyword fallback.

ISMS Builder is active-development software under the AGPLv3, aimed at SMEs, IT teams, and consultants. ISO 27001 and ISO 9001 control text is not included and must be imported by the administrator from a licensed source.