Why ESM?


Get busy and start today!


Synchronize your team and let everyone instantly see how they can contribute to making your organization safer by adding read-only users without cost.

*ESM Base is included in trial, contact Innovate Security for testing of the other modules.

  • Take control over Information Security using a visual model of Information Security Architecture

  • An effective way to maintain compliance with regulations and frameworks.

  • Design your own Internal Controls and monitor compliance.

  • Import your own standards and frameworks and create Statements of Applicability for them, "state once, measure many"

  • Support in Asset Based Risk Identification

  • A visual and effective GDPR-repository and support in Data Protection by Design

  • A visual and effective support for working with Business Continuity Planning, including ISO/IEC27031

  • Integrate support for standards, regulations and frameworks e.g. ISO/IEC27000, EBA Guideline on ICT Risk and Security Management, EBA Guideline on Outsourcing arrangements, EIOPA Guideline on ICT Risk and Security Management, PCI-DSS, CSA CCM, 20 CIS Control and more.


Skärmavbild 2020-06-23 kl. 12.02.40.png
Skärmavbild 2020-06-23 kl. 12.02.19.png
Skärmavbild 2020-05-25 kl. 13.43.53.png
Skärmavbild 2020-06-23 kl. 12.04.07.png
Skärmavbild 2020-06-23 kl. 12.03.29.png
Skärmavbild 2020-06-23 kl. 12.02.40.png


ESM - Enterprise Security modeller is a simple visual modelling tool that help you know and protect your valuable assets. ESM will guide you to document precisely what is needed to support your business needs in information security and regulatory compliance.

In ESM you don't get just another modelling tool - you get our built in expert advice on what to modell and how to do it right!

Benefits: visual and simple repository of processes, information, suppliers and IT-systems. Get instant reports of compliance, security requirements and work with your own standards and/or frameworks.



ESM is designed to be as simple as possible, but not simpler. This will help you spend your time on just the right documentation and modelling that is needed to keep your information safe and comply with regulatory demands such as GDRP.

Benefits: don't lose time with unnecessary details, document important assets and connect them to Information Security Architecture, frameworks and regulations


Working with Information Security is complex, the use of standards will let you use the collective experience of other organisations. ESM has a built-in support for ISO/IEC 27000 letting you efficiently connect Information Classification with the requirements in several standards. This enables a more efficient collaboration on what controls should be implemented where and follow-up the compliance.

  • ISO/IEC27001 - Information Security Management

  • ISO/IEC27002 - Information Technology, Security techniques, Code of Practise for security controls

  • ISO/IEC27005 - Information Technology, Security techniques, Information Security Risk Management

  • ISO/IEC27018 - Information Technology, Security techniques, Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

  • ISO/IEC27701 - Information Technology, Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines

ISO support in partnership with Swedish Institute for Standards.

Benefits: Connect requirements and security controls from ISO with your assets and maintain an updated status of compliance. A measurable Information Security Management System.


The easy-to-use, fast en efficient modelling of processes, information and IT-systems let you track information that needs to be compliant with GDPR and where that information is processed and/or stored. ESM offers a visual and simple way of working with the protection and handling of privacy information that will enable collaboration between specialists.


ISO/IEC27018 and ISO/IEC27701 provides support on what security controls should be applied to protect Your personal data. One step closer Data Protection by Design.

Benefit: Keep your repository updated and measurable, get instant reports of where your sensitive data is and how it is processed.

Managing ICT Readiness for Business Continuity

The built-in connection between processes, IT-applications and organisations makes ESM ideal for working with Business Continuity. Classify processes and connect the Criticality levels with requirements on Backup & Restore, Recovery Documents and other technical or administrative controls. The controls will then be automatically distributed amongst relevant objects. Delegate control and get a measurable implementation of Business Continuity Planning.

Integration of ISO/IEC27031 with a Statement of Applicability is included.

Benefit: Get rid of excel sheets and work with dynamic data that enables an efficient and effective Business Continuity program. Get compliance reports down to specific organisations and business application.s


Information security is too important for your company to leave it to specific experts alone. Information Security has to built in into all areas of your business; from business processes, IT-architecture and physical infrastructure. More people need to be involved and collaborate - directly or indirectly - to keep your information safe.

Benefits: A common model, a common view of compliance and the level of protection of sensitive assets.