Feature overview Base27

Explanation of all functionalities of Base277


Base27 is an online software tool with which all information related to the information security of your organisation can be easily and conveniently consulted.

Because of the combination of functionalities, the tool is a solution for the information manager, internal auditor but also for all your employees. Base27 is a complete solution for information security in accordance with ISO 27001 and other standards.

Policy and Organisation

  • Management of policies using digital manuals;
  • Framework with full ISO27001¬†coverage;
  • Display information clearly.

Information Systems

  • The first step towards¬†adequate information security;
  • Unambiguous overview of all sources of information;
  • Controls and reporting possibilities including a BIA and authorisation matrix.

Risk Management

  • Risk analyses based on defined scope, e.g. processes, information systems and/or suppliers;
  • Identifying risks using threat models, such as ISF or the OWASP top 10;
  • Countermeasures (treatment plan) to reduce or exclude the risk by means of controls in framework(s);
  • Monitoring and evaluation of risks and related countermeasures.

Processes and KPI’s

  • Record processes and related information systems;
  • Define critical success factors and KPIs (Key Performance Indicators) and steer them accordingly;
  • Compliance with the standard is automatically made transparent.

Register of Processing Activities (GDPR)

  • Preparation of processing register in accordance with the GDPR;
  • Conduct data protection impact assessments (or DPIAs);
  • Establish processing agreements;
  • Registration of data breaches and collection of all information necessary for notification to privacy authorities;
  • Possibilities for the registration and processing of data subject requests.

Internal and External Audits

  • Periodically carrying out internal / external audits with respect to frameworks and your own policies;
  • Follow-up findings / deviations with countermeasures to improve security;
  • Easily inform management using automated reports.

Implementation and Certification

  • Implementation plan for e.g. ISO 27001 certification;
    • This plan will help you easily through the necessary steps to certify, among others:
      • Defining the policy objectives;
      • Inventory of systems and assets;
      • Risk analysis and management;
      • Internal control (audits);
      • Drawing up a Statement of Applicability (SoA).
  • Migration plan to transfer an existing information management system to Base27, or a GDPR specific implementation with an emphasis on privacy protection.

Operational Planning

  • Insight into which tasks need to be carried out to maintain information security throughout the year and what the status is;
  • Easily assign tasks and monitor progress;
  • The plan is flexible / expandable and can be repeated annually;

It is also possible to use the same functionality to draw up an execution plan, for example, for the implementation or migration of (parts of) the information security.

Management and Board Reports

  • Report to management on all matters related to information security is easy to realise with the help of the management and board reports within Base27;
    • The report is automatically compiled on the basis of selected data.
  • All data is available for reporting: information systems, suppliers, risks, measures, incidents, processing, etc.;
  • Easily print or export to Microsoft Word. The output can be based on templates with custom corporate styling / logo’s.

Enterprise Support and Newsletters

  • Insight per department or business unit;
  • Inform employees about the developments in the field of information security and privacy protection within your organisation by means of newsletters.
  • Insight into the extent to which the newsletters are actually read.


  • Support for different standards:
    • Information security, including: ISO 27001, ISO 27017/18, COBIT 5
    • Privacy protection, including: ISO 27701, GDPR
    • Quality assurance, including: ISO 9001
    • Others, a.o.: ISO 14001
  • Linkage to policy, processes, information systems, as countermeasures for risks, etc;
  • Statement of Applicability (SoA);
  • Easily base internal audits on the Statement of Applicability;
  • By means of dashboards, direct overview into the progress of the implementation.

Dashboards and Reports

  • Comprehensive reports giving you insight into the status of your information security at all times;
  • Dashboards to quickly and easily understand the status of information security;
    • Insight per department, or on the whole;
    • Filters and sorting;
    • Exports to Microsoft Excel or Word;
    • Analysis using pivot tables.

Asset Management

  • Record hardware, software, licenses, keys and contracts;
  • If applicable, issue and collection records can be kept as well as renewal / depreciation;
  • Other types of assets can be added dynamically.

Supplier Selection and Assessment

  • Clearly identify and test the criteria on which you select suppliers;
  • Periodic assessment of suppliers based on selected criteria;
  • Tracking and managing customers and other organisations.

Business Continuity Plans

  • Preparing for calamities by laying down how such calamities should be dealt with and who is responsible for them;
  • Regular monitoring of execution/operation of business continuity plans.

Online Support

  • Direct contact with our support staff;
  • Answers to questions regarding the use of Base27 but also for substantive questions regarding information security and privacy protection.


  • The application is continuously monitored and security updates are applied on a daily basis as needed;
  • Login is based on strong passwords and two-factor authentication;
  • Regular backups of the data and testing its integrity;
  • Data is stored encrypted at our partner in the European Union.

Single Sign-On and Integration

  • Base27 is easy to integrate within your organisation, for example by using SAML to let your employees log in to the application without having to log in again;
  • REST API to link data from other sources. For example, incidents can be read from your ITSM or updates can be sent via this option.

Get to work yourself?

Base27 also offers

News portal for your organisation

Import and export of data

Integration with other systems (REST API)

Expansion with organisation-specific fields

Web-based and mobile-friendly

Single Sign-On (based on SAML) and 2FA

Easy search all information

Insight per department / organisational unit

Regular updates