Skip to content

Introduction to VIVA#

VIVA stands for availability, integrity, confidentiality, authenticity and is available as an add-on.

As an essential part of an information security management system (ISMS), VIVA supports the documentation of all IT security-relevant processes. The documentation is considered the basis for achieving the goals set in standards such as ISO 27001 or IT-Grundschutz. With the help of VIVA, all data required for the procedure according to IT-Grundschutz and a risk analysis are recorded. Thanks to the structured, partially automated preparation of data, continuous quality analysis and comprehensive reporting, VIVA accompanies the procedure from the very beginning.

VIVA integrates seamlessly with i-doit pro. The focus is on the sensible reuse of data, which is only maintained in one place and always placed in the context of IT security. Much of this data can originate from discovery/inventory tools and LDAP/AD, minimizing the need for manual maintenance. The use of data for other areas such as monitoring, help desk, change management or reporting is also supported. Automatisms and wizards facilitate further work steps. VIVA is rounded off by extensive customizing and the management of several IT-Grundschutz catalogs, information networks and audits.

The following chapters provide a detailed insight into how VIVA works.


The website of the German Federal Office for Information Security (BSI) provides a detailed introduction to IT-Grundschutz. There you will find all information about the BSI standards 100-x, the IT-Grundschutz catalogs and certifications according to ISO 27001 based on IT-Grundschutz.

VIVA covers all topics from the two BSI standards 100-2 "Basic IT protection procedure" and 100-3 "Risk analysis based on basic IT protection". Which IT-Grundschutz catalogs are supported is described in the article Importing Catalogs.

To whom this document is addressed#

The content of this document is aimed at those persons in an organization who are responsible for and/or oversee IT security. In our knowlede base, this role is consistently referred to as Security Manager. The secure handling of i-doit is assumed.

Structure of this documentation#

To make it easier to find your way around VIVA, the structure of the following chapters is described here. It is also explained which chapters are referenced in which BSI standard.