Knowledge out of the box

moduli header

What is knowledge-out-of-the-box.

In the course of our long consulting experience, we have realized that there are two types of activities: those deserving to be paid for, however expensive they may be, and those that should not be the subject of advice.

The first category includes ideas, knowledge and innovative procedures brought along by capable and competent people, diverse experiences, and the opportunity to gain valuable insights of other companies behaviour. These are high-value activities, and in a Data-Information-Knowledge-Wisdom type of model, they are at the top level.

The second category includes all formalisation activities (for example, document title book and approval flow management), analysis and study of international standards and applicable regulations (for example data protection regulations), and the drafting of appropriate documentation to support the organisation. In the above model all this is located just below Wisdom. 

We believe customers should have access to this type of knowledge without having to pay for it every time; that’s why, in developing our product we have used, whenever possible, a knowledge-out-of-the-box approach. This means that many USP modules are not “empty boxes”.


Core Module.

The technological features are mainly found in this component, which is therefore the backbone of the entire portal.
  • Checklists and Standards Management. Used for loading and updating the existing security measures. These can be collected based on international standards or according to the organization's own criteria.
  • Non-conformities. Based on the ISO model, it manages the entire life cycle and relationships, following a many-to-many logical design with respect to corrective actions.
  • Corrective Actions. As with non-conformities, complete management is possible. Configurable workflows allow the assignment of tasks to carry out non-conformity correction activities.
  • Projects. Declined according to the logic of the improvement actions defined in the ISO standards, this module allows to manage and monitor all the project related activities having an impact on safety. As with corrective actions, workflow configuration is possible.
  • Reminder. FThis feature allows you to create timed custom alerts for yourself and others. The functionality propagates to all other modules.


The module is populated with the controls of Annex A of ISO 27001, and with those derived from the main national regulations (196/03, 231/01, etc.) and international standards (PCI-DSS, Cobit, etc.).

Modulo Document Management.

Management of policies, procedures and operating instructions in ISO-Like mode. Thanks to this feature, this module can be used with any certification (9001, 14000, etc.), thus representing a good starting point for the creation of a security management system. Supports the setup of multi-level approval flows.

  • Documents Update. In addition to full versioning support, the system allows you to automatically manage the title blocks (revision, history of changes, associated controls, approvals, versioning, etc.) on the actual document thanks to the possibility of enriching each object with metadata.
  • Non-resident Documents. If you have policies or procedures that are managed in a different system (another document management system, file servers, etc.), these can still be referenced through links and managed as if they were located within the module itself.
  • SOA (Statement of Applicability). The document, specific and mandatory for ISO 27001 certification, is generated automatically once the module has been populated.


The module is populated with drafts of the policies and procedures required to cover the 114 controls of Annex A of ISO 27001.



Memori - Risk Management
Module .

Risk analysis and management tool suitable for the main recognised methodologies. Risk assessment is expressed through the relationship between the variables represented by threat, vulnerability, control and asset, which can be assessed according to several dimensions (confidentiality, integrity, availability, etc.).
  • Risk Management Mode Based on the results of the analysis, it is possible to perform "what if" simulations within the dashboard by modifying the perimeter, merging assets, selecting specific threats. Through the “ranking" function, the tool highlights the most critical assets and suggests the controls to be checked based on effectiveness and efficiency criteria, in order to achieve maximum risk reduction according to the built scenario. The status change is represented in real time on the matrix and histograms.
  • Questionnaires: The module is equipped with a powerful engine for the management of questionnaires aimed at gathering information related to assets, threats, controls and vulnerabilities.
  • GDPR: It integrates the processing activities management with the execution of the risk analyses that the implementation of DPIA (Data Protection Impact Assessment) is based on.


The module is supplied with a pre-filled matrix of threat and control relationships for the reduction of the effect of the event based on the implementation level of the applicable control.

Audit Module .

Thanks to this module, especially conceived to gather and organize all the evidence and documents needed to support audits, the process of collecting and using the material is more efficient.
  • Repository.Centralized storage of materials and automatic management of audits history. In particular, through the configuration of information flows and the reminder functionality, it allows to manage audit preparation activities. Provides a specific read-only view for the auditor, with the ability to directly access the core module in order to open a non-conformity.
  • Cross compliance. "Recovery and reuse” of evidence according to the goal of the audit. This mechanism allows to manage the evidence life cycle, automating their availability for the different standards and regulations to which they are applicable.


The module is supplied with preloaded cross compliance between different regulations and standards, like ISO 27001, PCI-DSS, Cobit, GDPR, etc.).



Security Incident Management module .

Aggregator used to manage the security events escalating to accidents. The module allows for centralized management of security incidents and the development of an adequate knowledge base.
  • Source Integration. Through appropriate customization, it allows automatic import of event data from different sources (SOCs, Ticketing Systems), based on the criteria chosen by the organization.
  • Knowledge Base. The module maintains the correlation between non-conformities and corrective actions as Lessons Learned, and interfaces with Memori in order to provide “historical" indications helping to define the likelihood levels of threat occurrence.


The module can be associated with an intelligence service for the detection of network events related to the customer's activity. These will be regularly uploaded directly to the module according to an agreed frequency.

Time is precious,
We take care of your time.

I accept the Terms and Conditions.

a system of DI. GI. Academy Srl
V.le P. A. Pirelli 6, 20126 Milano P.IVA 06249920965
C.C.I.A.A. REA: MI - 1880014 Cap. Soc. € 12.000,00

This email address is being protected from spambots. You need JavaScript enabled to view it.

+39 02.694.382.64

Who we are

DI.GI. Academy is a company which has been active since 2008 in professional training, software development using advanced technologies, ICT governance and organization consultancy . The three departments of DI.GI. Academy (Training, Consultancy and Software Developments) work together to help customers in many different sectors, from manufacturing to finance and services, to reach their business goals.

© Copyright Di. Gi. Academy Srl