Product tour
What it looks like to use Cybsis day to day.
Fifteen stops through the surfaces customers spend the most time in — from the dashboard down to the AI and infrastructure oversight tools. Each describes what's really in the product today, copy lifted from the implementation docs. A live walkthrough on a dedicated demo instance is part of every quote — this tour is the warm-up.
Stop 01
Land on what matters most.
The dashboard answers two questions on every visit: how compliant are we right now, and what should I do next? Configurable widgets cover compliance score, risk overview, incident status, task velocity, an executive cross-instance roll-up, and an AI-recommended next best action.
- 11 widgets per instance, plus executive widgets when looking across the tenant
- Per-user drag-and-drop layout — every role sees what they need
- Compliance trend reconstructed from the audit log, no separate analytics store

Stop 02
Eight asset types, one register.
Hardware, software, services, cloud, data, people, facilities, suppliers — each with CIA classification, lifecycle state, custom fields, hierarchy, and sub-assets. The asset register isn't a static inventory; it feeds the risk engine, control implementation, and audit scope automatically.
- CIA classification (1–3 per dimension) drives downstream risk derivation
- Sub-assets capture primary/supporting relationships
- XLSX bulk import with EN/ET headers, 5,000-row cap

Stop 03
Map how the work actually flows.
Business processes carry impact assessment, hierarchical sub-processes, CIA ratings, and explicit links to the assets, risks, and incidents they touch. The process layer ties the technical asset register to operational reality — and any change cascades.
- 5-point impact ratings per CIA axis
- Seven categories: operational, administrative, IT, customer, compliance, security, financial
- Cascading CIA changes auto-recalculate downstream risk scores

Stop 04
From asset
to risk to residual.
Risks live in registers — information security, process, medical, whatever your governance structure needs — each with its own configurable matrix. The risk score is derived from linked assets and processes; the residual is computed live from implemented controls. No spreadsheets, no manual recomputation.
- Configurable matrix (3×3, 4×4, 5×5) with localised labels
- Seven treatment options: unassessed, reduce, accept, transfer, avoid, exclude, needs review
- Audit trail of who decided what treatment, and when

Stop 05
One control, every standard it touches.
Implementation status for every control across every active standard, derived from the underlying measures by an 8-rule algorithm. Cost tracking (estimated and actual), review-date scheduling, service-provider assignment, cross-standard mapping so the same evidence satisfies the same control across frameworks.
- 65 fine-grained RBAC permissions across 17 domains
- Cross-standard mapping: equivalent, subset, superset, related
- Mass-edit, bulk review-date scheduling, per-control cost tracking

Stop 06
Generate the documents the standard demands.
Templates carry questionnaires; data already in Cybsis (assets, risks, business processes, controls) auto-populates them; the AI Assistant drafts the long-form prose. The document moves through a 5-stage lifecycle — draft → review → approved → signed → archived. When it's signed, the controls it satisfies auto-link.
- Template-driven generation with glob-pattern control auto-linking
- AI-assisted drafting (bring-your-own provider key)
- Digital signing in .asice containers

Stop 07
Run an audit campaign end-to-end.
Follows a structured information-security audit workflow aligned with recognised best practices — from preliminary assessment and main audit to follow-up reviews and closure. Cybsis supports separate auditor and auditee views, 5-stage status tracking, weighted risk-based scope sampling, and AI-powered evidence analysis that breaks uploaded documents into reviewable evidence fragments and assesses them against the applicable standard’s requirements.
- Three-year audit cycle management per standard, per instance
- AI evidence analysis flags gaps and drafts questionnaires automatically
- Auditor WIP hidden from auditee until the report stage

Stop 08
From detection to post-mortem.
Detect → Triage → Contain → Investigate → Remediate → Close. Every transition lands in an immutable timeline. Privacy incidents get the GDPR breach flag with notification-deadline tracking. Incidents link directly to the affected assets, controls, and standards — no parallel ticketing system needed for the security inbox.
- Immutable timeline of every action, status change, and decision
- GDPR breach flag with statutory deadline tracking
- AI-assisted classification and initial response drafting

Stop 09
Walk the relationships, don't read them.
Every entity in the registers above — assets, risks, controls, documents, incidents, threats, vulnerabilities, processing activities, service providers, audits, findings, people, org roles — sits on a single navigable canvas. Click an asset; see the risks it carries, the controls that mitigate them, the documents that describe them, the incidents that involved it. Same data, same links — now visible as a map instead of read as a list.
- 16 node types, 7 edge families: ownership, impact, mitigation, documentation, hierarchy, workflow, audit
- Double-click any node to open the underlying record; "Show in graph" on every detail page
- Persisted exploration state; dark mode; keyboard-navigable; included in Core ISMS

Stop 10
Every action, attributed, timestamped, queryable.
Every state-changing action across the platform writes a structured entry: who did it, when, from which IP, against which entity, with the before/after JSON for the change. Filter by user, action, entity, date range. Free-text search across action name, entity type, IP, and user. The audit trail that turns "who did what, when" from a question into a query.
- Filterable by action name, user, entity, instance, and date range
- Federation actor attribution and viaLudwig flag for AI-initiated actions
- Live server-sent-events stream for real-time dashboards

Stop 11
Who's actually doing the work.
The same underlying log, rolled up per user: rows are people, columns are action categories (Controls, Tasks, Risks, Assets, Documents, Incidents, Other), cells are counts in the selected window. Total, last-active timestamp, instance scope, date range. The chronological log answers "what happened?"; this view answers "by whom?".
- Per-user totals across the six major action categories plus an "other" bucket
- Last-active timestamp reads like a heartbeat — see who's drifted away from the ISMS
- Instance-scoped for multi-instance and federated deployments

Stop 12
A senior ISMS consultant in the chat panel.
Ludwig answers what the command palette can't — "how do I implement A.5.1 for our org?", "are we ready for next month's audit?", "why did this control flip to amber?". It reads your live data (risks, controls, missing documents, audit readiness), refuses out-of-scope questions politely, and can propose actions you approve before they run.
- Reads instance data — audit readiness, missing docs, overdue tasks, control gaps
- Action proposals with approve-before-run (Claude-Code-style permission model)
- Bring-your-own key: Anthropic, OpenAI, or Azure OpenAI. Sparkle-button AI Assistant embeds the same intelligence into every workflow form.

Stop 13
Know what the AI did — and what it cost.
Every AI call is logged with prompt, response, function, provider, model, tokens, duration, status, error, and USD cost. Ludwig conversations get a retry-rate score (high retry rate = the assistant didn't satisfy first time), question-category bucketing (risks, controls, policies, assets, processes, incidents, tasks, audit, locator, actions), and per-user totals. The transparency layer for AI features.
- Cost transparency: per-call, per-user, per-instance, per-function — for both BYO-key and RaulWalter-key customers
- Retry-rate detection via Jaccard similarity over content tokens (multilingual stop-words removed)
- Failed-call visibility with provider, model, and error message for fast triage

Stop 14
Watch the box,
not just the ISMS.
Admin dashboard with real-time SSE updates covering every layer of the deployment: OS metrics, memory and disk, PostgreSQL connection pool and live query latency, backup recency, instance counts, per-integration green/yellow/red, license expiry, AI provider last-success. No SSH needed — the operations view lives inside the same product.
- Host, DB, disk, backups, integrations, license, AI provider — one screen, one refresh stream
- Continuous heartbeat sampling persists DB query latency for 7 days to surface drift
- Per-integration green/yellow/red — LDAP, AD, JIRA, Microsoft 365, email

Stop 15
Tail the logs without SSH-ing in.
Read the running container's log stream from the admin UI. A 2000-entry in-memory ring buffer keeps recent history hot for fast scrollback; daily files at logs/YYYY-MM-DD.log on the Docker volume hold the longer history. Levels, search, real-time streaming with a 25-second proxy heartbeat. The diagnostic surface that pairs with System Health — Health says something's wrong, the Log shows what happened just before.
- DEBUG, INFO, WARN, ERROR — filter, search, real-time SSE stream
- 2000-entry in-memory ring buffer plus daily files on the data volume
- Standard format: [ISO timestamp] [LEVEL] [module] message

See it on your data.
A live walkthrough on a dedicated demo instance is part of every quote. Tell us what you'd like to focus on and we'll line one up — no scripted demo, just the product against the standards you actually need to satisfy.