Published under Risk Management

Tool Identity Card

General information
Basic information to identify the product

Tool name : Proteus
Vendor name : Infogov (Information Governance Limited)
Country of origin : United Kingdom

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : World-Wide (State oriented)
Supported by organization, club,... (e.g. as sponsor) : British Standards Institution (BSI) - Information Security Forum (ISF) - Holistic Information Security Practitioner Institute (HISP institute)

Brief description of the product
Give a brief description of the product containing general information, overview of functions…

  • Proteus Enterprise is a comprehensive web server based compliance, information security and risk management, and Corporate Governance tool developed by Information Governance Ltd. The entire range of Proteus products, and its preceding versions, have been branded and distributed by the British Standards Institution since 1995, although most enterprise level sales are direct via Information Governance Ltd and its global distribution network managed by Veridion Inc., Canada. Proteus allows organizations to implement the controls of any standard or regulation, e.g. BS ISO/IEC 17799 and BS ISO/IEC 27001, BS 25999, SOX, CobiT, PCI DSS etc.

Supported functionality
Specify the functionality this tool provides.

R.A. Method phases supported

  • Risk identification : Both Qualitative and Quantative Risk Assessment techniques supported. Both being fully integrated with Asset Management, Threats, Countermeasures, Risk Treatment Plans and Incident Management
  • Risk analysis : Relative and Absolute risk scales can be used to adapt to corporate ‘risk appetite’.
  • Risk evaluation : 5 types: Physical, Information, Service, Application and Group (combination) Assets are supported.  Threats can be automatically inherited via asset relationships, location and asset profile

Other phases

  • Asset inventory & evaluation : Supported by location but cross-referenced across an entire, multi-national or distributed, organisation. External, open interface, to import data and to integrate with third part applications such as network scanning and penetration testing applications.

R.M. Method phases supported

  • Risk assessment : 5 stage generic process, easily mapped to BS ISO 27001, IRAM or other methodologies
  • Risk treatment : ‘Action Plans’ are fully integrated with Compliance, Risk Assessment, Business Impact Analysis, Business Continuity and Incident Management.
  • Risk acceptance : Full audit trail of ALL system changes. Every process is automatically captured as a time stamped PDF, and full sign-off & acceptance is supported via email and workflow management.
  • Risk communication : Every aspect of the system can be reported or viewed by ‘secure’ PDFs, fully customisable Business Objects reporting, and via the optional Proteus RiskView™ management information graphical ‘dashboard’

Other phases

  • N/A

Other functionality

  • Document Management
  • Business Continuity
  • Remote auditing: Distribute questionnaires
  • Incident Management
  • Automated Alert MAnagement (SMS and email) : Incidents can be captured via custom intranet Portal pages and automated alerts (by SMS of email) sent to relevant individuals according to the affected (or potentially affected) assets and business processes.

Information processed

  • Global Views : Compliance status, Financial Exposure, Threats, Incidents etc.
  • Compliance : Documentation (Policies, procedures, evidence, testing) and Corrective Actions.
  • Assets : Related Controls and Tasks.
  • Incident Management : Analysed by incident type and/or losses, with identified control failures and related assets
  • Business Impact : Processes by Risk or with Assets affected by Incidents
  • Business Continuity : Critical process exposures
  • Risk Analysis : Threat Exposure
  • Action Plans : Task Summary
  • Incidents : Event types and losses
  • Document Control : Review Status

Date of the first edition, date and number of actual version

Date of first release : March 1995 - CoP-iT, original Compliance 'gap analysis' tool, launched concurrently with BS7799:1995
Date and identification of the last version : June 2007 - Proteus Alert Management™ (P.A.M.)  Fully integrated automated alert management linked to custom client intranet web ‘portal’ pages for Incident capture.

Useful links
Link for further information

Official web site :
user group web site : N/A
Relevant web site : - -

List the available languages that the tool supports

Languages available : English - french - Spanish - Japanese - Chinese

Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)

  • Proteus Solo :599 £/year
  • Proteus Professional :6000 £/year or 600 £/month
  • Proteus Enterprise : p.o.a

Sectors with free availability or discounted price : N/A

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : 1.Webex Demo or Evaluation by request - 2.Pilot Project p.o.a.
Identification required : N/A
Trial period : N/A

Tool architecture
Specify the technologies used in this tool

  • Database : MS SQL
  • Web server : IIS or Apache
  • Application Server : PHP
  • Client : I.E., Firefox etc.

Page top


Target public
Defines the most appropriate type of communities for this tool

  • Government, Agencies
  • Large scale companies
  • SME

Specific sector : Finance, TelCo, Pharmaceutical, Retail, Government

Information concerning the spread of this tool

General information : World-wide in many different organizations
Used inside EU countries : N/A
Used outside EU countries : N/A

Level of detail
Specify the target kind of people for this tool based on its functionality

Management : yes
Operational : yes
Technical : N/A

Compliance to IT Standards
List the national or international standard this tool is compliant with

  • BS ISO 17799 & 27001 : Licensed by BSI
  • BS 25999 : Licensed by BSI
  • SoGP : Licensed by ISF
  • SOX
  • Many Others

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • BS ISO 27001

Information about possible training courses for this tool

Course : Proteus Enterprise
Duration : 2 Days
skills : InfoSec
Expenses : Public courses free of charge

Course : Holistic Information Security Practitioner
Duration : 5 Days
Skills : H.I.S.P.
Expenses : £1,500

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : Web & Database Servers, Business Objects on own server, or can be hosted on InfoGov secure servers
  • To use : Standard web Browser
  • To maintain : Standard web Browser

Tool Support
Specify the kind of support the company provides for this product

Support : Telephone, email (Local Language support by International Distributors)

Organization processes integration
Describe user roles this tool supports

Supported Roles

  • N/A

Intergration in Organization activities

  • N/A

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools


  • Integration Method
  • Active directory
  • Single Sign-on
  • External Network Audit : API
  • External ERP : API
  • External Bespoke : Database Replication / Synchronisation

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • Full Authoring Facilities included

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • Fully Customisable : Supports multi-languages, menu and forms customisation
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies