Deming
Management tool for the information security management system / Outil de gestion du système de management de la sécurité de l'information
Install / Use
/learn @dbarzin/DemingREADME
Deming
- Read this in other languages: French
:rocket: Introduction
In a context where information security has become a strategic priority, organizations must not only implement protection measures but also demonstrate their effectiveness and long-term consistency. Deming supports this effort by providing a robust open source solution designed to manage an Information Security Management System (ISMS) in compliance with the ISO/IEC 27001 standard.
Created by CISOs for CISOs, Deming combines comprehensive functional coverage, a clear architecture, and strong adaptability to real-world operational needs. Backed by thorough documentation and an active community, it is steadily establishing itself as a key reference in critical environments.
Recognized for its quality and impact, Deming is the best open source tool for GRC and ISMS management.
:question: What is Deming?
Deming is a powerful, intuitive tool designed for managing, planning, monitoring and reporting on the effectiveness of security measures. In line with ISO/IEC 27001:2013, Chapter 9, Deming helps you guarantee appropriate and proportionate security, while complying with the most demanding standards.
:dart: Why monitor?
Regular monitoring and evaluation of security measures is essential for :
- Evaluate the effectiveness of controls in place.
- Verify that security requirements are being met.
- Continuously improve information security.
- Provide accurate data for decision-making.
- Justify the need to improve the information security management system (ISMS).
Deming gives you the tools you need to meet these objectives effectively.
:chart_with_upwards_trend: Performance assessment
According to ISO 27001, chapter 9.1, it is imperative to assess security performance. Deming guides you through this process, enabling you to:
- Determine what needs to be monitored and measured.
- Choose the right methods to ensure valid results.
- Schedule monitoring and measurement times.
- Identify who is responsible for each task.
- Analyze and evaluate results.
:computer: Screen overview
:star: Main screen
<img src="public/screenshots/main1.en.png" width="500">
:white_check_mark: List of controls
<img src="public/screenshots/controls.en.png" width="500">
:calendar: Control planning
<img src="public/screenshots/calendar.en.png" width="500">
:memo: Action plan management
<img src="public/screenshots/plans.en.png" width="500">
:satellite: Protective measures coverage view
<img src="public/screenshots/radar.en.png" width="500">
:page_facing_up:️ ISMS steering meeting report
<img src="public/screenshots/pilotage1.en.png" width="400"> <img src="public/screenshots/pilotage2.en.png" width="400">
:classical_building: Referentials supported
| File | Description | |--------------------------------------|--------------------------------------------------------------------------------| | DORA.en.xlsx | Digital Operational Resilience Act | | HDS.fr.xlsx | Hébergeur de Données de Santé | | ISO22301-2019.fr.xlsx | ISO/IEC 22301, 2019, in French | | ISO27001-2013.fr.xlsx | ISO/IEC 27001, 2013, in French | | ISO27001-2022.en.xlsx | ISO/IEC 27001, 2022, in English | | ISO27001-2022.fr.xlsx | ISO/IEC 27001, 2022, in French | | ISO27001-2023.de.xlsx | ISO/IEC 27001, 2023, in German | | MPA-5.2-Best-Practices.xlsx | Motion Picture Association Best Practices, v5.2 | | MPA-5.3-Best-Practices.xlsx | Motion Picture Association Best Practices, v5.3 | | NIS2.en.xlsx | NIS 2 directive requirements | | NIS2.de.xlsx | NIS 2 directive requirements | | NIS2.fr.xlsx | NIS 2 directive requirements | | MVSP-3.0.xlsx | Minimum Viable Security Product, v3.0 | | PCI.DSS.4.0.EN.xlsx | PCI DSS, v4.0, in English | | sp800-53r5-control-catalog-full.xlsx | NIST SP 800-53 Rev. 5 |
Adding your own referential to this list is done via a spreadsheet in Deming's administration interface.
:books: Documentation
To find out more about using the application, please refer to the user documentation.
:hammer_and_wrench:️ Technologies used
- Languages: PHP, JavaScript
- Framework : Laravel
- Database: MariaDB, MySQL, PostgreSQL, and SQLite
- Graphics: ChartJS
⚙️ Installation
Follow the installation procedure for Debian to set up the application.
Follow the installation procedure for Ubuntu to set up the application.
🐳 Docker Installation
Get up and running quickly using Docker. Run a local instance in development mode:
git clone https://github.com/dbarzin/deming.git
cd deming
cp .env.example .env
sed -i 's/DB_HOST=127.0.0.1/DB_HOST=mysql/' .env
docker compose up
:car: Roadmap
Consult the roadmap to discover future developments of Deming.
:scroll: License
Deming is open source software distributed under the GPL license. Contribute, improve and participate in securing information systems worldwide!
Related Skills
healthcheck
337.4kHost security hardening and risk-tolerance configuration for OpenClaw deployments
node-connect
337.4kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
prose
337.4kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
frontend-design
83.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
