Oxomium

Oxomium is designed to help cybersecurity team to handle the conformity of organizations regarding standard or internal policy. It’s design to be simple to use and avoid complex spreadsheets.

Oxomium is provided with a basic set of features at first but will be extended with time.

The OpenSource aspect is fundamental for me and will (I hope) help to improve the tool quickly with the feedback of several users.

Conformity management

Oxomium is able to help you track your organization’s conformity to security policy. The policy could be a default one (ISO27001 and NIST are provided) or your own.

screenshot of policy description Screenshot of the ISO27001 policy description

screenshot of a conformity page Screenshot of the conformity of the Alpha organisation to ISO27001 policy

Audit management

Oxomium allows you to register your audit and the findings associated.

screenshot of a audit description Screenshot of an audit summary includings findings synthesis

Roadmap

I have planned a road map to improve the tool progressively. I will use the GitHub milestones to show the progress of the development.

The plan for the next version is :

Add default dataset for ISO27001 and NIST policy
Management of the audit findings.
Support of Actions and Actions Plan attach to an audit findings, a non-conformity (or both).
Executive dashboard and email notification for deadline management.
Security survey for external supplier (with magic link).
Support of manual Indicator (KPI).
Support of automatic Indicator with automatic data gathering from API.

Contact

For any issues related to the project, please don’t hesitate to reach me through GitHub issue ! All help can be useful, even a simple user feedback.