Dear erama community,
I’m currently in the process of implementing eramba for our ISO 27001 certification and a corresponding ISMS in the company.
To plan an optimal configuration for a smooth start, I’m trying to expand my knowledge with the eramba learning videos.
However, I’m unsure how to implement a suitable initial corporate structure inside of eramba, so that I won’t get any surprises later, without the need to restart the whole process.
Can anyone help me set up a suitable initial structure for the following companys or provide any tips for an appropriately mapping of our structure?
The company or group of companies consists of a parent company in the form of a management holding, which is the sole shareholder of the rest companies.
This management holding has founded a total of five other companies with different focuses:
1. Management: This company is responsible for the administrative side, handling administrative functions such as HR, accounting, administration, controlling & digitization, and warehouse management. This is the parent holding company that provides services to all other companies. It is the sole shareholder of all other companies.
2. Security: A company focused on the security industry, particularly building security and property protection.
3. Data Protection: A company offers data protection services to comply with the European GDPR and optimize its activities in this area.
4. IT Security: Offers IT security as a service, securing infrastructures, security processes, and similar services.
5. Event Security: Professional security personnel for events and property protection are offered as a service.
6. Education & Certification: The last company operates in the education sector and offers seminars, workshops and training for obtaining certifications in the field of IT-Security and security-personnel, but also in several other topics.
I would now like to represent this specific corporate structure in eramba and map the interfaces, responsibilities, dependencies, and accountabilities, as this forms the basis for our ISMS on the path to ISO 27001 certification.
We are currently using the community version of eramba on a VDS server, but I’m beginning to doubt whether this version is even sufficient.
For example, we might need to involve multiple stakeholders in the project, and they would then be expected to review documents and other topics in eramba. However, since the community version does not have the dynamic fields function, manual review by the relevant stakeholders would be necessary.
Does this mean that every risk, etc., has to be manually reviewed to identify any requirements that might arise for the respective stakeholder?
Or is there a way to find these pending tasks collectively without relying on dynamic statuses?
I would also like to know if there is anyone here in the community who already has experience implementing a similar corporate structure (ideally using the community version without dynamic statuses?).
FYI:
Purchasing eramba is NOT a problem, but we want to use the free version until we have tested the application and can determine whether it is a suitable and practical solution for managing our ISMS, or whether a more suitable approach in the form of a different application would be better.
Thank you for your attention and for taking the time to read my request! 
I look forward to your responses!
Best regards, Anton H.