Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

IT-Grundschutz

A systematic basis for information security

As a sound and sustainable methodology for information security management systems (ISMS), IT-Grundschutz covers technical, organisational, infrastructural and personnel aspects in equal measure. With its broad foundation, IT-Grundschutz offers a systematic approach to information security that is compatible to ISO/IEC 27001.

Whether the information security officer of a public authority, the CISO of a large company or the managing director of a small or medium-sized enterprise: With IT-Grundschutz they can all find information that suits the security requirements of their respective institutions.

BSI Standards and Certification

With the BSI Standards, IT-Grundschutz offers essential publications for all kinds of institutions who want to set up an ISMS:

  • BSI Standard 200-1 defines the general requirements for an ISMS
  • BSI Standard 200-2 explains how an ISMS can be built based on one of three different approaches
  • BSI Standard 200-3 contains all risk-related tasks
  • BSI Standard 100-4 covers Business Continuity Management (BCM)

In order to make the successful implementation of IT-Grundschutz transparent to the outside world, companies or public authorities can be certified according to ISO 27001 on the basis of IT-Grundschutz. This certificate confirms that the IT security concept meets the requirements of ISO 27001.

BSI Standards

BSI Standards 200-X

BSI Standards 100-X

IT-Grundschutz Compendium

The different modules of the IT-Grundschutz Compendium contain security recommendations on a wide variety of topics. Detailed advice and safeguards in the implementation guidelines for the IT-Grundschutz modules make it easier for information security officers to apply information security in their day-to-day work.

The speed of development in information security requires constant updates to the IT-Grundschutz. Therefore, existing publications are reviewed and new modules are added on a regular basis. Additionally, IT-Grundschutz users can contribute their experience and know-how from professional practice to all publications and thus enrich them.

This is the English version of the Compendium 2022.
English versions are published only as drafts and may contain errors or differences to the German versions. Thus, only the German version can be used as a basis for certification.

Archive:

Online course: Information security with IT-Grundschutz

The online course for IT-Grundschutz is based on the IT-Grundschutz compendium as well as on the BSI Standards 200-1, -2 and -3. It can help users who wish to familiarise themselves with the IT-Grundschutz to enter into the implementation of this methodology.

Different users – one solution

This online course addresses not only users from companies and public authorities, but also students and everybody who is interested. It encourages particularly users from small and medium sized companies to use this course for information security review in their institution. The English version of this course is available only as PDF.

IT-Grundschutz profiles

An IT-Grundschutz profile is a template for a selected scenario (information system or business process) via which the IT-Grundschutz implementation is specified for this area. An IT-Grundschutz profile is used to prepare various steps of the information security process for a defined application area in such a manner that it can be adapted as a framework for security concepts. The objective of IT-Grundschutz profiles is to offer sample scenarios for certain applicationareas, which facilitate individual users in these areas when mapping the security process according to IT-Grundschutz to their individual framework conditions.

Downloads

Similar topics

Back to Standards and Certification

Short URL:
https://www.bsi.bund.de/dok/it-grundschutz-en