Skip to main content


Information Security, Officially Confirmed

ISO 27001 Certification on the Basis of IT-Grundschutz

One way of implementing the requirements of the IT security standard ISO 27001 is the IT-Grundschutz approach of the German Federal Office for Information Security (BSI). Once all required security controls have successfully been implemented in your IT organization, you are entitled to apply for a BSI certificate; this gives you the opportunity to provide customers, partners, and the public with a proof of your efforts in the field of information security.

A prerequisite for certification is the successful verification of correct security control implementation. Licensed by the BSI, the IT security auditors at plan42 are entitled to carry out ISO 27001 certification audits on the basis of IT-Grundschutz. Having gained experience in a number of audit projects, we are happy to accompany you during all steps leading to your certificate:

1 Application & Approval

The first step is submitting an application to the BSI. Upon approval, we carry out the audit in several phases:

2 Examining Your Documentation

The auditor examines the reference documentation provided by the company. These documents include risk analysis, security policies, etc.

3 Preparation & Implementation

After thoroughly preparing the on-site activities, the auditor carries out the audit in the company and verifies the implementation of the documented processes.

4 Creating the Report

The ISO 27001 auditor creates an audit report summarising the on-site audit results. This is the basis for certification.

5 Verification & Additional Requirements

If deficiencies have been identified, the auditor defines additional requirements and verifies compliance within the specified deadline.

6 Report Review & Certificate

The BSI reviews the results of the audit report. In case of approval, it issues an ISO 27001 certificate on the basis of IT-Grundschutz.

Licensed Auditors for Preparation & Certification

Licensed by the German BSI, our auditors are ISO 27001 audit team leaders for audits based on IT-Grundschutz. We have already completed certification audits in various organisations, one example being the two certificates for the German electronic tax return form ELSTER. You can make use of this experience in the run-up to your project as well: besides conducting the actual certification, we are also happy to accompany you during the preperational phase.

And what can we do for you?

Would you like to learn more about our services regarding certification? Please feel free to contact us.