Skip to main content


Details on the Topic

What Is IT-Grundschutz?

Grundschutz ("IT Baseline Protection") as a framework for the development of an Information Security Management System (ISMS) within a company. The IT-Grundschutz Catalogues are aligned with ISO 27001 and comply with the requirements of this standard. IT-Grundschutz is one way of implementing the ISO 27001 requirements. The IT-Grundschutz Catalogues and associated BSI standards serve as references for selecting appropriate security controls for typical IT configurations. Suggesting suitable organisational, personnel, infrastructural and technical standard security measures, they help you achieve an IT security level that is appropriate and sufficient for normal security requirements and that can serve as a basis for highly vulnerable IT systems and applications.

IT-Grundschutz Standards and Building Blocks

The BSI standards include Germany's interpretation of the ISO 27001 standard and are divided into the following works:
  • BSI-Standard 100-1: Information Security Management Systems (ISMS)
  • BSI-Standard 100-2: IT-Grundschutz Methodology
  • BSI-Standard 100-3: Risk Analysis based on IT-Grundschutz
  • BSI-Standard 100-4: Business Continuity Management
The IT-Grundschutz Catalogues describe risks and adequate countermeasures for individual IT processes. These are reflected in the building blocks devided into the following layers:
  • Generic aspects
  • Infrastructure
  • IT systems
  • Networks
  • Applications

IT-Grundschutz Benefits

An IT security strategy based on IT-Grundschutz offers, amongst other things, the following benefits for your company:
  • Minimal-effort approach - Pre-defined threats allow you to waive a detailed risk analysis.
  • Cost-effective solutions - IT-Grundschutz does not only consider occurrence probabilities, but also expected losses and implementation costs.
  • Expandability & upgradability - Based on user surveys, the BSI constantly updates and expands its IT-Grundschutz Catalogues.

IT-Grundschutz in Your Company

Are you interested in the implementation of IT-Grundschutz in your company? Please refer to our project procedure to learn how plan42 supports you during implementation. Do you have any further questions? Pleae feel free to contact us.