HomeCompliance › IT-Grundschutz

IT-Grundschutz compliance software for German organisations.

BSI Standards 200-1/-2/-3/-4 plus the Grundschutz-Kompendium pre-loaded. Pick Basis, Standard or Kern; we model Strukturanalyse, Schutzbedarf and the right Bausteine for you. Built for Mittelstand, KRITIS operators, the public sector and the providers serving them - in English and German.

Open the portal See pricing

What is IT-Grundschutz?

IT-Grundschutz is the German federal methodology for information security, maintained by the BSI. The four BSI Standards (200-1 ISMS, 200-2 Vorgehensweise, 200-3 Risikoanalyse, 200-4 BCM) plus the Grundschutz-Kompendium (catalogue of Bausteine) form the complete framework. Mandatory for federal bodies, widely adopted by Mittelstand and required of KRITIS operators.

Who needs to comply

  • Federal Bundesbehoerden and many Laender
  • KRITIS operators under BSIG §8a
  • Stadtwerke, energy utilities, hospitals, transport
  • Mittelstand vendors selling into the German public sector

Key Grundschutz capabilities in Dazr

Basis / Standard / KernPick your Vorgehensweise; the control set scales accordingly.
StrukturanalyseModel processes, applications, systems, networks, rooms per Grundschutz convention.
SchutzbedarfsfeststellungPer-asset CIA classification (normal / hoch / sehr hoch).
BausteineORP, CON, OPS, SYS, NET, APP and more pre-loaded with Anforderungen.
Risikoanalyse (200-3)Required for hoch / sehr hoch protection needs - templated workflow.
Notfallmanagement (200-4)BCM scope, plan, test schedule with annual exercise tracking.

What auditors look for

A BSI-zertifizierter Auditor walks Strukturanalyse, Schutzbedarf, Bausteine selection, Risikoanalyse for high-bedarfs systems, then samples evidence per Anforderung. Surveillance is annual, full audit triennial. We keep the trail audit-ready year-round.

How Dazr helps with IT-Grundschutz

  • Pre-loaded Bausteine with Anforderungen converted to review tasks
  • Schutzbedarfsmatrix per asset, reviewed yearly
  • Run Grundschutz alongside ISO 27001 for the combined certification path
  • Risikoanalyse templates for hoch / sehr hoch systems
  • Hand the auditor a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

IT-Grundschutz questions, answered.

What is IT-Grundschutz?

The BSI methodology for information security in Germany. BSI Standards 200-1/-2/-3/-4 plus the Grundschutz-Kompendium form the framework. Mandatory for federal bodies, widely used by Mittelstand and KRITIS operators.

Basis, Standard or Kern - which to pick?

Basis: minimum baseline, fastest to implement. Standard: full ISO 27001-equivalent. Kern: focus on crown-jewel processes. Most teams start with Basis and upgrade as the programme matures.

How does Grundschutz relate to ISO 27001?

Standard-Absicherung is equivalent to ISO 27001 - the BSI runs a combined "ISO 27001 on the basis of IT-Grundschutz" certification. Bausteine map to ISO 27002 with more concrete Anforderungen.

Where is data hosted?

European Union only. AES-256-GCM at rest. EU jurisdiction.

Ready to start your IT-Grundschutz programme?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks