Mar 26, 2020

What’s New in the BSI IT-Grundschutz 2020 Compendium

At the beginning of 2020, the Federal Office for Information Security (BSI, Germany) released a new revision of the IT-Grundschutz Compendium 2020. What’s new, and how will it affect compliance processes?
Infopulse Standards Compliance Manager BSI IT-Grundschutz Compedium 2019
Infopulse SCM with Grundschutz 2020 on board

What is the BSI Grundschutz standard?

The BSI standards provide recommendations on methods, processes, and procedures, as well as approaches and actions on different aspects of information security. Organizations can use BSI standards to make their operations, processes, and data safer.

  • The BSI standard 200-1 defines general requirements for an Information Security Management System (ISMS).
  • The BSI Standard 200-2 provides a foundation for building an ISMS based on IT-Grunschutz methodology.
  • The BSI Standard 200-3 covers risk-related issues. The standard provides a clear path to gear the IT-Grundschutz analysis to the risk assessment process.

IT-Grundschutz 2019 vs. IT-Grundschutz 2020: What’s the Difference?

The 2019 edition contained 94 modules, 14 of which were completely new ones. 25 modules have been substantially revised. Major novelties referred to Mobile applications, Cloud solutions, embedded systems, and extended platform support (MacOS, PBX, SAP, IBM Z, etc.).

As for the new edition of the IT-Grundschutz Compendium, it has two new modules: CON.8 “Software Development” and INF.5 “Room and cabinet for technical infrastructure.” Besides, the BSI has revised existing modules from version 2019.

The IT-Grundschutz Compendium 2020 focuses on the description of standardized security requirements for typical business processes, applications, and IT systems and their threats. Broken down into 96 building blocks, IT-Grundschutz also deals with the implementation of clear security measures and the detailed procedures for risk mitigation.

Infopulse Standards Compliance Manager BSI IT-Grundschutz Compedium 2020

Responsibility for information security remains at the top management level. Yet the task of “information security” is typically delegated to an information security officer.

The titles are now supplemented by an abbreviation:

  • “basic requirement” (B)
  • “standard requirement” (S)
  • “requirement for increased protection requirements” (H).

All modules have been revised in terms of content; the structure of the text has been improved. This enables the IT-Grundschutz modules to be used even more accurately. Edition 2020 replaces Edition 2019 and is valid until September 30, 2020, for current certification processes.

Integration with automated solutions

As BSI IT-Grundschutz is a very detailed regulation, its full implementation in the organization can be a highly time and resource-consuming task. Automated solutions like Infopulse Standards Compliance Manager significantly reduce your efforts by breaking down the silos and streamlining all compliance-related processes.

The Infopulse SCM version integrates the updated IT-Grundschutz documentation. Besides a set of improved and added features, you will be able to use all the features of the updated IT-Grundschutz 2020.

Implementing IT-Grundschutz 2020 with Infopulse SCM

Infopulse SCM supports the BSI IT-Grundschutz, and its new update is automatically built in the system. It will enable users to:

  • Create new concepts based on the IT-Grundschutz 2020
  • Migrate the existing security concept to the modernized IT-Grundschutz 2020
  • Get automatic updates of the requirements and modules
  • Empower the security evaluation process with new modules
  • Use new roles to add flexibility to your ISMS

Check out the new features with Infopulse SCM.

Request a trial

Try it!

Request your personal 15-days trial to find out how Infopulse SCM can optimize and streamline your compliance management.
Please fill out this form, choose the standards and features you are most interested in - we will come back with a personalized live demo, based on your choice, and provide the credentials for your trial instance.