Infopulse Standards Compliance Manager: Practical tool for BSI IT-Grundschutz

Easy and efficient implementation of the BSI standards 200-1, 200-2, 200-3
Book a demo

Official GS
tool alternative

IT-Grundschutz Kit for

Automatic migration
to IT-Grundschutz
Compendium 2022

in Germany

What is BSI IT Grundschutz and How We Can Help

BSI IT basic protection is a collection of standards and catalogs provided by the Federal Office for Information Security (BSI). These standards describe the basics for creating an information security management system and the catalogs, and contain the specific requirements. Infopulse-SCM IT-Grundschutz-Tool entirely supports IT Grundschutz workflow and requirements for building an ISMS and soothes the path through all of the phases of BSI IT Grundschutz.

How Infopulse-SCM Simplifies BSI-IT-Grundschutz Compliance
Infopulse-SCM is an automated ISMS tool and fully supports the IT-Grundschutz workflow and requirements for setting up an ISMS
Automatic migrations to new BSI Grundschutz Compendiums in 1 click
Modern and intuitive design
Easy onboarding with compliance bot Helga and free consultations of our experts
Automated compliance routines (receiving notifications, tracking changes in the concepts, generating reports in time)
Don’t 2x the job: a single platform for all compliance standards, ISMS and DSMS within a single system
Easy import of data from any system: GSTOOL, EXCEL, GRC tools, CMDB and asset management software, and other
Framework for covering industry-specific security standards (B3S) as well as IT-Grundschutz profiles
Standard reports generation (A1-A6) according to IT-Grundschutz
Adaptable ISMS frameworks to your organization’s needs
Ready-to-go IT-Grundschutz Kit

Trusted by

Infopulse-SCM IT-Grundschutz Kits

Our SCM Kit is a quickstart solution that provides with all the ready-to-go structure, necessary tools, documentation, and guidelines needed to implement an ISMS yourself and meet IT-Grundschutz compliance.

  • ✓ ISMS Concept model: preset typical infrastructure of a company – choose only relevant assets without creating them from scratch.
  • ✓ Automatic assignment of requirements according to IT-Grundschutz
  • ✓ Predefined levels of protection that you can choose and easily switch between them (Basic, Standard, Core).
  • ✓ Automatic calculation of the conformity status
  • ✓ Analytical table view with bulk editing options
  • ✓ Risk analysis and assessment using a risk matrix
  • ✓ All the basic reporting templates you need
  • ✓ Offered on-premise and software-as-a-service (SAAS).
Get a kit for €499


We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process.

Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with such compliance aspects and rules before. So we decided to get third-party assistance and signed up with Infopulse SCM.

Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.

Thorsten R.

The three-day workshop from expertree consulting GmbH helped us establish more detailed steps for implementing our information security and data protection management system in our company.

During the workshop, we were able to directly model our individual company processes, the unique requirements, and the current status in the holistic GRC solution, the Infopulse SCM.

The additional possibility of completing the seminar with a certification as a "BSI practitioner" from the Federal Office for Information Security gives us the secure feeling that we are well prepared for the future and found a suitable solution with the Infopulse SCM.

Vladyslav Prykhodko
Data Protection Officer, Jobnet AG

Constantly evolving regulations such as BSI IT-Grundschutz and GDPR are a must for us as a healthcare organization.

As critical infrastructure providers, we need reliable and customizable compliance software. It was easy to adapt Infopulse SCM to our processes. We can assess our clinic’s areas and processes in terms of security and data privacy. Besides, it enabled us to maintain a complete compliance record for the BSI IT-Grundschutz and GDPR (DSGVO) audit.

Dr. Eckehardt S.
Deputy Director

How to implement IT-Grundschutz-Tool with Infopulse-SCM

Book a demo
Structural analysis

In this phase, Infopulse Standards Compliance Manager supports the user with the following functionalities:

Modeling and compliance check

In this phase you can define the security requirements and fully model your concept. Here you prepare the details for the test plan and carry out the IT baseline protection check (compliance test).

Risk analysis

Infopulse SCM ISMS software fully covers:




  • Creation of structural analysis including the business processes, buildings, applications, and IT systems, via an inventory check of your assets/values;
  • Order and grouping in a hierarchical asset structure and visualization of the linking by assigning types;
  • Determination of protection needs and automatic inheritance of requirements (maximum principle, including cumulation and distribution effects);
  • Definition of additional user-defined protection goals, besides integrity, availability, and confidentiality, e.g. B. Industry or company-specific goals;
  • Adjustments to the depth of information (attributes) of your assets using custom fields;
  • Presentation of assets in table view including the ability to edit data (bulk-edit), arrange, group, sort, filter, and export to Excel or CSV format.
  • Standard A1 report with information on Аsset name, type, subtype/s, description, and links;
  • Standard A2 with information on assets protection needs
  • Automatic assignment of IT-Grundschutz modules, recommended requirements, and safeguards;
  • Monitoring of the implementation status of defined measures, requirements, and overall compliance status of assets;
  • Bulk processing of data (bulk edit), e.g. changing the realization status of requirements and measures for several assets;
  • Assignment of persons and persons responsible for task fulfillment and control;
  • Data visualization in table view with different perspectives (e.g. grouping by IT systems with unimplemented data backup requirements).
  • IT baseline protection profile for universities
  • Standard reports A.4 Result of basic Compliance Check and A.6 Implementation plan
  • Qualitative risk analysis according to IT-Grundschutz 200-3, which is a simpler methodology compared to conventional risk analysis methods;
  • Automated risk analysis for assets with high and very high protection requirements;
  • Available risk catalog based on the BSI G0 list with 47 elementary threats and the possibility to create user-defined threats;
  • Risk matrix (4×4 or 5×5 dimension) to show the frequency of occurrence, damage effects, and risks;
  • Allocation of additional measures to the hazards and their monitoring as well as the associated requirements.
  • Standard A5 Report with information on risk analysis
IT Protection Approaches
This approach is the primary safeguarding of the business processes. All Assets are available for analysis in the Compliance Check view. Compliance Check is carried out based on the requirements of the Basic Protection level. Risk Analysis cannot be performed.
The approach is used to comprehensively and deeply protect an organization. All Assets are available for analysis in Compliance Check and Risk Analysis views. Compliance Check is carried out based on Requirements of all Protection levels.
The approach serves as an extra entry procedure for protecting the essential business processes and resources of an organization. Only Crown Jewel Assets are available for analysis in Compliance Check and Risk Analysis views. Compliance Check is carried out based on Requirements of all Protection levels.
Book a demo

What’s new in the BSI
IT-Grundschutz Compendium 2022

The 2022 edition of the IT-Grundschutz Compendium contains 104 IT-Grundschutz modules. There are seven new IT-Grundschutz modules and 97 modules from the 2021 edition, 16 building blocks of which have been revised for the 2022 edition.
*1-click migration with the Infopulse-SCM tool
New Building Blocks
  • OPS.1.1.7 System management
  • OPS.1.2.6 NTP time synchronization
  • APP.4.4 Kubernetes
  • SYS.1.6 Containerization
  • IND.3.2 Remote maintenance in the industrial environment
  • INF.13 Technical building management
  • INF.14 building automation
Changes in building blocks
  • CON.3 data backup concept
  • CON.8 software development
  • CON.10 Web Application Development
  • OPS.1.1.5 Logging
  • OPS.1.1.6 Software Tests and Releases
  • OPS.1.2.5 Remote maintenance
  • APP.3.1 Web Applications and Web Services
  • APP.4.3 Relational databases
  • APP.6 General software
  • SYS.1.1 Generic Server
  • SYS.1.5 Virtualization
  • SYS.1.7 IBM Z
  • SYS.2.1 Generic Client
  • SYS.2.2.3 Clients on Windows 10

Our BSI IT-Grundschutz Services

Try for free

Benefit of free usage of the Infopulse SCM for 3 months to find out how the solution can optimize and streamline your compliance management. Please fill out this form, choose the standards and features you are most interested in. Our consultants will be glad to deliver a personalized webinar for you explaining step by step all the benefits of the SCM adoption.

    What Standards are you interested in?
    What additional Features do you need?

    I have read the privacy policy and agree.

    Subscribe to the newsletter (publications, news, compliance webinars)

    Sign up for our newsletter


      BSI IT Grundschutz is a collection of standards and catalogs that describe generalized procedures for protecting information technology. The aim of the IT-Grundschutz is to describe the minimum requirements for the normal protection needs of IT applications and IT systems.
      Modules are the elementary components of the Grundschutz methodology. They contain the most important requirements and recommendations for securing individual or complex systems and processes and are published in the IT - Grundschutz -Kompendium.
      BSI IT Grundschutz and ISO 27001 are similar in approach. Both standards can be used to determine IT risks and reduce them to an acceptable level using suitable measures. ISO 27001 is more focused on the management of information security, whereas detailed procedures for minimizing risks are described in the BSI basic protection catalogues.
      No, the implementation of the IT-Grundschutz measures is not obligatory. The standard has a recommendatory nature.

      The BSI offers standardized processes and recommends measures to enable companies to confidently meet the challenges of digitization and avoid cybercrimes.