Compliance Aspekte – practical BSI IT-Grundschutz tool with a ready-to-go kit

 

  • Efficient implementation of the BSI standards 200-1, 200-2, 200-3
  • AI-enabled tool with smart AI Bot
  • Automatic migrations to new BSI Grundschutz Compendiums
  • IT-Grundschutz kit with read-to-use structures, tools, guidelines
  • Supporting multiple standards: ISO family, GDPR, B3S, ®TISAX, ®ASPICE, BnetzA
Try for free

Official GS tool alternative

Ready-to-go IT-Grundschutz kit

Automatic migration to IT-Grundschutz Compendium 2023

kritis logo

Hosted in Germany

BSI IT-Grundschutz tool

Try now for free

BSI IT-Grundschutz consulting

Get a free consultation

Why choose the Compliance Aspekte IT-Grundschutz tool

Try for free
  • One-click migrations to new BSI Grundschutz Compendiums.
  • A single platform for multiple information security, IT, and data protection regulations.
  • Seamless integration with systems like GSTOOL, EXCEL, CMDB, Jira, Microsoft, SAP, asset management software, and other systems.
  • Personal AI assistant based on Azure AI.
  • Framework for covering industry-specific security standards (B3S) as well as IT-Grundschutz profiles.
  • IT-Grundschutz kit with all the ready-to-use structure, necessary tools, documentation, and guidelines.
  • Standard reports generation according to IT-Grundschutz (A1-A6).

Discover the IT-Grundschutz tool in action

Try for free

How to implement
IT-Grundschutz
with Compliance Aspekte

1. Structural analysis
2. Modeling and compliance check
3. Risk analysis

At this stage, Compliance Aspekte supports users with several essential steps and functionalities.

  • Creation of structural analysis of your organization, including the business processes, buildings, applications, and IT systems, via an inventory check of your assets/values.
  • Order and grouping in a hierarchical asset structure and visualization of the linking by assigning types.
  • Determination of protection needs and automatic inheritance of requirements (maximum principle, including cumulation and distribution effects).
  • Definition of additional user-defined protection goals, besides integrity, availability, and confidentiality, e.g., B. Industry or company-specific goals.
  • Adjustments to the depth of information (attributes) of your assets using custom fields.
  • Presentation of assets in the table view, including the ability to edit data (bulk-edit), arrange, group, sort, filter, and export to Excel or CSV format.
  • Standard A1 reporting with information on asset name, type, subtype/s, description, and links.
  • Standard A2 reporting with information on asset protection needs.

At this stage, you can define the security requirements and fully model your concept. Here, you prepare the details for the test plan and carry out the IT baseline protection check (compliance test).

  • Automatic assignment of IT-Grundschutz modules, recommended requirements, and safeguards.
  • Monitoring the implementation status of defined measures, requirements, and overall compliance status of assets.
  • Bulk data processing (bulk edit), e.g., changing the realization status of requirements and measures for several assets.
  • Assignment of persons responsible for task fulfillment and control.
  • Data visualization in the table view with different perspectives (e.g., grouping by IT systems with unimplemented data backup requirements).
  • IT baseline protection profile for universities.
  • Standard reports A.4 Result of basic Compliance Check and A.6 Implementation plan.

Using Compliance Aspekte software, you can conduct in-depth risk analysis to make more informed decisions.

  • Qualitative risk analysis, according to IT-Grundschutz 200-3, which is a simpler methodology compared to conventional risk analysis methods.
  • Automated risk analysis for assets with high and very high protection requirements.
  • Available risk catalog based on the BSI G0 list with 47 elementary threats and with the possibility of creating user-defined threats.
  • Risk matrix (4×4 or 5×5 dimension) to show the frequency of occurrence, damage effects, and risks.
  • Allocation of additional measures to the hazards and their monitoring, as well as the associated requirements.
  • Standard A5 reporting with information on risk analysis.

What is new in the BSI Grundschutz Compendium 2023

The 2023 edition of the IT-Grundschutz Compendium contains 111 IT-Grundschutz modules, ten new ones, and 101 from the 2022 edition. Three modules from the 2022 edition have been omitted. 21 building blocks from the 2022 edition were revised for the 2023 edition.
New building blocks
  • CON.11.1 Secret protection VS-ONLY FOR SERVICE USE (VS-NfD)
  • OPS.1.1.1 General IT operations
  • OPS.2.3 Use of outsourcing. This module replaces OPS.2.1 outsourcing for customers.
  • OPS.3.2 Offering outsourcing. This module replaces OPS.3.1 Outsourcing for service providers.
  • APP.5.4 Unified Communications and Collaboration (UCC)
  • SYS.1.2.3 Windows Server
  • SYS.1.9 Terminal Server
  • SYS.2.5 Client Virtualization
  • SYS.2.6 Virtual Desktop Infrastructure
  • NET.3.4 Network Access Control
Changes in building blocks
  • SYS.2.2.2 Clients on Windows 8.1. Support for the operating system ended on January 10, 2023. Windows 8.1 should, therefore, no longer be used.
  • OPS.2.1 Outsourcing for customers. The module is replaced by OPS.2.3 Use of outsourcing.
  • OPS.3.1 Outsourcing for service providers. The module is replaced by OPS.3.2 Offering outsourcing.

Compliance Aspekte IT-Grundschutz kit

Compliance Aspekte IT-Grundschutz kit is a quickstart solution for fast implementation of the information security system according to IT-Grundschutz.

This kit provides users with all the ready-to-go structure, necessary tools, documentation, and guidelines needed to implement an ISMS yourself and meet IT-Grundschutz compliance.

Using Compliance Aspekte IT-Grundschutz kit, you will get:

  • ISMS Concept model: preset typical company infrastructure – choose only relevant assets without creating them from scratch.
  • Automatic assignment of requirements according to IT-Grundschutz.
  • Predefined levels of protection that you can choose and easily switch between them (Basic, Standard, Core).
  • Automatic calculation of the conformity status.
  • Analytical table view with bulk editing options.
  • Risk analysis and assessment using a risk matrix.
  • All the basic reporting templates you need.
Contact for a quote

Compliance Aspekte is trusted by

Jobnet logo
Logo-gehrke-maas
logo-data-systems
I doit logo
Wibocon logo
carmao logo

Testimonials

We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process. Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with such compliance aspects and rules before. So we decided to get third-party assistance and signed up with Compliance Aspekte. Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.

Thorsten R.
Dipl.-Kfm.

One of the features we like best about Compliance Aspekte is its streamlined compliance process. At every stage during the security management lifecycle process, recurring tasks like scoping, structural analysis, modeling, and even tracking risks and controls are supported by a variety of features, e.g. mapping controls with multiple requirements, assigning individual assets to different scopes as well as expanding requirement and control catalogs. Having Helga, the compliance assistance bot, is also a very special plus as she can explain terms and provides guidance through the application. We really love and live Compliance Aspekte!

Florian Süß
Senior Information Security Consultant at DATA SYSTEMS GmbH

Compliance Aspekte is very user-friendly and customization is easy. We can conduct ISO compliance, and data protection…we can make anything we want in one tool. And this is the only tool with which it is possible. It helps us to keep the data consistent and simplify audits. The Compliance Aspekte tool is better than the existing competitors on the market and at the same time cheaper.

Sascha Koras
Governance, Risk & Compliance Officer

Try Compliance Aspekte for free

Book a 1-2-1 live demo and obtain a 3-months non-binding trial

    What Standards are you interested in?

    I have read the privacy policy and agree.


    Join our newsletter

      FAQ

      Compliance chat bot

      BSI IT Grundschutz is a collection of standards and catalogs that describe generalized procedures for protecting information technology. The aim of the IT-Grundschutz is to describe the minimum requirements for the normal protection needs of IT applications and IT systems.

      Modules are the elementary components of the Grundschutz methodology. They contain the essential requirements and recommendations for securing individual or complex systems and processes and are published in the BSI Grundschutz Compendium.

      BSI IT Grundschutz and ISO 27001 are similar in approach. Both standards can be used to determine IT risks and reduce them to an acceptable level using suitable measures. ISO 27001 is more focused on managing information security, whereas the BSI basic protection catalogs describe detailed procedures for minimizing risks.

      No, the implementation of the IT-Grundschutz measures is not obligatory. The standard has a recommendatory nature.

      The BSI offers standardized processes and recommends measures to enable companies to meet the challenges of digitization and avoid cybercrimes confidently.

      To do this, you can:

      • Get the Compliance Aspekte IT-Grundschutz kit, which you can use to configure the system yourself.
      • Contact us for a free consultation. Our experts will support you at every stage of implementing the tool in your organization.

      Compliance chat bot
      Professional

      Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.