Profile for Universities

COVID-19 outbreak forced universities to significantly incorporate digitalization in their daily operations, which consequently has increased the risks of losing sensitive data. Universities in Germany are state institutions, so it is mandatory for them to maintain the information security management system (ISMS). Information security and data protection officers from over 30 educational institutions in Germany had been working on the revision and issued it as a dedicated IT-Grundschutz profile for universities. 

Challenges of Establishing an ISMS

Having dozens of departments, a lot of sensitive information, universities may not even know where to start from. Here is why the implementation of the information security and data protection requirements can be discouraging. Among the major issues educational institutions face while building ISMS and DPMS are the following: 

  • Distributed organizational structures
  • Unclear responsibilities
  • Lack of accuracy of ISMS implementation  
  • Incomplete documentation
  • Using outdated tools, e.g., Excel, instead of ISMS solutions 

IT-Grundschutz Profile Overview

IT-Grundschutz Profile is the modification of the information security standard that includes recommended security measures. Organizations can further develop their own university-specific security concept, and build ISMS based on the standard protection level.

Structure of the Profile

IT-Grundschutz profile for universities consists of 83 modules (out of 94), among which: 

  • 31 Process modules, higher-level modules as an overview assigned to the entire information network
  • 52 system modules, assigned to the target objects in process maps.

How to Implement IT-Grundschutz Profile with the ISMS Management Software

Infopulse SCM enables working with ISMS and DPMS simultanuously in one place and offers clear and simple modeling of the concepts. 

  • Implementation of the process map (applications and IT and Building Infrastructure) with clear assignment of building blocks of the IT-Grundschutz Compendium for universities. 
  • Basic- , standard-, core protection levels of protection.
  • Determination of protection requirements.
  • Individual risk assessment in case of high protection needs.

The system offers implementation recommendations for the application of the individual building blocks in the university, such as the implementation notes of IT-Grundschutz or custom implementation recommendations, e.g.,  for those of representatives of the member institutions in the working group Information Security of the ZKI)

Request a trial

Kickstart your compliance with Infopulse SCM Kit for universities

Get a simple, clear and ready-to-go solution to quickly and consistently set up and maintain ISMS and Data Protection Management across your university without spending extra time and effort.