Effortless Implementation
of the B3S Healthcare Standard with Compliance Aspekte

Compliance Aspekte supports the integration of the standard into existing structures of the security landscape and your ISMS based on IT-Grundschutz or ISO 27001 standard.   

Request Live Demo
B3S Implementation

Tool Trused by

Jobnet logo
I doit logo
Wibocon logo
carmao logo

What is B3S and How We Can Help?

B3S is an industry-specific standard in the healthcare industry that provides clear requirements and measures for operators of critical infrastructures such as hospitals to implement an information security management system. The German Hospital Association has created the standard to improve information technology security in the industry.

Compliance Aspekte is a comprehensive solution that supports B3S implementation and helps companies in the healthcare sector implement an ISMS. With Compliance Aspekte, you can efficiently apply the standard across your entire organization.

Was sind B3S

B3S Compliance Made Easy with Compliance Aspekte

Compliance Aspekte is a guided solution that supports all the necessary steps to integrate B3S requirements in hospitals
Tool listed among BSI Alternative IT-Grundschutz-Tools
Ability to identify risks and threats to the critical business processes and assets
Documenting and reporting the results of B3S certification
The solution automates your compliance routine from notifications and tracking changes in concepts to generating reports
The system allows automatic migration to the BSI Compendium 2022
Planning of preventive and corrective measures within the Compliance Aspekte system
Multi-standard tool that serves to implement both ISMS and DPMS
Professional support from Compliance Aspekte compliance experts and integrated Helga the chatbot
Modern and intuitive design
Easy data export/import from and to Excel files


We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process. Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with such compliance aspects and rules before. So we decided to get third-party assistance and signed up with Compliance Aspekte. Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.

Thorsten R.

The three-day workshop from expertree consulting GmbH helped us establish more detailed steps for implementing our information security and data protection management system in our company. During the workshop, we were able to directly model our individual company processes, the unique requirements, and the current status in the holistic GRC solution, the Compliance Aspekte. The additional possibility of completing the seminar with a certification as a “BSI practitioner” from the Federal Office for Information Security gives us the secure feeling that we are well prepared for the future and found a suitable solution with Compliance Aspekte.

Vladyslav Prykhodko
Data Protection Officer, Jobnet AG

Constantly evolving regulations such as BSI IT-Grundschutz and GDPR are a must for us as a healthcare organization. As critical infrastructure providers, we need reliable and customizable compliance software. It was easy to adapt Compliance Aspekte to our processes. We can assess our clinic’s areas and processes in terms of security and data privacy. Besides, it enabled us to maintain a complete compliance record for the BSI IT-Grundschutz and GDPR (DSGVO) audit.

Dr. Eckehardt S.
Deputy Director

Quick glance
at the Compliance Aspekte system

B3S certificationB3S tool
  • Each B3S requirement has a detailed description.

To make the assessment easier and more transparent, the requirements are displayed in detail and can be assessed separately. This greatly simplifies the decision-making process regarding the compliance state.

Each company has to analyze requirements and identify the necessary controls. Some controls will already be fully in place, some might need reviews and extensions.

SCM is the perfect place to manage requirements, and their controls, track those and plan necessary steps via tasks.

We provide consulting and advice on the integration of the B3S standard into your ISMS.

  • Industry-specific threats

The B3S standard contains the list of industry-specific threats. In addition, threats from other catalogs (e.g. IT-Grundschutz threat catalog) can be added to the risk analysis.

Compliance Aspekte allows users to perform holistic analysis and reporting of all the relevant standards and policies in one view. It might be needed as the requirements according to § 8a paragraph 1 BSIG can also be met in other ways than those described in the B3S standard.

  • Easy start of the B3S integration

Compliance Aspekte provides a sample of the modeling specifically for the hospitals. This sample contains the asset structure & linking of the modules with the requirements, as well as threats. We provide the tool-based documentation kit to compliance according to the B3S standard.

Furthermore, we provide consulting and advice on the integration of the B3S standard into your ISMS.

  • Task Management

Task Management module of the Compliance Aspekte tool allows efficient management of all the tasks for 

the requirements implementation as well as controls execution. It transparently prioritizes the list of work to be done.

Reporting to auditors or management contains all the needed information. Dashboards that are tailored to the specific project, scope, or process are used for an overview, decision-making, and planning purposes, and clearly show the status of information security in your organization in tables and graphical views.

Process of B3S Implementation with Compliance Aspekte

Structural Analysis
Modeling and Compliance Check
Risk Analysis

To ensure an efficient compliance process, Compliance Aspekte provides users with the following features: 

  • Modelling of the security concept by selecting necessary business processes, applications, and IT systems
  • Grouping of assets in a hierarchical structure and their transparent visualization
  • Defining protection needs and automatic inheritance of requirements
  • Defining protection goals
  • Custom fields for adjusting to the depth of data of assets
  • Representation of assets in both tree and table view, including options to edit, bulk-edit, arrange, group, sort, filter, and export data to Excel or CSV format
  • Standard report creation with the asset name, type, subtypes, description, and links

The users define the security requirements and fully model their concept as well as prepare the details for the test plan and carry out the compliance test.


Compliance Aspekte offers: 

  • Automatic assignment of modules, requirements, and measures
  • Monitoring of the implementation status of defined measures, requirements, and the general compliance status of assets
  • Bulk editing of data, e.g., changing the realization status of requirements and measures for multiple assets
  • Assignment of responsible managers for task fulfillment and control
  • Data visualization in table view with different perspectives
  • Standard and custom reports

Compliance Aspekte has an in-built qualitative risk management workflow based on BSI IT-Grundschutz that comprehensively covers all stages of an organization’s risk management. 


Compliance Aspekte includes: 

  • Qualitative risk analysis based on IT-Grundschutz, which allows the user to quickly determine which risks an organization should focus on
  • Automated risk analysis of assets that have high and very high protection requirements
  • Standard catalog of threats with included 47 elementary risks and the possibility to create user-defined ones
  • Flexible risk matrix represented in 4×4 or 5×5 format
  • Various dashboards to visualize risk profiles
  • Risk analysis reports

Test for Free

Book a live-demo and get a free 3-month non-binding trial of Compliance Aspekte

    What Standards are you interested in?

    I have read the privacy policy and agree.


    Compliance AI bot

    It is an industry-specific standard for critical industries, also known as KRITIS sectors in Germany. It was created by industry associations for CI’s and approved by the BSI. The B3S standard represents the essential requirements for an ISMS and industry-specific security measures for IT systems.

    The B3S standard for the healthcare sector focuses on

    – Development and implementation of an Information Security Management System (ISMS)
    – Development and implementation of a Data Protection Management System (DPMS)
    – Development of a Risk Management System

    Not long ago, implementing the B3S standard was not obligatory in hospitals covered by KRITIS. However, with the high risks of damage that cyber threats can cause the critical healthcare infrastructure, starting from January 1, 2022, all hospitals in Germany have been legally obliged to implement the industry-specific security standard approved by the BSI IT-Grundschutz.

    Thus, it has been compulsory for all hospitals to take state-of-the-art organizational and technical precautions to avoid disruptions to data availability, integrity, and confidentiality.

    Compliance Aspekte is a comprehensive GRC solution with everything you need in one platform for successful compliance:

    – Information security management
    – Data protection management
    – Risk management

    The solution helps you to easily comply with B3S as well as with other standards.

    Compliance Aspekte is not limited to B3S only. It supports GDPR, TISAX, ASPICE, ISO 9001, ISO 1400, ISO 22301, ISO 27001, ISO 27019, ISO 31000, BSI IT Grundschutz, and other standards on our customers’ demand.

    Compliance AI bot