Compliance Aspekte: Practical tool for BSI IT-Grundschutz

Easy and efficient implementation of the BSI standards 200-1, 200-2, 200-3
Book a demo

Official GS
tool alternative

IT-Grundschutz Kit for

Automatic migration
to IT-Grundschutz
Compendium 2023

kritis logo

in Germany

How Compliance Aspekte Simplifies BSI-IT-Grundschutz Compliance

Compliance Aspekte is an automated ISMS tool and fully supports the IT-Grundschutz workflow and requirements for setting up an ISMS
Automatic migrations to new BSI Grundschutz Compendiums in 1 click
Modern and intuitive design
Easy onboarding with compliance bot Helga and free consultations of our experts
Automated compliance routines (receiving notifications, tracking changes in the concepts, generating reports in time)
Don’t 2x the job: a single platform for all compliance standards, ISMS and DSMS within a single system
Easy import of data from any system: GSTOOL, EXCEL, GRC tools, CMDB and asset management software, and other
Framework for covering industry-specific security standards (B3S) as well as IT-Grundschutz profiles
Standard reports generation (A1-A6) according to IT-Grundschutz
Adaptable ISMS frameworks to your organization’s needs
Ready-to-go IT-Grundschutz Kit

Trusted by

Compliance Aspekte IT-Grundschutz Kits

Compliance Aspekte Kit is a quickstart solution that provides with all the ready-to-go structure, necessary tools, documentation, and guidelines needed to implement an ISMS yourself and meet IT-Grundschutz compliance.

  • ✓ ISMS Concept model: preset typical infrastructure of a company – choose only relevant assets without creating them from scratch.
  • ✓ Automatic assignment of requirements according to IT-Grundschutz
  • ✓ Predefined levels of protection that you can choose and easily switch between them (Basic, Standard, Core).
  • ✓ Automatic calculation of the conformity status
  • ✓ Analytical table view with bulk editing options
  • ✓ Risk analysis and assessment using a risk matrix
  • ✓ All the basic reporting templates you need
  • ✓ Offered on-premise and software-as-a-service (SAAS).
Get a kit for €499


We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process.

Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with this before. So we decided to get third-party assistance and signed up with Compliance Aspekte.

Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.

Thorsten R.

Compliance Aspekte is very user-friendly and customization is easy. We can conduct ISO compliance, and data protection...we can make anything we want in one tool. And this is the only tool with which it is possible. It helps us to keep the data consistent and simplify audits. The Compliance Aspekte tool is better than the existing competitors on the market and at the same time cheaper.

Sascha Koras
Governance, Risk & Compliance Officer

Constantly evolving regulations such as BSI IT-Grundschutz and GDPR are a must for us as a healthcare organization.

As critical infrastructure providers, we need reliable and customizable compliance software. It was easy to adapt the Compliance Aspekte Tool to our processes. We can assess our clinic’s areas and processes in terms of security and data privacy. Besides, it enabled us to maintain a complete compliance record for the BSI IT-Grundschutz and GDPR (DSGVO) audit.

Dr. Eckehardt S.
Deputy Director

How to implement IT-Grundschutz-Tool with Compliance Aspekte

Book a demo
Structural analysis

In this phase, Compliance Aspekte supports the user with the following functionalities:

Modeling and compliance check

In this phase you can define the security requirements and fully model your concept. Here you prepare the details for the test plan and carry out the IT baseline protection check (compliance test).

Risk analysis

Compliance Aspekte ISMS software fully covers:




  • Creation of structural analysis including the business processes, buildings, applications, and IT systems, via an inventory check of your assets/values;
  • Order and grouping in a hierarchical asset structure and visualization of the linking by assigning types;
  • Determination of protection needs and automatic inheritance of requirements (maximum principle, including cumulation and distribution effects);
  • Definition of additional user-defined protection goals, besides integrity, availability, and confidentiality, e.g. B. Industry or company-specific goals;
  • Adjustments to the depth of information (attributes) of your assets using custom fields;
  • Presentation of assets in table view including the ability to edit data (bulk-edit), arrange, group, sort, filter, and export to Excel or CSV format.
  • Standard A1 report with information on Аsset name, type, subtype/s, description, and links;
  • Standard A2 with information on assets protection needs
  • Automatic assignment of IT-Grundschutz modules, recommended requirements, and safeguards;
  • Monitoring of the implementation status of defined measures, requirements, and overall compliance status of assets;
  • Bulk processing of data (bulk edit), e.g. changing the realization status of requirements and measures for several assets;
  • Assignment of persons and persons responsible for task fulfillment and control;
  • Data visualization in table view with different perspectives (e.g. grouping by IT systems with unimplemented data backup requirements).
  • IT baseline protection profile for universities
  • Standard reports A.4 Result of basic Compliance Check and A.6 Implementation plan
  • Qualitative risk analysis according to IT-Grundschutz 200-3, which is a simpler methodology compared to conventional risk analysis methods;
  • Automated risk analysis for assets with high and very high protection requirements;
  • Available risk catalog based on the BSI G0 list with 47 elementary threats and the possibility to create user-defined threats;
  • Risk matrix (4×4 or 5×5 dimension) to show the frequency of occurrence, damage effects, and risks;
  • Allocation of additional measures to the hazards and their monitoring as well as the associated requirements.
  • Standard A5 Report with information on risk analysis
IT Protection Approaches
This approach is the primary safeguarding of the business processes. All Assets are available for analysis in the Compliance Check view. Compliance Check is carried out based on the requirements of the Basic Protection level. Risk Analysis cannot be performed.
The approach is used to comprehensively and deeply protect an organization. All Assets are available for analysis in Compliance Check and Risk Analysis views. Compliance Check is carried out based on Requirements of all Protection levels.
The approach serves as an extra entry procedure for protecting the essential business processes and resources of an organization. Only Crown Jewel Assets are available for analysis in Compliance Check and Risk Analysis views. Compliance Check is carried out based on Requirements of all Protection levels.
Book a demo

What’s new in the BSI
IT-Grundschutz Compendium 2022

The 2022 edition of the IT-Grundschutz Compendium contains 104 IT-Grundschutz modules. There are seven new IT-Grundschutz modules and 97 modules from the 2021 edition, 16 building blocks of which have been revised for the 2022 edition.
*1-click migration with the Compliance Aspekte tool
New Building Blocks
  • OPS.1.1.7 System management
  • OPS.1.2.6 NTP time synchronization
  • APP.4.4 Kubernetes
  • SYS.1.6 Containerization
  • IND.3.2 Remote maintenance in the industrial environment
  • INF.13 Technical building management
  • INF.14 building automation
Changes in building blocks
  • CON.3 data backup concept
  • CON.8 software development
  • CON.10 Web Application Development
  • OPS.1.1.5 Logging
  • OPS.1.1.6 Software Tests and Releases
  • OPS.1.2.5 Remote maintenance
  • APP.3.1 Web Applications and Web Services
  • APP.4.3 Relational databases
  • APP.6 General software
  • SYS.1.1 Generic Server
  • SYS.1.5 Virtualization
  • SYS.1.7 IBM Z
  • SYS.2.1 Generic Client
  • SYS.2.2.3 Clients on Windows 10

Our BSI IT-Grundschutz Services

Try for free

Book a demo and get a test account for 3 months to find out how the solution can optimize and streamline your compliance management.

    What Standards are you interested in?

    I have read the privacy policy and agree.

    Sign up for our newsletter


      Compliance chat bot
      BSI IT Grundschutz is a collection of standards and catalogs that describe generalized procedures for protecting information technology. The aim of the IT-Grundschutz is to describe the minimum requirements for the normal protection needs of IT applications and IT systems.
      Modules are the elementary components of the Grundschutz methodology. They contain the most important requirements and recommendations for securing individual or complex systems and processes and are published in the IT - Grundschutz -Kompendium.
      BSI IT Grundschutz and ISO 27001 are similar in approach. Both standards can be used to determine IT risks and reduce them to an acceptable level using suitable measures. ISO 27001 is more focused on the management of information security, whereas detailed procedures for minimizing risks are described in the BSI basic protection catalogues.
      No, the implementation of the IT-Grundschutz measures is not obligatory. The standard has a recommendatory nature.

      The BSI offers standardized processes and recommends measures to enable companies to confidently meet the challenges of digitization and avoid cybercrimes.
      Compliance chat bot