Compliance Aspekte: Practical tool for BSI IT-Grundschutz
IT-Grundschutz Kit for
How Compliance Aspekte Simplifies BSI-IT-Grundschutz Compliance
Compliance Aspekte IT-Grundschutz Kits
Compliance Aspekte Kit is a quickstart solution that provides with all the ready-to-go structure, necessary tools, documentation, and guidelines needed to implement an ISMS yourself and meet IT-Grundschutz compliance.
- ✓ ISMS Concept model: preset typical infrastructure of a company – choose only relevant assets without creating them from scratch.
- ✓ Automatic assignment of requirements according to IT-Grundschutz
- ✓ Predefined levels of protection that you can choose and easily switch between them (Basic, Standard, Core).
- ✓ Automatic calculation of the conformity status
- ✓ Analytical table view with bulk editing options
- ✓ Risk analysis and assessment using a risk matrix
- ✓ All the basic reporting templates you need
- ✓ Offered on-premise and software-as-a-service (SAAS).
We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process.
Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with this before. So we decided to get third-party assistance and signed up with Compliance Aspekte.
Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.
Compliance Aspekte is very user-friendly and customization is easy. We can conduct ISO compliance, and data protection...we can make anything we want in one tool. And this is the only tool with which it is possible. It helps us to keep the data consistent and simplify audits. The Compliance Aspekte tool is better than the existing competitors on the market and at the same time cheaper.
Constantly evolving regulations such as BSI IT-Grundschutz and GDPR are a must for us as a healthcare organization.
As critical infrastructure providers, we need reliable and customizable compliance software. It was easy to adapt the Compliance Aspekte Tool to our processes. We can assess our clinic’s areas and processes in terms of security and data privacy. Besides, it enabled us to maintain a complete compliance record for the BSI IT-Grundschutz and GDPR (DSGVO) audit.
How to implement IT-Grundschutz-Tool with Compliance AspekteBook a demo
In this phase, Compliance Aspekte supports the user with the following functionalities:
In this phase you can define the security requirements and fully model your concept. Here you prepare the details for the test plan and carry out the IT baseline protection check (compliance test).
Compliance Aspekte ISMS software fully covers:
- Creation of structural analysis including the business processes, buildings, applications, and IT systems, via an inventory check of your assets/values;
- Order and grouping in a hierarchical asset structure and visualization of the linking by assigning types;
- Determination of protection needs and automatic inheritance of requirements (maximum principle, including cumulation and distribution effects);
- Definition of additional user-defined protection goals, besides integrity, availability, and confidentiality, e.g. B. Industry or company-specific goals;
- Adjustments to the depth of information (attributes) of your assets using custom fields;
- Presentation of assets in table view including the ability to edit data (bulk-edit), arrange, group, sort, filter, and export to Excel or CSV format.
- Standard A1 report with information on Аsset name, type, subtype/s, description, and links;
- Standard A2 with information on assets protection needs
- Automatic assignment of IT-Grundschutz modules, recommended requirements, and safeguards;
- Monitoring of the implementation status of defined measures, requirements, and overall compliance status of assets;
- Bulk processing of data (bulk edit), e.g. changing the realization status of requirements and measures for several assets;
- Assignment of persons and persons responsible for task fulfillment and control;
- Data visualization in table view with different perspectives (e.g. grouping by IT systems with unimplemented data backup requirements).
- IT baseline protection profile for universities
- Standard reports A.4 Result of basic Compliance Check and A.6 Implementation plan
- Qualitative risk analysis according to IT-Grundschutz 200-3, which is a simpler methodology compared to conventional risk analysis methods;
- Automated risk analysis for assets with high and very high protection requirements;
- Available risk catalog based on the BSI G0 list with 47 elementary threats and the possibility to create user-defined threats;
- Risk matrix (4×4 or 5×5 dimension) to show the frequency of occurrence, damage effects, and risks;
- Allocation of additional measures to the hazards and their monitoring as well as the associated requirements.
- Standard A5 Report with information on risk analysis
What’s new in the BSI
IT-Grundschutz Compendium 2022
- OPS.1.1.7 System management
- OPS.1.2.6 NTP time synchronization
- APP.4.4 Kubernetes
- SYS.1.6 Containerization
- IND.3.2 Remote maintenance in the industrial environment
- INF.13 Technical building management
- INF.14 building automation
- CON.3 data backup concept
- CON.8 software development
- CON.10 Web Application Development
- OPS.1.1.5 Logging
- OPS.1.1.6 Software Tests and Releases
- OPS.1.2.5 Remote maintenance
- APP.3.1 Web Applications and Web Services
- APP.4.3 Relational databases
- APP.6 General software
- SYS.1.1 Generic Server
- SYS.1.5 Virtualization
- SYS.1.7 IBM Z
- SYS.2.1 Generic Client
- SYS.2.2.3 Clients on Windows 10
Try for free
Book a demo and get a test account for 3 months to find out how the solution can optimize and streamline your compliance management.
The BSI offers standardized processes and recommends measures to enable companies to confidently meet the challenges of digitization and avoid cybercrimes.
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.