IT-Grundschutz Compliance workbook

IT-Grundschutz Compliance workbook overview

To help organizations identify and implement measures to help secure IT systems, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created a baseline set of standards for protecting information technology (in German, IT-Grundschutz). These BSI standards consist of:

  • An information security management system (ISMS) based on ISO/IEC 27001 standards (BSI-Standard 100-1)
  • The IT-Grundschutz methodology, which describes how to set up and operate an ISMS (BSI Standard 100-2)
  • A risk analysis method (BSI Standard 100-3)
  • The IT-Grundschutz Catalogues, a standard set of potential threats and safeguards against them for typical business environments

Microsoft and IT-Grundschutz Compliance workbook

To help our clients achieve their IT-Grundschutz certification, Microsoft Germany has published the IT-Grundschutz Compliance workbook for solutions and workloads deployed on Azure Germany. Developed by HiSolutions AG, an independent consulting, and auditing firm in Germany, the workbook is based on the most recent version of the IT-Grundschutz Catalogues v.15 (2015), which includes modules covering internet and cloud usage, such as M 1.17 Cloud Usage.

This workbook can help Microsoft Cloud Germany customers implement the IT-Grundschutz methodology within the scope of their existing or planned ISO 27001 certification. It describes how to apply the IT-Grundschutz methodology to applications in the cloud and outlines how to implement all audit-relevant safeguards from the IT-Grundschutz module, M 1.17 Cloud Usage.

Audits, reports, and certificates

Microsoft IT-Grundschutz Compliance workbook

Microsoft in-scope cloud services

Frequently asked questions

Can I use the Microsoft IT-Grundschutz Compliance workbook to help my organization comply with IT-Grundschutz?

Yes. The purpose of the workbook is to help Microsoft Cloud Germany customers use Microsoft Cloud Germany services to implement the IT-Grundschutz methodology within the scope of their existing or planned ISO 27001 certification based on IT-Grundschutz.

What’s the difference between IT-Grundschutz Catalogues and C5?

The Cloud Computing Compliance Controls Catalog (C5) is an audited standard from BSI that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. The IT-Grundschutz Catalogues supplies the specific methodology to help organizations identify and implement security measures for IT systems and is one of the elements upon which the C5 standards are built.

What is Microsoft Cloud Germany?

Microsoft Cloud Germany is physically based in Germany and adheres to the requirement of German privacy law, which strictly limits the transfer of personal data to other countries, including protection against access by authorities from other jurisdictions who could violate domestic laws. It offers Azure Germany, our public cloud computing platform, and all its services.


Download the offering backgrounder

Do you need the backgrounder document for this offering? Download the PDF.