Practical BSI IT-Grundschutz preparation for SMEs that need to demonstrate a recognized German security baseline — for public-sector contracts, larger customer due diligence, or general defensibility. We do the scoping, mapping and documentation work, not the formal certification itself.
Practical BSI IT-Grundschutz preparation for SMEs that need to demonstrate a recognized German security baseline — scoping, mapping and documentation work.
明確なマイルストーンを伴う透明な協働モデル。
Decide which Grundschutz profile (Basis or Standard), which information domain is in scope, which building blocks apply.
Map current technical, organisational and procedural controls against Grundschutz building blocks. Written gap report with prioritised remediation.
Implement missing controls over 6–12 months; produce the documentation needed for self-assessment or external audit.
現実的で誠実な期待値 — 過剰な約束はしません。
A defensible posture against a German national standard.
Evidence pack structured for review.
Basis profile for SMEs; Standard for higher maturity.
The work produces operational hygiene, not paperwork.
専門ページがエコシステムを強化し、適切なサービスへご案内します。
Graham Mirandaのサービスを比較する方への簡潔な回答です。
No — formal certification requires an accredited auditor. We do the preparation work; we coordinate with auditors when certification is the goal.
For most SMEs that need to demonstrate a serious baseline for public-sector tenders or larger-customer due diligence, Basis is typically appropriate. Standard for higher requirements.
Grundschutz building blocks largely map to ISO 27001 controls. Some SMEs prepare both. We coordinate scope to avoid duplication.
We work to the current edition. Updates to building blocks tracked as part of the engagement.
Basis: typically 6–9 months for SMEs starting from a baseline. Standard: 9–18 months.
Yes — annual review and maintenance is a common follow-on engagement.
Practical BSI IT-Grundschutz preparation for SMEs that need to demonstrate a recognized German security baseline — scoping, mapping and documentation work.
