Practical BSI IT-Grundschutz preparation for SMEs that need to demonstrate a recognized German security baseline — for public-sector contracts, larger customer due diligence, or general defensibility. We do the scoping, mapping and documentation work, not the formal certification itself.
Practical BSI IT-Grundschutz preparation for SMEs that need to demonstrate a recognized German security baseline — scoping, mapping and documentation work.
透明的合作模式,里程碑清晰。
Decide which Grundschutz profile (Basis or Standard), which information domain is in scope, which building blocks apply.
Map current technical, organisational and procedural controls against Grundschutz building blocks. Written gap report with prioritised remediation.
Implement missing controls over 6–12 months; produce the documentation needed for self-assessment or external audit.
务实、诚实的预期 — 无夸大承诺。
A defensible posture against a German national standard.
Evidence pack structured for review.
Basis profile for SMEs; Standard for higher maturity.
The work produces operational hygiene, not paperwork.
专项页面强化生态系统,并将访客引导至合适的服务。
为比较 Graham Miranda 服务的访客提供简明回答。
No — formal certification requires an accredited auditor. We do the preparation work; we coordinate with auditors when certification is the goal.
For most SMEs that need to demonstrate a serious baseline for public-sector tenders or larger-customer due diligence, Basis is typically appropriate. Standard for higher requirements.
Grundschutz building blocks largely map to ISO 27001 controls. Some SMEs prepare both. We coordinate scope to avoid duplication.
We work to the current edition. Updates to building blocks tracked as part of the engagement.
Basis: typically 6–9 months for SMEs starting from a baseline. Standard: 9–18 months.
Yes — annual review and maintenance is a common follow-on engagement.
Practical BSI IT-Grundschutz preparation for SMEs that need to demonstrate a recognized German security baseline — scoping, mapping and documentation work.
