Germany's federal IT baseline protection methodology — the standard for federal administration and KRITIS operators.
Federal administration, KRITIS operators, and any organisation seeking BSI certification.
Continuous evidence pipeline available; audit support included for all customers.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Structure analysis and protection-needs determination.
Modelling against the IT-Grundschutz Kompendium (~100 modules).
Basic and standard security checks; risk analysis where elevated protection needed.
ISO 27001 on the basis of IT-Grundschutz certification path.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
Mapping of Kompendium modules to live telemetry where automatable.
Bridge to ISO 27001 audit for entities pursuing the dual certification.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
Strukturanalyse + Schutzbedarfsfeststellung documents.
Modellierung audit pack.
These frameworks share substantial control overlap with IT-Grundschutz. Customers running one assessment typically satisfy the others with the same evidence base.
Cross-jurisdictional
The global Information Security Management System standard, updated in 2022 with 93 Annex A controls in four themes.
European Union
France's qualification for sovereign cloud providers handling sensitive public-sector or OIV workloads.
European Union
Spain's national security scheme for public administrations and the suppliers that serve them.
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.