[av_section color=’main_color’ custom_bg=” src=’https://www.activemind.de/wp-content/uploads/activeMind-titel02web.jpg’ attachment=’8325′ attachment_size=’full’ attach=’parallax’ position=’top center’ repeat=’stretch’ video=” video_ratio=’16:9′ min_height=’custom’ min_height_px=’320px’ padding=’default’ shadow=’no-shadow’ bottom_border=’no-border-styling’ id=”]
[av_heading heading=’Comparison of ISO 27001 vs. BSI baseline protection‘ tag=’h1′ style=’blockquote modern-quote’ size=” subheading_active=” subheading_size=’18’ padding=’0′ color=’custom-color-heading’ custom_font=’#ffffff’][/av_heading]

[av_three_fifth first]

[av_textblock size=” font_color=” color=”]
Both the international standard ISO 27001 or IES 27001 and ISO 27001 based on IT baseline protection (BSI Grundschutz) permit the assessment and (if applicable) certification of an information security management system. The contents of data security standards overlap a lot, yet they differ in the methodology.

Comparison of ISO/IEC 27001 (native) and ISO 27001 based on IT baseline protection

Companies are expected to have respectively planned, documented and functioning processes, which allow information security to be established, controlled and continually improved. If the conditions are met and confirmed after the inspection by an auditor vis-à-vis the certification authority, an official certificate can be issued. These certificates are generally valid for three years before they must be renewed. During the period of validity, annual monitoring audits occur.

Different ways to the IT security standard

ISO 27001

The ISO 27001 is focused on the information security process itself. The relevant regulations are rather short, comprising not even 100 pages of text. It is crucial to find and implement suitable procedures and measures in order to reduce the identified and analysed risks to an acceptable level. The standard specifies 133 measures, which however are kept quite general. Thus, the approach provides greater leeway in achieving a protection level adequate for one’s own actual needs. However, what is required is working out in detail the highly abstract provisions of the standard and filling them with adequate content. The comprehensive analysis of the risks and dealing with them is crucial. The effort and resources required for this are considerable.

BSI baseline protection

Of course, ISO 27001 based on BSI baseline protection [IT-Grundschutz], licensed by the German Federal Office for Information Security [Bundesamt für Sicherheit in der Informationstechnik – BSI] also considers information security processes, however, in the baseline protection catalogue [Grundschutzkatalog] that is multiple thousands of pages long, typical dangers are already evaluated and multiple concrete measures have been recommended in order to adequately counteract them, as long as ‘normal’ protection need is not exceeded. A separate analysis of dangers and risks and the consideration of additional or other protective measures will be expected solely in areas where a greater protection need exists.

There is savings potential in the specification of previously defined measures, yet the obligation of an extensive risk analysis and the development of one’s own measures is omitted. Errors in the implementation are avoided via the schematization of the approach. However, objective comparability of the actual level of security achieved is attained.

Overview of differences: ISO 27001 vs. BSI baseline protection


[av_table purpose=’pricing’ caption=” responsive_styling=’avia_responsive_table’]
[av_row row_style=’avia-heading-row’][av_cell col_style=”]ISO/IEC 27001[/av_cell][av_cell col_style=”]ISO 27001 based on IT baseline protection[/av_cell][/av_row]
[av_row row_style=”][av_cell col_style=”]Relevant standards < 100 pages[/av_cell][av_cell col_style=”]Baseline protection catalogue > 4,000 pages[/av_cell][/av_row]
[av_row row_style=”][av_cell col_style=”]Generic approach[/av_cell][av_cell col_style=”]Measure-oriented approach[/av_cell][/av_row]
[av_row row_style=”][av_cell col_style=”]Abstract general conditions[/av_cell][av_cell col_style=”]Concrete standards[/av_cell][/av_row]
[av_row row_style=”][av_cell col_style=”]Complete risk analysis[/av_cell][av_cell col_style=”]Risk analysis only with elevated protection need[/av_cell][/av_row]
[av_row row_style=’avia-button-row’][av_cell col_style=”][av_button label=’Info on the ISO 27001 consultation’ link=’manually,https://www.activemind.de/en/data-security/iso-27001-certification/’ link_target=” size=’medium’ position=’center’ icon_select=’yes’ icon=’ue875′ font=’entypo-fontello’ color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’]

[/av_cell][av_cell col_style=”][av_button label=’Info on the consultation & audit’ link=’manually,https://www.activemind.de/en/data-security/bsi-baseline-protection-certification/’ link_target=” size=’medium’ position=’center’ icon_select=’yes’ icon=’ue875′ font=’entypo-fontello’ color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’]


[av_promobox button=’yes’ label=’Send an inquiry now’ link=’manually,https://www.activemind.de/en/company/contact/’ link_target=” color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’medium’ icon_select=’yes’ icon=’ue875′ font=’entypo-fontello’]
Every company has different needs. We’ll gladly make you a personal offer.

[av_sidebar widget_area=’sidebar-datensicherheit’] [av_sidebar widget_area=’Displayed Everywhere’]