Why should you implement an ISMS according to IT-Grundschutz?

Clients, especially public authorities, often require their contractors to have an information security management system (ISMS) certified according to ISO 27001, based on IT-Grundschutz. In addition, the new rules of the General Data Protection Regulation require a functioning ISMS (Art. 32 EU-DSGVO). Since IT-Grundschutz is a standard for information security management systems developed by the BSI, these requirements are quite understandable. The goal of IT-Grundschutz is to secure information by identifying security measures.

The BSI-standards 200-1, 200-2 as well as 200-3 are considered the framework for setting up and operating an information security management system in accordance with IT-Grundschutz. Apart from the added value in terms of IT security or information security in the company, the operation of an ISMS also serves to improve the company's image and as an advantage over the competition.

How can abat support you during the implementation? 

First, we determine your information network on the basis of a structural analysis, then we carry out a protection requirements assessment and a modeling or assignment to the IT-Grundschutz building blocks. The required IT baseline protection check is performed for the target/actual comparison. If you have an increased need for protection, we conduct a risk analysis together with you. From the results, we create a list of measures. We are also happy to support you in implementing the necessary measures.

Why do you need an information security officer?

Setting up an ISMS is not a one-time thing; after all, the system is operated as a process over an improvement cycle. This task is the responsibility of the information security officer. In general, our consulting on the introduction of an ISMS in accordance with IT-Grundschutz concludes with you being able to use your ISMS independently. If you are unable to handle the workload involved in operating an ISMS, you can also engage us as an external information security officer.

Why should you choose abat?

To ensure that information security can be driven forward in your company and that you are well equipped for certification and auditing processes, offers you consulting services in this area. Our consultants have completed training as BSI IT-Grundschutz practitioners. Years of experience and regular training in this area ensure that we follow the current standards. Our goal is to alert you to dangers in IT or to optimally prepare you for an audit.

TISAX® is a registered trademark of the ENX Association. The mention of the TISAX® trademark does not imply any statement by the trademark owner regarding the suitability of the services advertised here. The exclusive responsibility for the content of the website and the services presented here lies with abat.

Our customers in the area protect


ISMS Consultant

For me, abat is: fun, exciting projects - great customers and colleagues packed into a respectful and trusting atmosphere with plenty of room for continuous development!


ISMS Senior Consultant

At abat, I have the freedom to shape my work as I see fit.


ISMS Senior Consultant

For me, abat is synonymous with limitless opportunities and a sustainable corporate culture


ISMS Senior Consultant

I have never worked in such a self-determined and self-reliant way as in this team. Love it.

Our memberships

abat is a member of

Our experts are committed to

Quick Link

You might also be interested in

Information material

on the topic Information security

download PDF now 

Contact our abat protect expert

Free initial consultation to analyze your needs

In the first meeting, you define your initial situation with us, and we clarify initial questions.

This appointment is free of charge and without obligation for you.