IT-Grundschutz Compliance workbook

Azure Germany published this workbook to help our clients achieve IT-Grundschutz certification.

Microsoft and IT-Grundschutz Compliance workbook

To help our clients achieve their IT-Grundschutz certification, Microsoft Germany has published the IT-Grundschutz Compliance workbook for solutions and workloads deployed on Azure Germany. Developed by HiSolutions AG, an independent consulting and auditing firm in Germany, the workbook is based on the most recent version of the IT-Grundschutz Catalogues v.15 (2015), which includes modules covering internet and cloud usage, such as M 1.17 Cloud Usage.

This workbook can help Microsoft Cloud Germany customers implement the IT-Grundschutz methodology within the scope of their existing or planned ISO 27001 certification. It describes how to apply the IT-Grundschutz methodology to applications in the cloud and outlines how to implement all audit-relevant safeguards from the IT-Grundschutz module, M 1.17 Cloud Usage.

Microsoft in-scope cloud services

Audit reports and certificates

IT-Grundschutz Compliance workbook overview

To help organizations identify and implement measures to help secure IT systems, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created a baseline set of standards for protecting information technology (in German, IT-Grundschutz). These BSI standards consist of:

  • An information security management system (ISMS) based on ISO/IEC 27001 standards (BSI-Standard 100-1)
  • The IT-Grundschutz methodology, which describes how to set up and operate an ISMS (BSI Standard 100-2)
  • A risk analysis method (BSI Standard 100-3)
  • The IT-Grundschutz Catalogues, a standard set of potential threats and safeguards against them for typical business environments
one person sitting at conference table in active discussion with two others
one person sitting at conference table in active discussion with two others

Manage your compliance from one place

Perform ongoing risk assessment, get actionable insights, and simplify your compliance process when using Microsoft cloud services with Compliance Manager.

Try Compliance Manager nowRead the Security, Privacy, and Compliance blog

Frequently asked questions

Expand all

Yes. The purpose of the workbook is to help Microsoft Cloud Germany customers use Microsoft Cloud Germany services to implement the IT-Grundschutz methodology within the scope of their existing or planned ISO 27001 certification based on IT-Grundschutz.

The Cloud Computing Compliance Controls Catalog (C5) is an audited standard from BSI that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. The IT-Grundschutz Catalogues supplies the specific methodology to help organizations identify and implement security measures for IT systems and is one of the elements upon which the C5 standards are built.

Microsoft Cloud Germany is physically based in Germany and adheres to the requirement of German privacy law, which strictly limits the transfer of personal data to other countries, including protection against access by authorities from other jurisdictions who could violate domestic laws. It offers Azure Germany, our public cloud computing platform, and all its services.

Sign up for a free Azure account and get just what you need