Microsoft and IT-Grundschutz Compliance workbook
To help our clients achieve their IT-Grundschutz certification, Microsoft Germany has published the IT-Grundschutz Compliance workbook for solutions and workloads deployed on Azure Germany. Developed by HiSolutions AG, an independent consulting and auditing firm in Germany, the workbook is based on the most recent version of the IT-Grundschutz Catalogues v.15 (2015), which includes modules covering internet and cloud usage, such as M 1.17 Cloud Usage.
This workbook can help Microsoft Cloud Germany customers implement the IT-Grundschutz methodology within the scope of their existing or planned ISO 27001 certification. It describes how to apply the IT-Grundschutz methodology to applications in the cloud and outlines how to implement all audit-relevant safeguards from the IT-Grundschutz module, M 1.17 Cloud Usage.
Microsoft in-scope cloud services
- Azure Germany detailed list
Audit reports and certificates
IT-Grundschutz Compliance workbook overview
To help organizations identify and implement measures to help secure IT systems, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created a baseline set of standards for protecting information technology (in German, IT-Grundschutz). These BSI standards consist of:
- An information security management system (ISMS) based on ISO/IEC 27001 standards (BSI-Standard 100-1)
- The IT-Grundschutz methodology, which describes how to set up and operate an ISMS (BSI Standard 100-2)
- A risk analysis method (BSI Standard 100-3)
- The IT-Grundschutz Catalogues, a standard set of potential threats and safeguards against them for typical business environments
Frequently asked questions
Yes. The purpose of the workbook is to help Microsoft Cloud Germany customers use Microsoft Cloud Germany services to implement the IT-Grundschutz methodology within the scope of their existing or planned ISO 27001 certification based on IT-Grundschutz.
The Cloud Computing Compliance Controls Catalog (C5) is an audited standard from BSI that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. The IT-Grundschutz Catalogues supplies the specific methodology to help organizations identify and implement security measures for IT systems and is one of the elements upon which the C5 standards are built.
Microsoft Cloud Germany is physically based in Germany and adheres to the requirement of German privacy law, which strictly limits the transfer of personal data to other countries, including protection against access by authorities from other jurisdictions who could violate domestic laws. It offers Azure Germany, our public cloud computing platform, and all its services.