Why BSI IT-Grundschutz?
BSI IT-Grundschutz is the recognized German standard for information security – developed by the German Federal Office for Information Security (BSI) and aligned with ISO/IEC 27001. It focuses on holistic IT security – structured, modular, and proven in practice.
Our Mission: Your ISMS – With You, For You
CS VISOR supports companies of all sizes in building and operating a customized Information Security Management System (ISMS) based on BSI IT-Grundschutz.
Our approach: collaborative, practical, efficient.
Our Services at a Glance
Initial Analysis & GAP Assessment
We analyze your current security posture in comparison with the requirements of the BSI IT-Grundschutz Compendium (basic, standard, and core protection).
Building an ISMS Based on BSI Standards
From IT structure analysis to risk management – we guide you step by step through implementation according to BSI Standard 200-2.
Training and Awareness
Certified training for BSI IT-Grundschutz Practitioners and Consultants through our CS VISOR Academy.
Preparation for ISO 27001 Based on BSI IT-Grundschutz
We guide you on the path to successful ISO certification using the “alternative approach” with BSI-Grundschutz integration.
Support for Audits and Recertifications
With experience from numerous projects and a structured methodology, we prepare you optimally for internal and external audits.
Book Your Free Initial Consultation Now!
Use our contact form or book a consultation directly with our experts. Together, we'll take your information security to the next level.
Why Work with CS VISOR?
Certified BSI Consultants & ISO 27001 Auditors
Modular approach for SMEs and critical infrastructure (KRITIS)
Integration with regulatory requirements like IT-SiG 2.0, NIS2, DORA, KRITIS-DachG
Consulting and implementation from a single source
Strong synergy between training (academy) and consulting
From Current State to Certification – Systematically
We view information security as a continuous improvement process. Our pragmatic 3P approach – Product. Process. People. – ensures that technical, organizational, and human factors are considered holistically.
ISO/IEC 27001 GAP Analysis Checklist
Assess the Maturity of Your Information Security Management System (ISMS)
Context of the Organization
Have internal and external issues relevant to information security been identified?
Have interested parties (stakeholders) and their requirements been analyzed?
Is the scope of the ISMS documented and defined?
Leadership
Is top management actively supporting the ISMS?
Is there a documented information security policy?
Are roles, responsibilities, and authorities clearly defined?
Planning
Are documented information security objectives in place?
Are risks and opportunities systematically addressed?
Is there a documented risk treatment process?
Support
Are sufficient resources allocated to the ISMS (personnel, tools, budget)?
Has information security awareness been promoted among employees?
Are there documented communication rules for internal and external parties?
Is documented information systematically created, maintained, and controlled?
Operation
Is a structured risk management process in place?
Is there a documented asset management process?
Is the operation of IT systems and information assets securely designed?
Performance Evaluation
Are internal audits regularly conducted?
Are management reviews performed with tangible results and improvement actions?
Is the effectiveness of the ISMS being measured?
Improvement
Is there a documented procedure for handling nonconformities?
Are continuous improvements actively pursued within the ISMS process?
Annex A (Controls according to ISO/IEC 27001:2022, Annex A – 4 Themes)
Organizational Measures (Governance, Roles, Responsibilities, Supplier Management)
People-Based Measures (Awareness, Training, Role Changes, Access)
Physical Measures (Access Controls, Devices, Media)
Technological Measures (Access Rights, Encryption, Monitoring, SIEM, Backup)
Training Offers on BSI IT-Grundschutz (Optional)
In addition to our consulting services, we offer the following training programs:
BSI IT-Grundschutz Practitioner – Basics & Application
BSI IT-Grundschutz Consultant – Advanced & Implementation in Organizations
BSI Incident Practitioner / BCM Practitioner – Resilience & Emergency Management
All courses available remotely & certified
Eligible for education vouchers
Is vCISO Right for You?
This service is ideal for:
SMEs without an internal Information Security Officer
Companies in regulated sectors (e.g. KRITIS, NIS2, DORA, TISAX®)
Organizations aiming to combine standards (e.g. ISO 27001 + ISO 22301)
Businesses seeking audit-ready ISMS within a few months
Benefits at a Glance
Minimize response time during incidents
Detect advanced attacks before they escalate
Reduce burden on internal IT teams
Identify vulnerabilities and misconfigurations
Integrate with SOAR, MDR & XDR solutions
Custom dashboards, reports, and escalation plans
Register via the form
Schedule an appointment with our certified TM experts
Health Check implementation incl. discovery, reporting & consulting
Results workshop with recommendations and a concrete action plan
Optional support for migration, consolidation, or up-/cross-selling
What is SecureCheck 360° and how does it work?
SecureCheck 360° is a fully managed vulnerability assessment service that continuously scans your IT and OT environments for security gaps. It identifies, prioritizes, and helps remediate weaknesses before attackers can exploit them.
Secure Your IT Infrastructure with Scalable and Resilient Solutions from CS VISOR
Do you have questions or need expert advice on cybersecurity and IT services?
We’re here for you! Our team is ready to assist you.
Your benefits:
- Client-focused approach
- Independent expertise
- Skilled & certified team
- Outcome-oriented process
- Agile problem-solving
- Transparent communication
What happens next?
Schedule a call at your convenience
We analyze your needs in a consulting session
You receive a tailored proposal — no strings attached