BSI standard (IT-Grundschutz)

The ISMS software QSEC® is named by the BSI BSI standard (IT-Grundschutz) as an alternative to GSTOOL and supports an optimal implementation of the BSI standard 200-1 to 200-3 and 100-4 in public administration of any size via licensed basic BSI standard (IT-Grundschutz) content.

Licensed IT-Grundschutz content




The GSTool successor extension of QSEC works according to BSI standard (IT-Grundschutz) and at the same time enables information security management according to the requirements of ISO 27001.

The multifunctional platform QSEC for

  • Data Protection,
  • Information Security,
  • Risk Management and
  • Business Continuity Management / Business Impact Analysis
  • and many other standards

enables theintegrated use of recorded company data, such as business processes, assets and information in ONE management system.

QSEC supports the requirements and processes of the BSI standard (IT-Grundschutz) and all other standards / norms. The user is guided via intuitive workflows, wizards and task support with

  • Questionnaires,
  • Proposed measures,
  • „Best Practices“,
  • Model documents,
  • Risk catalogues,
  • Sample business processes, and assets according to industries.

The modules, risks and measures are updated in QSEC according to the BSI updates.
In QSEC® it is possible to work simultaneously according to security standards ISO/IEC 27001 and BSI standard (IT-Grundschutz). Users have the possibility to decide on a procedure or to operate it in a parallel way.

BSI standard (IT-Grundschutz)ISO/IEC 27001
Definition of organization and scopesDefinition of organization and scopes
Capture of IT with structural analysisCapture of the IT (grouping) with structural analysis
Recording of business processes and informationRecording of business processes and information
Storage of the module cataloguesMaturity assessment with output of the SoA
Risk analysis on the basis of the risk catalogues and the implemented measuresRisk analysis on the basis of threats and vulnerabilities
Risk level classification with gross and net risksRisk level classification with gross and net risks
Catalogues of measures completely integratedCatalogues of measures completely integrated
Document Management / Security Incidents …Document Management / Security Incidents …


The BSI standard (IT-Grundschutz) extension is available for all QSEC product variants and enables the implementation of BSI standard (IT-Grundschutz) in a sustainable and user-friendly manner.