State and administration

Data Security according to GDPR and Information Security according to BSI (IT-Grundschutz) managing together


BSI standard (IT-Grundschutz) is considered a standard for the development of a management system for information security at authorities and in the public administration. Since the procedure is compatible with ISO 27001, BSI standard (IT-Grundschutz) is also internationally recognized.

Public administration and authorities have with QSEC the advantage of combining both approaches: For example, best practices according to ISO 27001 can be combined with the proposed measures from IT-Grundschutz, thus combining aspects from both standards in your information security management system (ISMS). This combination is proven to be useful and effective when establishing an ISMS.

If you look at the areas of data protection and information security, there are also significant interfaces that should be considered when establishing a data protection and information security management system.

Differences and similarities in the goals of information security and data protection:

Main differences:
Data Security (GDPR): Protection of personal data of natural persons on the basis of strict legal requirements
Information Security (BSI standard (IT-Grundschutz)): Protection of sensitive and relevant information and data based on the possibilities of different concepts (BSI standard (IT-Grundschutz), ISO 27001)


Interface: Technical-organizational measures (TOM’s)
Measurers Management:

Both data security and information security measures have to be risk-based

  • define,
  • implement,
  • document and
  • control.

this requires the establishment of a P(lan)-D(o)-C(heck)-A(ct) cycle to manage these tasks efficiently and sustainably.


GDPR and IT-Grundschutz – goals and similarities

QSEC, the ISMS software for the implementation of a common integrated data security and information security management system according to EU GDPR, BSI standard (IT-Grundschutz) and ISO 27001, offers the possibility to use the synergies of ONE common management system for data security and information security and still clearly separating the responsibilities and roles within the organization.
QSEC enables the information security manager to implement the security objectives of confidentiality, availability and integrity within the organization in both conceptual and operational terms, and the data protection manager can completely process his tasks related to data security requirements with QSEC.
The ISMS software QSEC supports both the data security and the ISMS process in a methodical and user-friendly way with workflow, task and wizard functionalities.

References & case studies


QSEC Online-Demo