How did IT-Grundschutz certification work before the modernization (the three-level model)?
Since 2006 there was a three-step ladder: two auditor attestations (entry level, advanced level) leading up to the full "ISO 27001 based on IT-Grundschutz" certificate.
* The pre-modernization certification ladder — A → B → C "ISO 27001 auf Basis Grundschutz", mapped onto today's Absicherungsvarianten. *
The pre-modernization scheme:
- A — Auditor attestation "Grundschutz Einstiegsstufe" (entry level)
- B — Auditor attestation "Grundschutz Aufbaustufe" (advanced/build-up level)
- C — "ISO 27001 auf Basis Grundschutz" Zertifikatsstufe (certificate level)
Certifiable were Verbünde (information domains) that implemented at least the measures of the certificate level. The A/B attestations let organizations demonstrate progress on the way to full certification.
In the new scheme this ladder maps conceptually onto Basis-Absicherung → Standard-Absicherung (certificate basis), with Kern-Absicherung as the new focused option.