How does the IKT Minimalstandard's self-assessment scoring work?
Each measure is scored on a maturity scale from 0 to 4, and the results are compared as "ist" (actual) vs. "soll" (target) — typically visualized as spider/radar charts per function.
The tier levels (mirroring the NIST Implementation Tiers, in German):
| Score | Level |
|---|---|
| 0 | Not implemented |
| 1 | Partiell (partial) — ad-hoc, reactive |
| 2 | Risiko-informiert (risk informed) |
| 3 | Reproduzierbar (repeatable) — formal, established processes |
| 4 | Dynamisch (adaptive) — continuously improving |
The evaluation produces radar charts: one overall chart across the five functions plus detailed charts per function (e.g. Detect broken into Vorfälle, Überwachung, Detektionsprozess), each showing the ist curve against the soll curve. Where the actual line falls inside the target line, you have a gap to close.
Tip: The soll values are risk-based, per organization — a hospital and a bakery set different targets. The standard provides the ruler, not the verdict.