Quiz Entry - updated: 2026.03.01
What is the relationship between ISO 27001 certification and BSI IT-Grundschutz?
An ISO 27001 certificate based on IT-Grundschutz includes both an ISMS audit and a verification of concrete IT security measures — making it more rigorous than a standard ISO 27001 certification.
ISO 27001 on IT-Grundschutz:
- Covers both the ISMS (management system) and the concrete IT security measures based on IT-Grundschutz
- Always includes an official ISO 27001 certification
- Is considered significantly more meaningful than a pure ISO 27001 certification
Why more meaningful?
- A standard ISO 27001 audit primarily checks that your management system works and you follow your own processes
- The IT-Grundschutz-based certification additionally verifies that your technical security measures are actually implemented and effective
- It checks the "what" (ISO 27001 ISMS) AND the "how" (IT-Grundschutz controls)
Tip: Think of it like a driving license — ISO 27001 alone checks that you know the theory, while the IT-Grundschutz addition also checks that you can actually drive.