LOGBOOK

HELP

Quiz Entry - updated: 2026.03.01

What is the relationship between ISO 27001 certification and BSI IT-Grundschutz?

An ISO 27001 certificate based on IT-Grundschutz includes both an ISMS audit and a verification of concrete IT security measures — making it more rigorous than a standard ISO 27001 certification.

ISO 27001 on IT-Grundschutz:

  • Covers both the ISMS (management system) and the concrete IT security measures based on IT-Grundschutz
  • Always includes an official ISO 27001 certification
  • Is considered significantly more meaningful than a pure ISO 27001 certification

Why more meaningful?

  • A standard ISO 27001 audit primarily checks that your management system works and you follow your own processes
  • The IT-Grundschutz-based certification additionally verifies that your technical security measures are actually implemented and effective
  • It checks the "what" (ISO 27001 ISMS) AND the "how" (IT-Grundschutz controls)

Tip: Think of it like a driving license — ISO 27001 alone checks that you know the theory, while the IT-Grundschutz addition also checks that you can actually drive.

From Quiz: ISM / Standards & Frameworks I (ISO, BSI) | Updated: Mar 01, 2026