Quiz Entry - updated: 2026.07.14
What is VDS 10000?
A lightweight ISMS standard from VdS Schadenverhütung GmbH, a German insurance-industry institution — aimed at SMEs as "minimum information security requirements".
VdS is one of the most respected institutions for insurance-driven risk reduction (fire protection, burglary, cyber). Their VDS 10000 publishes minimum standards that an organisation can adopt to demonstrate "due care" — often to qualify for cyber insurance discounts.
Scope of VDS 10000 controls includes:
- Organisation of information security
- Leitlinie & Richtlinien (policy & guidelines)
- Staff
- Knowledge
- Processes
- IT systems
- Networks & connections
- Mobile data
- Environment
- IT outsourcing and cloud
- Access controls
- Data backup & archiving
- Risk analysis
- Disruptions and outages
- Security incidents
Pros / Cons:
| Pro | Contra |
|---|---|
| Simple, very concrete | License fee |
| KMU-friendly | Not internationally recognised |
| Insurance industry credibility | Doesn't scale well |
Tip: VDS 10000 is essentially the German insurance industry's answer to "we can't certify everyone against ISO 27001, but we still need a baseline before we underwrite cyber policies."