IT Grundschutz Compliance Workbook - Microsoft Azure Germany is a new workbook that was developed by Hisolutions AG, one of the most renowned consulting and auditing companies in Germany. It supports our clients to achieve their IT Grundschutz certification with solutions and workloads deployed on Microsoft Azure Germany. It´s based on the most recent version of IT Grundschutz, covering the relevant sections for cloud usage.
In Germany the Federal Office for InformationSecurity (Bundesamt für Sicherheit in der Informationstechnik, BSI) provides the IT-Grundschutz methodology; consisting of an ISO 27001 compatible ISMS (BSI Standards 100-1, 100-2), a dedicated risk analysis method (BSI Standard 100-3), and the IT-Grundschutz Catalogues, a standard set of threats and safeguards for typical business environments.
The purpose of this workbook is to help customers of Microsoft Cloud Germany who wish to use Microsoft Cloud Germany Services implement the IT-Grundschutz methodology within the scope of their existing or planned ISO 27001 certification based on IT-Grundschutz.
This workbook describes how to model cloud services as part of the Information Domain1, i.e. the certifiable scope of the ISMS, and how to apply the IT-Grundschutz methodology to applications within the cloud. An outline of how to implement the central IT-Grundschutz module M 1.17 Cloud Usage is given on a persafeguard- basis. The workbook is available here for download.