Federal Office for Information Security (BSI)

Self-declaration and IT-Grundschutz Certificate

There are three different versions of IT-Grundschutz qualification, which differ with regard to the degree of assurance and the IT security safeguards that have to be implemented:

0rganisation of cerfication

A self-declaration can be submitted by an agency/company when it has been determined for a particular target of evaluation that the essential (entry-level) or most important (higher level) safeguards in the IT-Grundschutz Catalogues have been implemented. The purpose of self-declarations is to facilitate progress towards achieving certification and they should be viewed as milestones on the way to an IT-Grundschutz Certificate.

By contrast, an IT-Grundschutz Certificate is issued by a certification authority. Checking as to whether the target of evaluation satisfies the requirements of the IT-Grundschutz Certificate is carried out by an independent auditor who has been licensed by the BSI. In particular, it is a precondition to the issue of an IT-Grundschutz Certificate that all the standard security safeguards that are relevant to the target of evaluation have been implemented in all essential respects.