+49 155 609 62044contact@vamisec.com
Book an Appointment
BSI Grundschutz++ · consulting & certification support

Grundschutz++ consulting:
build, integrate, certify your ISMS

The new BSI methodology GS++ makes information security machine-readable, scalable, and automatable. We support you from planning to certification — and integrate GS++ seamlessly into your existing management system.

Free initial consultationOur services
BSI IT-GrundschutzISO 27001 / 42001ISO 27701 (PIMS)IEC 62443 (CSMS)EU AI Act readyNIS2 aligned
Valeri Milke – BSI Grundschutz++ consultant
Valeri MilkeCEO · VamiSec GmbH

ISO 27001 & 42001 Lead Auditor
BSI IT-Grundschutz · AI Officer

Book a Teams meeting
5PDCA process steps
31target object categories
19practices (ISMS, org, tech)
OSCALmachine-readable & automatable
Why Grundschutz++

The evolution of BSI IT-Grundschutz

GS++ is the consistent next step — built on extensive practical feedback, machine-readable in OSCAL, and applicable across industries.

Machine-readable (OSCAL)

Requirements in OSCAL format enable tool-assisted implementation and significantly reduce manual effort. Digitization of the entire ISMS documentation.

Modular layer architecture

Base version + tech layer (OSCAL blueprints) + example layer + audit layer. Step-by-step depth with supporting documents for risk, training, and migration.

Iterative PDCA cycle

5 clear process steps that run cyclically. Can also be run in parallel after the first cycle. Start with your most important business process.

Asset-based modeling

31 target object categories with inheritance hierarchy. Function-oriented mapping, 6 root nodes, 4 hierarchy levels. Automated processing supported.

Risk-driven & flexible

Risk assessment is applied where high protection needs or deviations exist. Methodology freely selectable within BSI guidance. Two levels: normal (SdT) and elevated.

Cross-sector & scalable

From small institutions (manual) and mid-sized (semi-automated) to large organizations (fully automated). Equally suitable for public administration and the private sector.

Video insight

Grundschutz++ at a glance

In a few minutes we show why GS++ is the next step for a modern, machine-readable ISMS — and how you benefit from the new structure.

The security process

5 process steps in the PDCA cycle

Each step corresponds to an ISMS practice and runs cyclically. After the first cycle the steps can be processed in parallel.

1

Survey & planning

Context, compliance, policy, scope, roles, risk management

PLAN
2

Requirements analysis

Information network, asset modeling, target objects, requirements set

PLAN
3

Implementation

Implementation status, prioritization, accountability, approvals

DO
4

Monitoring

ISMS assessment, audit, compliance, monitoring, management review

CHECK
5

Continuous improvement

Non-conformities, corrections, effectiveness review

ACT
Our services

From gap analysis to certification

We accompany you through the entire GS++ lifecycle — pragmatic, efficient, and tailored to your size.

Gap analysis & readiness

  • Inventory of the existing ISMS
  • Delta analysis against GS++ requirements
  • Maturity assessment
  • Prioritized action plan

ISMS build per GS++

  • Scope & information network
  • Asset modeling & target object mapping
  • Build the requirements set
  • Establish security organization

Certification support

  • Audit preparation & mock audits
  • Documentation & evidence
  • Support during the audit
  • Remediation of findings

Migration from IT-Grundschutz

  • Map existing modules to GS++
  • Identify gaps & synergies
  • Migration roadmap with quick wins
  • Training of role holders

Risk management

  • Methodology per BSI guidance
  • Risk assessment for high protection needs
  • Residual risk evaluation & treatment
  • Integration into the implementation plan

Automation & tooling

  • Building an OSCAL-based toolchain
  • Automated requirements modeling
  • Compliance-as-code approaches
  • Integration into CMDB & ticketing systems
Integrated management system

Embed GS++ seamlessly into your IMS

Grundschutz++ fits into your integrated management system as the ISMS building block. We support the combination with further ISO standards and regulatory requirements.

ISO 27001 (ISMS)

ISMS core standard. GS++ provides the requirements catalog, ISO 27001 the management framework. Joint certification is possible.

ISO 42001 (AIMS)

AI management system. Integration of AI-specific requirements with GS++ for AI systems within the information network.

ISO 27701 (PIMS)

Privacy information management. Connect data protection requirements seamlessly with GS++ compliance obligations.

IEC 62443 (CSMS)

Cybersecurity for industrial automation. GS++ target object categories complement OT-specific assets and requirements.

Leverage synergies in the IMS

  • Joint risk assessment across all standards
  • Unified document management & communication
  • Combined internal audits save resources
  • One management report for all systems
  • GS++ practices cover organizational processes

Regulatory coverage

  • NIS2 implementation act (NIS2UmsuCG)
  • EU AI Act (Regulation 2024/1689)
  • Cyber Resilience Act (CRA)
  • GDPR & BDSG compliance
  • KRITIS / BSI Act requirements
Your contact

Grundschutz++ isn’t a future topic — it’s now

The BSI guideline is published, the pilot phase is running. Position yourself as an early adopter and gain a competitive edge with a future-proof ISMS.

  • 15+ years experience in IT security & compliance
  • Lead Auditor (ISO/IEC 27001 & ISO/IEC 42001)
  • BSI IT-Grundschutz Practitioner & GS++ early adopter
  • NIS2, DORA, CRA and AI Act expert
  • AI Officer per EU AI regulation
  • Wiz partner · OWASP GenAI Security
Book a Teams meetingcontact@vamisec.com
Valeri Milke – VamiSec GmbH
Valeri MilkeCEO · VamiSec GmbH

Start with Grundschutz++ now —
before everyone else wakes up

Machine-readable. Automatable. Certification-ready.
Book a free initial conversation now and learn how GS++ transforms your ISMS.

Book a free initial consultationSee all services