fuentis - Multi-Compliance for your ISMS

ISO27001 NIS2 VDS10000 BSI Grundschutz BAIT, VAIT, KAIT DORA MARISK SzA B3S Grundschutz++

We know there are many standards – and we cover them all. Our products are flexible enough to accommodate nearly every compliance standard. Whether it’s ISO 27001, BSI IT-Grundschutz, NIS2, or industry-specific requirements – with us, you are always on the safe side.

Contact us, and together we will find the right solution for your organization.

All in one place: The Catalog manager

Our Catalog Manager is your central point of contact for compliance requirements. Here, you can manage, monitor, and document any requirement catalogs, such as BSI IT baseline protection, ISO standards, or industry-specific guidelines like BAIT or VdS 10000. Whether it’s risk management, data protection, or information security – with the Catalog Manager, you always maintain control and ensure that all requirements are met.

Dive Into Compliance: Supported Standards

Mapping of industry-specific security standards, particularly for critical infrastructure (KRITIS) institutions such as hospitals. Our suite helps you effectively implement and demonstrate compliance with the healthcare requirements and the industry-specific security standard (B3S).

Financial companies face extensive regulatory requirements. With the fuentis Suite 4, you can easily implement all the obligations of BaFin, GDPR, the IT Security Act, and industry-specific guidelines such as BAIT, VAIT, and KAIT. Feel free to contact us for more information, including details about DORA.​

Cloud providers and users of cloud services benefit from our support in implementing the C5 catalog for cloud compliance. We provide the right platform to meet the requirements for data protection and IT security in the cloud.

 

VdS 10000 provides clear guidelines for securing the IT infrastructure of SMEs. Our suite helps you systematically implement the technical and organizational measures for information security within your organization.

Simple and practical implementation of information security for SMEs. With the fuentis Suite, the phases of the 12-step model ISIS12 can be easily mapped and integrated into everyday business operations.

Operators of critical infrastructures must demonstrate comprehensive measures for threat detection. With the fuentis Suite, the quality of the deployed systems and the proof of implementation can be systematically represented.​

 

We know that there are many different requirements. If your specific standard is not listed here, please feel free to contact us. With our flexible suite, we will work together to find a solution that meets your compliance needs.​

Solutions for your industry – flexible and standardised

With our fuentis solutions, we provide you with a flexible and comprehensive way to comply with all relevant standards. Whether as a cloud-based solution or on-premise – our Platform helps you effectively and securely manage information security within your organization. Contact us to discuss the next steps and achieve your compliance goals.

Expertise at the touch of a button

The convenient way to the next audit

Average time saving
%
Thanks to practical workflows and efficient automation
Average cost saving
%
Compared to traditional consultants
Convinced customers
+
and even more completed projects
Uptime guarantee
%
In certified data centers

Frequently asked questions

B3S
How often does a B3S need to be updated?

The suitability of an industry-specific security standard (B3S) is determined for three years. After that, it should be checked whether the assumptions and measures of the B3S still correspond to the current threat situation and the "state of the art". It is possible to resubmit the same B3S for a suitability test.

If the B3S no longer fulfils the state of the art, the BSI can revoke the suitability assessment. However, there is no automatic revocation. Transition periods for the creation of a test basis, as in the case of IT-Grundschutz certification, are not necessary.

In a B3S, reference can be made to existing standards, norms, regulations and best practices. However, the resulting requirements for the operator must be clearly stated.

BAIT, VAIT, KAIT
What does BAIT, VAIT, KAIT mean?

The standard summarises specific instructions issued by BaFin to banks and credit institutions, insurance companies and investment companies in their capacity as capital management companies:

BAIT - Banking Supervisory Requirements for IT (since 2017), VAIT - Insurance Supervisory Requirements for IT (since 2018), KAIT - Capital Supervisory Requirements for IT (since 2019).

With the catalogues of requirements of the standard, BaFin therefore sets clear requirements for the technical and organisational design of information technology, IT systems and IT peripherals in companies in the German financial sector.

In addition, guidelines for information security and IT governance are intended to increase IT security in financial organisations and raise awareness of IT-related risks.

VdS 10000
What are the VdS 10000 guidelines based on?

The VdS 10000 guidelines and requirements partly map the BSI IT-Grundschutz (basic protection) and are based on the ISO 27001 standard. The VdS 10000 guidelines have been modelled in an upwardly compatible way, i.e. a subsequent build-up of the protection level towards ISO 2700x is possible at any time - up to certification.

The implementation of the VdS minimum requirements for information security provides municipalities, authorities and non-profit organisations as well as small and medium-sized enterprises with a number of advantages:

Compliance with the VdS 10000 specifications provides good basic protection for IT technology, information and stored data. The risks of business incapacity as a result of cyberattacks are minimised. Information security and performance assurance are increased. The VdS certificate (information security according to VdS 10000) creates trust. This standard provides assistance for the introduction of an information security management system. The entire catalogue of measures for information security can be easily and simply implemented with fuentis ISMS implement and optimise.

ISIS12
What advantages does ISIS12 offer SMEs?

The ISIS12 measures are easily scalable and can therefore be tailored to any size of business. The introduction of ISIS12 creates the basis for internal audits and certifications according to ISO/IEC 27001.

The fuentis ISMS module is ideally suited for implementing the individual ISIS12 phases. Alternatively, specific software programmes are available to support the implementation of ISIS12.

As of April 2021, funding is available for SMEs and municipalities in the federal states of Bavaria and Saarland. To check specific funding opportunities for your company/organisation, please contact us:

SzA
When do operators of critical infrastructures (CRITIS) have to use attack detection systems?

Pursuant to Section 8a (1a) BSIG, from 1 May 2023 operators of critical infrastructures are obliged to use such attack detection systems as part of the appropriate precautions pursuant to paragraph 1 in order to avoid disruptions to the critical infrastructure they operate. In doing so, the state of the art shall be complied with and the proper use of the attack detection systems shall also be demonstrated with the evidence pursuant to section 8a (3) BSIG.

For operators of energy supply networks and energy facilities that are exempt from KRITIS regulation pursuant to Section 8d BSIG, the innovations for "attack detection systems" apply in parallel pursuant to Section 11 (1e) and (1f) EnWG. Proof of the proper use of attack detection systems must also be submitted to the BSI. This also includes the transmission of the results of the audits, tests or certifications of the attack detection systems carried out, including the security deficiencies discovered in the process.

Securely networked for you! Our partnerships & memberships for a shared future.

Scroll to Top