BSI Standard 200-4: Guidance on setting up business continuity management
Information security in companies is a process that must be constantly monitored and optimized. The BSI IT baseline protection standards offer a practical guide to establishing your own information security management system, especially for less experienced users in small and medium-sized companies with an independent IT department.
A distinction is made between eight phases or steps. The first step is to define which components and areas in the company are eligible for an ISMS. This is followed by a structural analysis of all security-critical company assets and their dependencies. Once the protection requirements have been determined, the minimum requirements specified by the BSI baseline protection as building blocks are modeled and then compared with the current status in the IT baseline protection check. A risk analysis is necessary for all company values that do not match any of the modules.
An action implementation plan summarizes all the safety measures that will ultimately be implemented in order to achieve the desired safety level. This is divided into 3 levels (basic, core and standard) so that the security concept can be implemented and tested in line with the requirements of your own company.