IT-Grundschutz Practitioner

The IT-Grundschutz Practitioner is the entry-level certification in the BSI personal certification scheme for IT-Grundschutz. The qualification demonstrates solid knowledge in using the BSI IT-Grundschutz Compendium, creating security concepts and operationally implementing IT-Grundschutz in organisations. The certificate is recognised by Germany's Federal Office for Information Security (BSI) and is valid for 3 years. It is the German counterpart to the ISO 27001 Lead Implementer, tailored specifically to the BSI framework used across German public administration and critical infrastructure.

BSI IT-Grundschutz is fully compatible with ISO 27001. The BSI even offers its own "ISO 27001 based on IT-Grundschutz" certification that combines both standards. Many organisations - particularly in Germany - use IT-Grundschutz as the methodological foundation for their ISO 27001 certification. For internationally operating organisations, IT-Grundschutz provides the European regulatory context (GDPR, NIS-2, German IT Security Act) that complements ISO 27001. The course covers the interfaces between both standards in detail.

The course is aimed at IT security officers, IT managers and administrators, public sector IT professionals (federal, state, municipal authorities), KRITIS operators and their IT service providers, consultants working on IT-Grundschutz projects, data protection officers expanding their information security expertise, and project managers coordinating IT security projects.

There are no formal admission requirements. Basic IT knowledge (networks, operating systems, IT infrastructure) is recommended, along with ideally some exposure to IT security topics or management systems. Knowledge of ISO 27001 is helpful but not required. The course is deliberately designed as an entry point and covers all necessary fundamentals systematically.

The exam takes place on the last day of training (Day 3) and consists of 50 multiple-choice questions. The exam duration is 60 minutes, and a minimum of 60% correct answers is required to pass. The exam fee of EUR 250 net is not included in the course price. A free retake at a later date is available if you do not pass on the first attempt.

The IT-Grundschutz Practitioner certificate is valid for 3 years. Recertification is achieved by providing evidence of at least 20 hours of continuing education in IT-Grundschutz or professional experience in an IT-Grundschutz project. Alternatively, completing the IT-Grundschutz Consultant course automatically extends the Practitioner certificate.

Since December 2025, §38 of the German IT Security Act (BSIG) requires management of affected organisations to demonstrate documented training in information security - with personal liability. BSI IT-Grundschutz is a recognised NIS-2 compliance evidence because it systematically covers risk analysis (Art. 21 NIS-2), technical and organisational measures, and incident management. With the Practitioner certificate, you document the required training obligation and can use IT-Grundschutz as a framework for your NIS-2 implementation.

Our instructors are active security consultants with experience from hundreds of projects - not just theorists. Group size is capped at 12 participants so individual questions can be addressed. We work with real case examples from our consulting practice. We also offer 30 days of free email support after the course for technical questions.

Our courses run exclusively on a GDPR-compliant platform on German servers - without Zoom, Teams or other US-based providers. You need only a current browser and a stable internet connection. All training materials are available digitally. Interaction with instructors and other participants takes place in real time via video, audio and chat.