IT-Grundschutz (BSI)
Why important?
Relevant for German authorities/high-trust workloads.
How measured?
Scale 0–5 + N/A:
- 0 = No IT-Grundschutz / no evidence
- 1 = Planned/announced
- 2 = Partial implementation/modules, no certification
- 3 = Certification for partial scope or relevant components
- 4 = Certification for platform/organization with clear scope
- 5 = Comprehensive certification with transparent scope + solid evidence
- N/A = no reliable evidence
Sources / Evidence
- https://cloud.ionos.de/zertifikate
- https://www.open-telekom-cloud.com/en/blog/cloud-computing/open-telekom-cloud-applied-for-it-grundschutz
- https://www.bsi.bund.de/SharedDocs/Zertifikate_GS_ISO27001/Abgeschlossen/BSI-IGZ-0691-2025.pdf.pdf?__blob=publicationFile&v=1
- https://stackit.com/de/warum-stackit/vorteile/zertifikate
- https://docs.hetzner.com/general/company-and-policy/information-security-at-hetzner/
Validation questions (RFP)
- What is the product/site scope? How is IT-Grundschutz translated to cloud shared responsibility?
Scores comparison
| Providers | Score | |
|---|---|---|
| SysEleven OpenStack Cloud | 5.0 | |
| Cloud Temple Trusted Cloud | 0.0 | No IT-Grundschutz. French provider. |
| Infomaniak Public Cloud | 0.0 | No IT-Grundschutz. Swiss provider. |
| IONOS Cloud | 4.0 | |
| STACKIT | 4.0 | |
| T Cloud Public | 2.0 | |
| noris Sovereign Cloud | 2.0 | |
| Microsoft Sovereign Cloud | 1.0 | |
| pluscloud open | 1.0 | |
| Exoscale | 0.0 | |
| Hetzner Cloud | 0.0 | |
| OVHcloud Public Cloud (inkl. SecNumCloud) | 0.0 | |
| Scaleway | 0.0 | |
| AWS European Sovereign Cloud | N/A | |
| Delos Cloud | N/A | |
| Oracle EU Sovereign Cloud | N/A | |
| UpCloud | N/A |