Product Features
BSI IT-Grundschutz
Security compliance checks
In this article:

Automating Compliance Audits for BSI IT-Grundschutz, DORA, TISAX & more

In a robust hybrid or multi-cloud environment that incorporates various complex technologies that must adhere to strict regulatory standards, it is now humanly impossible for individuals to manually ensure continuous compliance across all systems. The situation now requires automation for proactive scans and reporting for the environment; without such, you will lag in compliance efforts from the start.

“We have a strong security policy of needing to comply with Germany’s BSI IT-Grundschutz security regulation, and we needed a software solution to help us manage that compliance in a way that would not be reactive and would make their reaction and response times shorter,” said Mr. Hauber from Landkreis Heilbronn.

“We needed a software solution to help us manage that compliance in a way that would not be reactive and would make their reaction and response times shorter.”

Thomas Hauber, Team Leader, Technology Division, Landkreis Heilbronn

Among many other global and regional regulatory standards, Runecast also provides automated audits against DACH-specific standards, such as BSI IT-Grundschutz and TISAX. The former suggests a baseline protection that is mandatory for those wishing to bid for a contract with German organizations in the Public or Legal sectors. The latter is required for any and all organizations that do business with the German automotive industry, which includes the automotive supply chain beyond Germany’s borders.

One-Stop Shop for VMware Admins

Mr. Petrischkeit, the Network and System Admin at Hochschule Stralsund University in Germany, mentioned that: “General security questions posed challenges for the team. With standards and best practices changing from version to version and 1000s of pages of documentation with each new release, it was not humanly possible to keep up with it all in a proactive manner.” 

Their team was not fully confident that all of their BIOS, driver, and firmware levels were compatible and up to date on their VMware servers. He mentioned that in some cases, they updated firmware and ran into problems, then needed to downgrade it again to fix the issue, and finally still needed to deal with VMware support.

  • Learn more about Hochschule Stralsund's particular set of challenges and how Runecast helped them to resolve those here.
“Runecast provides better sleep for VMware administrators. Just look at the vast amount of information from VMware itself regarding securing and configuring your infrastructure. Runecast takes that completely off your shoulders.”

Jan Petrischkeit, Network and System Administrator at Hochschule Stralsund University

Michael Szczuka, Senior Engineer of the German Aerospace Center (DLR), explained: “We use Runecast mostly as a solution to warn us of potential problems with new versions or updates before they manifest as real issues. Runecast increases the stability and performance of our environment.”

  • Read more in our DLR case study here.

Runecast continuously scans configuration and logs against a previous baseline configuration, vulnerabilities, known issues from Knowledge Base articles, security standards, the VMware Hardware Compatibility (HCL) List , VMware Best Practices, Best Practices for Pure Storage and SAP HANA on vSphere, Best Practices for for vSphere on Nutanix, and more – to help stabilize and secure your VMware infrastructure.

24/7 Visibility of Vulnerabilities and Misconfigurations

Having your environment scanned for vulnerabilities and misconfigurations continuously enables 24/7 transparency of your environment and allows you to remediate proactively what you otherwise would only be able to do after a potentially critical and costly failure. 

Landkreis Heilbronn Technology Division Team Leader Thomas Hauber shared in an interview with us: "Runecast finds and reveals vulnerabilities and misconfigurations for us proactively, before these can devolve into bigger problems for our team." 

  • Read more of our case study with Landkreis Heilbronn here.

For keeping up to speed with new zero-day threats, VMSAs, and other CVEs, we release knowledge definitions each week and system package updates each month. Whenever there is a new VMSA, we try to ensure that Runecast covers it within 24 hours, to give our VMware-powered customers a more comprehensive understanding of the potential threat.

Companies running Runecast air-gapped are able to leverage offline updates.

Easy & Fast On-Prem Deployment

As one of the metrics that we use to judge our success as a company is customer validation, Mr. Petrischkeit's words on Runecast deployment verify that we are providing real value: “It was incredibly fast and easy to deploy. We installed Runecast, ran a scan, and said, ‘Wow, this works!’” 

Another aspect that customers frequently provide feedback on is the ease of use. Mr. Hauber stated that Runecast continues to surprise them with “its detailed remediation steps to implement and its overall ease of use.”

“It was incredibly fast and easy to deploy.”

Mr. Petrischkeit, Network and System Administrator at Hochschule Stralsund

Saving Major Assets: Time and Money

With Runecast, you don’t need to have many tools, instead one solution for them all. It continuously saves time and money for organizations, notably in the daily operations of Security, Compliance, and Operation teams. 

Mr. Lohmann from the Kiel Municipal Hospital says: “With remediation scripts alone, if I had to do all of that myself, it has saved us already 100s of hours in the first few months, and we’ve saved already two months of manual work in mitigating vulnerabilities. It greatly reduces any incidents requiring external support, and their BSI security compliance audits now take much less time to prepare for.”

  • For more on our case study with Kiel Municipal Hospital go here.


Runecast stands out as a comprehensive solution that not only offers 24/7 visibility but also automates compliance management, making it indispensable for organizations in the highly regulated DACH region and beyond. By enabling best practices and automated regulatory compliance audits, Runecast aligns perfectly with Germany's stringent Governance, Risk, and Compliance (GRC) frameworks.

More Resources

Meet other Runecasters here:

Get Started Today

Be up and running in less than 15 minutes and see how Runecast empowers you and your team. Get your first report now.

Start My Free Trial