What the BSI IT-Baseline Check evaluates
The BSI IT-Baseline Check for associations evaluates your information security using adapted BSI building blocks. For volunteer environments, the ORP.4 building block (identity and access management) is particularly relevant.
Legal foundations
BSI Standards 200-1/2/3; ORP.4 building block (crucial with changing volunteers); for religious bodies additional supervisory recommendations. Placeholder — Phase 46 provides the target-group-specific ContentBlock.
How the check works
1. Choose your association type and size 2. Questions about member management, credentials, devices used by volunteers 3. Assessment focused on ORP.4 and organizational weaknesses
Your benefits
• Free and without registration • ORP.4 focus for volunteer turnover • Lean baseline for small associations • Legal status April 2026
Frequently asked questions
- Are associations subject to a BSI Baseline obligation?
- No direct statutory obligation. BSI Baseline is an industry standard for appropriate security; strongly recommended for associations handling sensitive data (e.g., health, religion).
- What is ORP.4 and why does it matter?
- The BSI building block ORP.4 describes identity and access management — particularly relevant with frequently changing volunteers so that access is properly deprovisioned.
- Is a password manager enough?
- A password manager is one building block — further steps include MFA, role-based access, documentation, and regular access reviews.
This initial assessment is not legal advice and does not replace consultation with a qualified lawyer. Legal status: April 2026.