VdS 10000

"Information security management system for small and medium-sized enterprises (SMEs)"

  • standard for implementing an ISMS with a special focus on small and medium-sized enterprises (SMEs)
  • implementation with reduced effort compared to ISO 27001 or BSI basic protection
  • Certification of the ISMS according to VdS 10000 is possible

VdS 10000 is a standard developed for the needs of small and medium-sized enterprises to implement information security management in a practicable way. The defined measures and specifications, which are formulated across all industries, enable certification according to VdS 10000 with manageable effort.

Like its predecessor VdS 3473, which was replaced in 2018, VdS 10000 was developed by VdS Schadensverhütung GmbH, a subsidiary of the German Insurance Association. VdS is a globally renowned institution for corporate security, specialising in cyber security, fire protection, building security and natural hazard prevention.

VdS 10000 - practical approach with specific requirements

The VdS 10000 guideline focuses on the implementation of information security management on 43 pages. VdS 10000 also contains recommendations for establishing a security guideline and a process of continuous improvement.

In line with the practicable approach, VdS 10000 works with clearly defined terms that are useful for implementation.
The terms "can", "should not", "should", "must not" and "must" differentiate the obligation to implement the recommendations and measures described.

VdS 10000 distinguishes between "critical" and "non-critical" IT resources. Advanced security measures as well as risk analyses and risk treatments are required to secure critical IT resources, while basic protection is sufficient for "non-critical" resources.