Question 1

Does Kertos offer a BCMS?

Accepted Answer

Not as part of its product. Kertos automates compliance frameworks with ISO 27001 at the centre. Business continuity (BCMS per ISO 22301) is not in the lineup. If your operating model needs BIA, RTO/RPO, recovery plans, and tested exercises, that work would happen outside Kertos.

Question 2

What does "one management system vs a stack of frameworks" mean in practice?

Accepted Answer

Kertos lets you implement ISO 27001 and adjacent frameworks in parallel, each with its own workflow. KaitoSec models your assets, processes, risks, and controls once, then satisfies whichever frameworks each control happens to map onto. The substance is the source of truth; the certificate is the consequence.

Question 3

Does Kertos support BSI IT-Grundschutz?

Accepted Answer

No. Kertos focuses on ISO 27001, TISAX, GDPR, SOC 2, NIS2, DORA, EU AI Act, and ISO 42001. BSI IT-Grundschutz is not in the framework library. For federal agencies, KRITIS operators, and their suppliers this matters. KaitoSec ships Grundschutz baseline, standard and core protection profiles mapped to the same controls as ISO 27001 and NIS2.

Question 4

Is on-premise deployment available?

Accepted Answer

Kertos is cloud-only. KaitoSec runs in our hosted environment or fully inside your infrastructure. No external telemetry, no shared multi-tenant database. For organisations whose data classification or regulator does not permit a third-party SaaS path, this is decisive.

Question 5

How does pricing compare?

Accepted Answer

Kertos does not publish list prices. For a mid-market buyer who has to defend a budget internally, an opaque starting point is friction. KaitoSec publishes platform tiers, advisory day rates, and certification package prices. What you sign for is what you saw on the website.

Question 6

Is KaitoSec a fair competitor on ISO 27001 automation alone?

Accepted Answer

Yes. KaitoSec covers ISO 27001 to comparable depth. If ISO 27001 is the only requirement, Kertos is a credible option. The decision tips toward KaitoSec when BCMS, AIMS, NIS2, DORA, Grundschutz, on-premise, or integration across four management systems matters for the operating model.

Question 7

Can KaitoSec be used as an upgrade path from Kertos?

Accepted Answer

Yes. Teams that started with Kertos and need BCMS, AIMS, Grundschutz, on-premise, or deeper NIS2/DORA work without running multiple tools migrate to KaitoSec. Existing control mappings, policies, and evidence import; the consulting team helps plan the cutover.

Feature	KaitoSec	Kertos
BCMS (ISO 22301): business continuity
Integrated four-system management
ISMS (ISO 27001, BSI Grundschutz, TISAX, SOC 2)
DSMS (GDPR, ISO 27701)
AIMS (ISO 42001) as a full management system
NIS2 and DORA in the same data model
On-premise deployment
DACH-based, German-speaking experts

Feature	KaitoSec	Kertos
BCMS (ISO 22301): business continuity
Integrated four-system management
ISMS (ISO 27001, BSI Grundschutz, TISAX, SOC 2)
DSMS (GDPR, ISO 27701)
AIMS (ISO 42001) as a full management system
NIS2 and DORA in the same data model
On-premise deployment
DACH-based, German-speaking experts

KaitoSec vs Kertos

BCMS in the system, not a separate tool

One management system, not a stack of certificates

Agentic across four systems, not bolted onto one

BSI IT-Grundschutz as a first-class framework

Software, advisory, and certification under one contract

From audit to operation. PDCA, not pause

Where Kertos wins

Mature ISMS automation

Strong DACH brand and expert combination

FAQ

Product

Frameworks

Solutions

Services

Resources

Company

Legal