News and Press Releases

    Page 1 of 5.
  • 1
  • 2
  • 3

The verinice.TEAM has published the additional module verinice PCI DSS. This requirements catalog maps the Payment Card Industry Data Security Standard (PCI DSS) in verinice. The module can be used with verinice starting with version 1.22 in the ISM perspective. It is available to purchase in the verinice.SHOP

About the module verinice PCI DSS

The module verinice PCI DSS enables tool-supported verification of compliance with PCI DSS requirements. Requirements from other standards or laws (e.g. GDPR, HIPAA, ISO 27001 etc.) can also be conveniently mapped to avoid redundancies. verinice thus enables an integrated management system. 

Together, verinice and the PCI DSS module make it much easier to check and process compliance with the requirements. The module contains the complete PCI DSS requirements, which are imported into verinice. Users can thus skip the time-consuming and tedious part of the work, and use time more productively for working with the standard. In addition, responsibilities can be stored in verinice and individual requirements can be delegated so that colleagues can work together on the assessment. The associated reports provide meaningful overviews of the status quo of the organization.


The Payment Card Industry Data Security Standard (PCI DSS) was developed to improve the security of cardholder data and facilitate the adoption of consistent data security measures around the world. The PCI-DSS provides basic technical and operational requirements for protecting cardholder data. The PCI-DSS applies to all entities involved in the processing of payment cards – including merchants, processors, billing entities, card issuers and service providers, and other entities that store, process, or share CHD (Cardholder Data) and/or SAD (Sensitive Authentication Data).

Icon B3S

verinice. as well as verinice.PRO and the add-on module Zusatzmodul B3S Krankenhaus are qualified for funding from the Hospital Future Fund (KHZF). SerNet thus offers clinics and hospitals that have to improve their IT security and introduce information security management by the deadline of 01.01.2022 a comprehensive solution that meets their needs and is also eligible for funding. The corresponding proof of suitability for eligible service providers is held by SerNet.

The ISMS tool verinice or verinice.PRO is already in use as a reliable solution in the healthcare sector (e.g. Universitätsklinikum Halle, Charité Universitätsmedizin Berlin). The verinice.TEAM has also integrated the "Industry-Specific Security Standard for Healthcare in Hospitals" (B3S Krankenhaus), which is published by the German Hospital Association. The combination of verinice and the industry standard supports hospitals in meeting the requirements of the Patientendaten-Schutz-Gesetz (PDSG). According to this, by 01.01.2022, clinics and hospitals that are not classified as KRITIS (>30,000 full inpatient cases) are also "obliged to take appropriate organisational and technical precautions in accordance with the state of the art to prevent disruptions to the availability, integrity and confidentiality of their IT systems in order to ensure the functionality of the respective hospital and the security of the processed patient information." 

In accordance with the Krankenhauszukunftsgesetz für die Digitalisierung von Krankenhäusern 

funding can be applied for for the procurement and operation of verinice or verinice.PRO as well as the verinice module B3S Hospital since 1.1.2021. The responsible colleagues from the SerNet sales team have also obtained the necessary certificate in accordance with the Hospital Structure Fund Ordinance (KHSFV). SerNet is thus an authorised service provider. 

Some verinice.PARTNERS can also already show the "KHZG certificate" and offer comprehensive advice on the topics of: Improving IT security, ISMS for hospitals in general or specifically with the B3S and the funding from the KHZF. You can identify the relevant partners via our Partner-Locator.

The new version of the ISMS tool verinice 1.22.1 is available.

(UPDATE: See below at the end of the text for the short-term changes from 1.22 to 1.22.1).

Users can either obtain it from the verinice.SHOP or download it from the repository for Pro customers. In the release notes for verinice 1.22 we list all new features. 

The BSI IT-Grundschutz-Kompendium Edition 2021 is now also available in the verinice.SHOP or in the Pro repository. It is recommended to use it in combination with verinice 1.22 – an update is possible from the former Edition 2020 is possible.

Particularly noteworthy in the new version are: 

  • VDA ISA / TISAX version 4 and 5 (catalogs and report templates): For the modeling of the self-assessment according to VDA ISA / TISAX, both the current version 5 (default) and the previous version 4 are delivered with verinice 1.22, including the respective report templates.
  • Reporting form according to BSIG 8b for security incidents: The Incident target object has been updated for both the ISM perspective and the modernized IT-Grundschutz perspective and now maps security incidents.
  • Correction of the link view under macOS BigSur: This issue was identified and resolved together with the verinice community. 
  • Acceleration of VNA export for scopes with more than 20,000 elements.

Data protection module 3 for verinice (German only) is also available in a revised perspective. It now includes the BSIG 8b notification form for data protection incidents for the respective perspective (IT-Grundschutz and ISO/ISM). This also applies to the Risk Catalog Plus incl. data protection module, which is aimed in particular at energy network operators who have to implement the mandatory IT security catalog and the requirements contained therein in accordance with Section 11 (1a) EnWG (based on DIN ISO/IEC 27001:2017, DIN ISO/IEC 27002:2017, ISO/IEC 27005:2018 and DIN EN ISO/IEC 27019:2020). In addition, the data protection module for the Basic Protection Perspective has been updated to the new Basic Protection Compendium Edition 2021. 

verinice 1.23 is scheduled for week 40 (October 4-8, 2021). The planning for this can be viewed in the verinice.FORUM. Native support for Apple M1, an update to Java 11 and an update of the RCP framework are already set. A decision on the CentOS successor should also be made by the time of the release in the fall.

Update: 1.22 to 1.22.1

With verinice 1.22.1, the verinice.TEAM fixes an error when updating a modelled information network to Edition 2021 of the IT-Grundschutz Compendium. Mistakenly, changes from the previous edition 2020 were not deleted during the remodelling but kept as "new" changes from the edition 2021. The problem is described in detail in this post in the forum: The problem can be easily corrected in verinice 1.22.1 by remodelling with the new version 9.1 of the IT-Grundschutz-Kompendium of Edition 2021 published in parallel. For each update (remodelling) from one edition of the IT-Grundschutz-Kompendium to a newer one, at least verinice 1.22.1 must be used!

IT-Grundschutz-Kompendium 9.1 Edition 2021

With the **IT-Grundschutz-Kompendium 9.1 Edition 2021**, the verinice.TEAM provides a new version of the IT-Grundschutz-Kompendium to correct the error fixed with verinice 1.22.1 when updating the IT-Grundschutz-Kompendium. The new version replaces the previous one with the same content, but the newer release tag [2021-1] enables the correction through simple re-modelling. Users who have modelled an information network without updating from a previous edition with the previous version *IT-Grundschutz-Kompendium 9 Edition 2021* can continue to use it. An update from version 9 to version 9.1 is not required. Note: For each update (remodelling) from one edition of the IT-Grundschutz-Kompendium to a newer one, at least verinice 1.22.1 must be used!

Ausschnitt Agenda der verinice.XP 2021 Tag 1

The final program for verinice.XP 2021 is online. For the first time, the conference will take place completely in digital form on February 24 and 25. The speakers will give their presentations live via Zoom – participants can follow the conference flexibly from any location. The agenda is published on the conference website, tickets are available for 99 euros.

The main language of the conference is German; have a look at this article about the program. If you would be interested in a verinice.XP in English or an Workshop please contact us at

About verinice.XP

verinice.XP is the conference for users of the OpenSource ISMS tool verinice.

For years, verinice.XP has brought together IT decision-makers, security managers and data protection officers from companies, institutions and public authorities. They all share the use of verinice for information security management or data protection management.

With verinice. SerNet GmbH provides the only open source tool for the management of information security (ISMS). In order to grow dynamically and to further advance the development of the software, the team is looking for additional members with immediate effect.

Three positions are currently open:

The verinice.TEAM works distributed at the locations Berlin (Mitte) and Göttingen (headquarters of SerNet). Interested parties can apply for both locations. Details on tasks, requirements and benefits are included in the respective job description.

About verinice.

verinice is the only tool for information security management under open source license. It is in use in 4 German states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public sector institutions, especially in critical infrastructures. For the industrial sector, verinice supports not only the IT Baseline Protection of the BSI but also the ISO 27001 and is used here by companies throughout Europe and also by the Council of the European Commission or European national banks.

Working at SerNet

You can find more information from SerNet about the working environment online, as well as further information about training, studying and women in STEM professions. Furthermore, you can read here how we deal with COVID-19 and working from home.

For questions about the positions or to apply (PDF format), please contact SerNet Managing Director Reinhild Jung at

The verinice.TEAM at SerNet has released a new version of the OpenSource ISMS tool verinice. From now on, verinice and verinice.PRO in version 1.21 are available for download in the verinice.SHOP or in the customer repository.

verinice 1.21 includes more than 50 new features, detail changes and bug fixes. Users get support for essential tasks:

  • In the modernised IT Baseline Protection, the consolidator can be used to transfer contents of modules, requirements, threats and measures to similar elements.
  • The target object Incident in the ISO/ISM perspective and in the perspective modernised IT Baseline Protection has been updated and now represents security incidents and data protection incidents.
  • verinice now supports the VDA ISA catalogue version 5.0.2. 
  • The target object Document has been extended extended.
  • The dialogue for report generation has been optimised and thus offers a context-related selection of report-templates.
  • Reports can be generated across multiple scopes if the report-template supports this function.
  • In the Link Maker, in addition to the scope the parent objects are now displayed for better assignment.
  • With the IT Baseline Protection Profiler it is possible to create a basic protection profile, including the documentation.

The most important new features are described in detail in the Release Notes.

If you have any questions regarding the new version, please contact the verinice.TEAM via the verinice-Forum (mainly German) or mail.  There you have the opportunity for discussion and also to formulate feature requests for future versions.

New dates for the demo "ISO 27001 in verinice.PRO" are scheduled for the 1st half of 2021 (January - June). Our team shows verinice in action for the implementation of an ISMS.


  • January 28, 2021, 10-11 a.m. (CET)
  • February 25, 2021, 10-11 a.m. (CET)
  • March 25, 2021, 10-11 a.m. (CET)
  • April 29, 2021, 10-11 a.m. (CET)
  • May 27, 2021, 10-11 a.m. (CET)
  • June 24, 2021, 10-11 a.m. (CET)

Registration & Agenda here.

Please note that we use GoToWebinar. The technical requirements for participation as well as the privacy policy are described on our webinar page.

verinice.XP Logo

verinice.XP is the conference for users of the OpenSource ISMS tool verinice. On February 24 and 25, 2021, it will take place for the first time in a new format as an online event. Tickets for the conference as well as for the preceding workshops on February 23 can be booked at Please consider that the conference language is German.

The organizing committee decided to switch to the new format due to the corona situation. Nadine Dreymann, who is responsible for verinice.XP at organizer SerNet, says: "Unfortunately, we have to do without in-person networking this time, but overall we see many advantages in a digital conference." Besides the obvious security factor, a virtual event opens up more flexible participation options. Speakers give their presentations live via zoom, so that participants can follow and engage in the conference from any location via the Internet. Dreymann: "Of course we will come up with ideas to make verinice.XP the usual high-quality and also buoyant experience".

Early-bird tickets for the online edition of verinice.XP 2021 are available at a price of 66 Euro. From December 12, 2020, the regular ticket will be available for 99 Euro.

The Call for Papers will run until December 11, 2020. Well-founded presentations and reference projects are still accepted for the agenda: IT security, data protection (EU-DSGVO) as well as KRITIS and industry standards will provide the participants with two days of information. Pioneering innovations in verinice will also have their place in the online program.

The workshops scheduled for the day before the conference (February 23) will also be held remotely. The topics are available for selection:

  • Implementation of modernized IT baseline protection in verinice (workshop with Ulf Riechen, Riechen Consulting)
  • Modernized IT baseline protection – the ultimate perspective (Workshop with Dirk Brand, Sila Consulting)

The costs for a workshop participation are 199 Euro. Further details on the contents can be found on the conference website at

B3S Krankenhaus

For the ISMS tool verinice, the sector-specific standard B3S Krankenhaus (hospital) is now available. It supports hospitals in implementing requirements for the protection of their information infrastructure. Users can apply the standard in the IT baseline protection or in the ISM/ISO perspective. The standard is published by the German Hospital Federation. As additional content for verinice, it can be purchased via the verinice.SHOP or downloaded from the verinice.PRO repository. Please note: This B3S is only available in German.

Hospitals with more than 30,000 inpatient cases per year are considered "critical infrastructures". They are subject to special legal requirements to protect their information infrastructure. To support this, the German Hospital Federation has developed the industry-specific security standard for hospital healthcare (B3S Krankenhaus). The verinice.TEAM at SerNet has prepared this standard for verinice: For the perspective of the modernized IT baseline protection all requirements are listed as well as sector-specific threats, which can be modeled in verinice on the IT organizations. In addition, a model of a sample hospital is available, which contains sample structures and thus facilitates the introduction. For the ISM/ISO perspective, an example organization has been created, which contains all central contents of the security standard (for the exact contents see the store at

Michael Flürenbrock, verinice-Product-Owner: "We are convinced that the combination of verinice and the sector-specific standard is a great help for hospitals in securing their information infrastructure". In addition, a data protection module could be used and this sensitive area for hospitals could also be covered by verinice. SerNet managing director Reinhild Jung also points out that verinice is 100% open source and 100% "Made in Germany". SerNet GmbH is the publisher of verinice and pursues an open source strategy with completely disclosed source code. Jung: "This in particular is an important contribution to security management for critical infrastructures.

Ulf Riechen and Dirk Brand (Sila Consulting) were actively involved in the implementation of the B3S Krankenhaus for verinice. Both are long-standing verinice.PARTNERs and experts. The verinice.TEAM was able to create the now available additional content based on their work and would like to thank them explicitly for their commitment! The verinice partners are an important part of the verinice ecosystem. With their proven expertise, they advise customers, among others with specialization in the healthcare sector, and help to continuously develop verinice according to customer experiences and requirements.

About verinice: verinice is the only tool for the management of information security under OpenSource license. It is used in 4 federal states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public institutions, especially for critical infrastructures. For the industrial sector, verinice supports the ISO 27001 in addition to theIT baseline protection of the BSI and is in use here at companies throughout Europe as well as at the Council of the European Commission and European National Banks. SerNet, as the publisher of verinice, also holds the trust seals "IT security made in Germany" and "IT security made in EU".

Logo verinice.XP

verinice.XP is the annual conference for users of the OpenSource ISMS tool verinice.  It is scheduled for 2021 on February 24 and 25, 2021 in Berlin. The Call for Papers has already started - the event committee of SerNet GmbH, he host of the conference, is looking forward to interesting submissions.

About verinice.XP

verinice.XP has been bringing together IT decision makers, security managers and data protection officers of companies, institutions and authorities for years. They are all connected by the use of verinice for information security management or data protection management. A social event for further discussions is planned for the evening of February 24, 2021 in the conference hotel. All participants of verinice.XP are cordially invited.

According to the current situation, SerNet GmbH may hold the verinice.XP as an online conference or hybrid format.

Workshops and Tickets

Exclusive workshops are planned for February 23, 2021. In small groups of participants, they are intended to facilitate an intensive exchange with colleagues and speakers. Participation in the workshop is possible independently from verinice.XP.

Tickets for the conference and the workshops will be available from the end of September 2020.

    Page 1 of 5.
  • 1
  • 2
  • 3

Search News

Press contact:

Claudia Krell


English languageDeutsche SpracheLingua italianaČeský jazyk
© SerNet GmbH, 2021