Recommendation for setting up and configuring clients (for DP coordinators)

Institutes and institutions may operate IT themselves and are therefore also able and obliged to set up and maintain the workstations and other clients in their area. It is recommended that this be done according to the principles listed here, of course taking into account the requirements of the respective institute or institution.

Basic considerations

IT security is not a matter of setting it up once, it is an ongoing process. Therefore, one must always ask oneself:

What would be the consequences if the data from this device were to fall into the hands of strangers and what measures can I take to prevent this?

What would the consequences be if important data on this device were changed, whether by malicious intent or even by technical error, and what can be done about it?

What would happen if this device suddenly failed and how can I prevent this or reduce the consequences?

What would be the consequences of a “catastrophic event” (for example, a fire, water damage, …) – does the data on this device have to be stored outside the building, for example?


Further information

The pages of the Federal Office for Information Security (BSI) in particular contain a lot of further, concrete and detailed information on the configuration of terminal devices and many other topics related to IT security.

Special reference should be made to the following pages and documents:


The companies in whose name the fraudsters act are also in trouble. This is because they often suffer damage to their image. It is difficult to combat phishing because the fake sites are hardly distinguishable from the real ones and many users are thus fooled. In some countries, many companies have already joined forces to form the Anti-Phishing Working Group On their website, you can report phishing e-mails and find out which ones are already known. In Germany, a new interdisciplinary association of scientists from the Ruhr University in Bochum has taken on the phishing problem. The “Working Group on Identity Abuse on the Internet” (A-I3) not only provides up-to-date information on IT security topics on its online portal, but also concrete assistance and tools.

Further information can be found on the site:

Measures for setting up and configuring clients (for IT coordinators)