The protection-requirement assessment is a key step in BSI IT-Grundschutz. For each asset you determine the protection need with respect to confidentiality, integrity, and availability. The basis is a set of defined damage scenarios and their evaluation. The result determines which building blocks and measures from the BSI Grundschutz Compendium must be applied. The method is also useful in an ISO 27001 context to structure the risk analysis. You document the protection-requirement assessment per asset and revise it when significant changes to the IT landscape occur.