The security concept (Sicherheitskonzeption) is a central document in BSI IT-Grundschutz that consolidates all security measures for a defined information domain. It contains the results of the structural analysis, protection-requirement assessment, modelling, and target-actual comparison. In an ISO 27001 context it is conceptually equivalent to the Statement of Applicability (SoA) combined with the risk-treatment plan. You maintain the security concept as a living document, updating it whenever the IT landscape or business processes change.