Additional test procedure competence § 8a BSIG (KRITIS)

We offer individual consulting and seminars for all management topics

By fulfilling the requirements of the BSIG as well as the KRITIS Ordinance with its associated regulations, create the conditions for the protection of your data and other information assets by means of a pragmatic information security management system (ISMS).

KRITIS operators are required to take state of the art precautions to avoid disruptions. These must be proven to the Federal Office for Information Security (BSI). KRITIS operators have a duty to register with legally designated reporting offices. If faults or failures occur, they also have an obligation to report to these bodies. We support you and tackle the problems together with you!

We are available to you for a fixed monthly flat rate for the fulfilment of all tasks of an external ISB / CISO, completely without hidden costs.

KRITIS areas concern the general welfare of the population. Disruptions or failures of such systems lead to considerable problems for society as a whole. To prevent this from happening, our expert advises you on what you need to pay attention to as an operator of critical infrastructures. To this end, he will conduct an audit with you to determine the need for optimisation in your company. His advice also includes familiarising you with the basics of the IT Security Act. Together with you, he also goes into the BSI-KRITIS regulation – The audit basis of an external auditor is the industry-specific B3S or ISO 27001. In close cooperation, you create the audit evidence according to the IT Security Act and thus bring you to certification readiness.

Führungskräfteentwicklung Seminar Chemnitz
Project Process

(As-is analysis / information security audit) according to current specifications for critical infrastructures System and process audit Compliance with information security specifications from current specifications for critical infrastructures that conform to standards

2. Dokumentation

Creation of a comprehensive project plan for the efficient and effective implementation of all requirements

3. implementation

(depending on the sector)

  • In-depth asset and risk management In-depth asset and risk management as prerequisites of all further measures in connection with emergency management.
  • IT security as an essential building block of current information security
  • Infrastructural security, e.g. through the creation and definition of security zones, organised visitor management, etc.
  • Creation of organisation-specific technical and organisational guidelines, e.g. on passwords, encryption, etc.
4. effectiveness test

Internal review audit before the final certification audit

5. continuous improvement process (CIP)

by designating as external Information Security Officer (ISB) / Chief Information Security Officer (CISO)

Additional test procedure competence § 8a BSIG (KRITIS)