1. Overview
In an increasingly digitalized world, the security of critical infrastructures (KRITIS) plays a decisive role in public safety and the maintenance of important social functions. Section 8a (3) of the German Federal Office for Information Security Act (BSIG) sets the framework for the security requirements that KRITIS companies must fulfill. As an accredited certification body, we have already carried out audits in various KRITIS areas. These not only fulfill the legal requirements, but also strengthen their resilience to threats.
2. What are critical infrastructures?
Critical infrastructures include organizations, facilities and companies that are important to the community and whose failure or impairment would lead to sustained supply bottlenecks, significant disruption to public safety or other serious consequences. These include sectors such as energy, water, health and finance. The security of these infrastructures is now more closely linked to digital security than ever before.
3. Article 8a para. 3 BSIG at a glance
Article 8a para. 3 BSIG requires operators of critical infrastructures to take appropriate organizational and technical precautions to prevent disruptions. These legal requirements aim to increase the resilience of these essential services to attacks, external threats and other security risks. The Federal Office for Information Security plays a central role in this by setting standards and demanding proof.
4. Advantages of the audit
The audit offers far more than just compliance with legal requirements. It strengthens the overall security of your company, minimizes the risk of security incidents and protects essential business processes. Another benefit is the increased confidence of your customers and business partners in your ability to protect sensitive information and critical services.
5. The audit process
As an operator of critical infrastructure, you must implement the specific security measures set out in the BSIG and associated ordinances. This is where we come in to check and verify the appropriateness of the measures. We carry out a detailed review of your security concept and its implementation. This includes aspects such as ISMS, organizational guidelines and processes or technical security solutions. Once the audit has been completed, operators of critical infrastructure must demonstrate ongoing compliance to the BSI at least every two years with a new audit.
Frequently Asked Questions
The price for an audit of critical infrastructure in the context of Article 8a BSIG is highly dependent on the size of your organization. The decisive cost factor is the audit days, i.e. the time spent by the auditors/experts. Please contact us for an individual offer.
The duration of the audit of critical infrastructures is calculated individually by the certification body. Please contact us for an individual offer.
After the audit, all relevant test documents, which are to be completed by us, are issued by the certification body for submission to the BSI and sent to you.
The BSI Act stipulates this every two years.
The BSI provides a series of recommendations for such measures, including topics such as risk management, access control, data protection and physical security.
State of the art refers to the current level of technological developments, but also to recognized best practices in the field of IT security. Above all, technological up-to-dateness and adaptation to the constantly changing threat situation are key factors here.
The consequences of non-compliance or major deviations can be both legal and financial, including fines, requirements or liability risks. Please contact the BSI directly for more information.
No certificate will be issued. After the test, all relevant test documents, which are to be completed by us, are issued by the certification body for submission to the BSI and sent to you