Critical infrastructures (CRITIS) are organizations and facilities of vital importance to the governmental community, the failure or impairment of which would result in sustained supply shortages, significant disruptions to public safety, or other dramatic consequences.*

With the German IT Security Act (IT-SichG) passed in June 2015, operators of critical infrastructures are required to adequately secure the IT necessary for the provision of their critical services in accordance with the state of the art and to undergo a corresponding audit every two years and report the results to the Federal Office for Information Security (BSI).

German IT Security Act (IT-SichG) 2.0

The so-called “IT Security Act 2.0” came into force on May 28, 2021.

Among other things, it takes into account the new EU regulations EU NIS2 and EU RCE.

This results in new requirements for operators of critical infrastructures, such as the obligation to

  • to install attack detection systems (mandatory from 01.05.2023)
  • new reporting obligations for the CRITIS operators, but especially for the so-called UNBÖFI (companies in special public interest)
  • Inventory and notification of so-called “critical components” and the possibility for the authorities to prohibit their use.

* see BSI: What I have to do as a KRITIS operator?

The KRITIS Competence Network

The auditors trained for KRITIS audits in our network come from the industries listed in the Kritis Ordinance (BSI-KRITISV) and support you in the necessary preparation for your audit. Depending on the requirements of auditing bodies within the meaning of the Act, they support the auditing teams with their existing competencies in accordance with the IT Security Act (IT-SichG).

We train auditors according to § 8 a (3) BSIG.

Together with the ISACA Germany Chapter e.V. we offer the advanced training:

“Zusätzliche Verfahrenskompetenz § 8a BSIG”:

Should you – due to the size or the special concern of your company – want to train auditors yourself, we also offer corresponding seminars – gladly also in-house, depending on the urgency also on the weekends – in order to keep the training costs low for you.

Dates for in-house training can be requested directly from us in Germany:

Auditing bodies for which we are active

We are a member of AUDEG – Deutsche Auditoren eG (German Auditors Association) and can recommend auditors with special industry knowledge as well as the possibility – after completion of the current accreditation preparations – of a neutral and competent “verifying body” in the sense of the BSIG. We also work as auditors for auditing companies that are recognized as “examining bodies”.

We accompany you during the audit and – should it be necessary – conduct the discussions with the BSI together with you, as we maintain a close and trusting contact with the Federal Office and also know their requirements.

We can help you, take the first step!