KRITIS Auditing and Consulting

The KRITIS operator must commission an auditing body to fulfill its reporting obligation to the BSI. This body assembles a suitable, qualified, and independent audit team and conducts the audit according to § 8a BSIG. At the instigation of the BSI, auditing firms are considered suitable auditing bodies. Furthermore, we maintain high quality and reliability standards for all auditing activities. Thanks to our broad spectrum of experienced auditors, we are available as industry experts with the necessary industry-specific information security expertise, as well as the additionally required audit procedure expertise for § 8a BSIG.

KRITIS Consulting

• Support in implementing the requirements according to the IT Security Act and BSI-KritisV
• Tailored security concepts for your specific infrastructure and industry.
• Risk analysis & vulnerability management for identifying and assessing threats to your critical systems.
• Conducting internal audits
• Support for audit preparation / Compliance audits
• Consulting on the use of systems for attack detection or other security solutions

KRITIS Compliance Audit According to § 8a Paragraph 3 BSIG

• Conducting the compliance audit according to § 8a Paragraph 3 BSIG, including auditing of systems for attack detection according to § 8a Paragraph 1a BSIG
• Audits based on
  • ISO 27001 standard,
  • the B3S (if available in your industry) or
  • the specification of requirements for the measures to be implemented according to § 8a Paragraph 1 and Paragraph 1a BSIG
• Creation of the audit plan, the list of deficiencies, and the required verification documents for the BSI (Federal Office for Information Security)