ISO 27001 for the energy industry

The new IT Security Catalogue in accordance with § 11 Paragraph 1b of the Energy Industry Act refers to generating plants, storage facilities, gas production plants and gas stores. These must provide proof of ISO 27001 certification by March 31, 2021.

In order to ensure that a certification can be effected within the stipulated deadline, the ISMS rollout should be completed a few months beforehand, since internal audits have to be carried out. With only a few exceptions, all grid operators are affected by the security requirements of the IT Security Catalogue.


Current implementation status

Our experience from the past few months has shown that many grid operators are not very far advanced yet with the introduction of their ISMS according to ISO 27001, taking into account ISO 27019. Some of the reasons for this are a tight planning, the complex nature of the ISMS introduction regarding the special requirements placed on grid operators, the identification of potential threats and risks or a lack of resources.

Support through TÜViT

You have already started the rollout of your ISMS and you would like to determine the current status of its implementation:

  • we will be pleased to carry out a gap analysis that takes into account ISO 27019. This will provide you with an assessment of the maturity level of your ISMS with respect to the forthcoming ISO 27001 certification, including measures to identify any gaps.

You have not yet started the rollout of your ISMS:

  • we can provide you with support in the form of workshops when you will begin to set up your ISMS
  • we will advise and support you in setting up and implementing your ISMS on the basis of a specifically developed process model which takes into account (among other things) the field of application, the protection requirements assessment, the preparation of a grid structure plan, the compilation of documents and the setting-up of processes
  • we will also help you with the consolidation of documents and processes from other standard specifications such as quality management
  • we can provide you with support with the evaluation and assessment of risks associated with information security using risk assessments

Your benefits at a glance

  • extensive experience in the field of ISO 27001: TÜViT has successfully carried out more than 600 ISMS projects – also among energy suppliers and grid operators
  • our auditors have an additional qualification for the energy sector
  • our IT security experts are registered as (lead) auditors for ISO 27001, certified by the BSI as audit team leaders for ISO 27001 on the basis of the “BSI IT-Grundschutz” standard and as IS auditors
  • our IT security experts help to develop the Technical Guideline TR-03109 for the Smart Meter Gateway and are authorized by the BSI to work as auditors for TR-03109

You have questions? We are pleased to help!

Gerald Krebs

Global Account Manager

+49 201 8999-411
Fax : +49 201 8999-666

Alexander Padberg

Sales Manager

+49 201 8999-614
Fax : +49 201 8999-666

Further services

ISO 27001

As a certified IT security service provider by the German Federal Office of Information Security (BSI), TÜViT supports companies and public authorities with the planning, implementation, monitoring and continuous improvement of their information security management system.


With a certification under ISO 27001 based on the “BSI IT-Grundschutz” standard, you show your customers and business partners the importance you associate with IT security, since the level of your information security fulfills the requirements of the BSI.
Read more

Audits according to the BSI C5 Catalog

Are you a cloud service provider looking for an objective assessment of your current cloud infrastructure? We offer audits according to the BSI C5 Catalog.
Read more