The new IT Security Catalogue in accordance with § 11 Paragraph 1b of the Energy Industry Act refers to generating plants, storage facilities, gas production plants and gas stores. These must provide proof of ISO 27001 certification by March 31, 2021.
In order to ensure that a certification can be effected within the stipulated deadline, the ISMS rollout should be completed a few months beforehand, since internal audits have to be carried out. With only a few exceptions, all grid operators are affected by the security requirements of the IT Security Catalogue.
Current implementation status
Our experience from the past few months has shown that many grid operators are not very far advanced yet with the introduction of their ISMS according to ISO 27001, taking into account ISO 27019. Some of the reasons for this are a tight planning, the complex nature of the ISMS introduction regarding the special requirements placed on grid operators, the identification of potential threats and risks or a lack of resources.
Support through TÜViT
You have already started the rollout of your ISMS and you would like to determine the current status of its implementation:
- we will be pleased to carry out a gap analysis that takes into account ISO 27019. This will provide you with an assessment of the maturity level of your ISMS with respect to the forthcoming ISO 27001 certification, including measures to identify any gaps.
You have not yet started the rollout of your ISMS:
- we can provide you with support in the form of workshops when you will begin to set up your ISMS
- we will advise and support you in setting up and implementing your ISMS on the basis of a specifically developed process model which takes into account (among other things) the field of application, the protection requirements assessment, the preparation of a grid structure plan, the compilation of documents and the setting-up of processes
- we will also help you with the consolidation of documents and processes from other standard specifications such as quality management
- we can provide you with support with the evaluation and assessment of risks associated with information security using risk assessments
Your benefits at a glance
- extensive experience in the field of ISO 27001: TÜViT has successfully carried out more than 600 ISMS projects – also among energy suppliers and grid operators
- our auditors have an additional qualification for the energy sector
- our IT security experts are registered as (lead) auditors for ISO 27001, certified by the BSI as audit team leaders for ISO 27001 on the basis of the “BSI IT-Grundschutz” standard and as IS auditors
- our IT security experts help to develop the Technical Guideline TR-03109 for the Smart Meter Gateway and are authorized by the BSI to work as auditors for TR-03109