§8a BSIG - discovered, explain
As an operator of critical infrastructures (KRITIS), you must prove every two years that your IT security is state of the art in accordance with Section 8a of the BSI Act. According to the BSI Criticism Ordinance (BSI-KritisV), proof is provided by means of a corresponding audit in accordance with Section 8a of the BSI-Act.
Critical infrastructures (KRITIS) are organisations and facilities that have a decisive impact on the state community. This includes the following sectors:
Government and administration
If these critical infrastructures fail or are impaired, lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences can be expected. If electricity and gas are missing, for example, important services can no longer be provided and life is almost unimaginable without a continuous supply of food and drinking water.
For this reason, the IT Security Act requires KRITIS operators to demonstrate a minimum level of IT security and to take appropriate state-of-the-art organisational and technical precautions to protect their IT systems, components and processes. This is intended to ensure the functionality of critical infrastructures. The law also stipulates that significant IT incidents, such as cyber attacks, must be reported to theFederal Office for Information Security(BSI).
With us, you provide the required proof: We test your IT security in accordance with the requirements of the IT Security Act and assess whether you have taken appropriate precautions with regard to your IT systems, processes and components in line with the state of the art.
As a certified IT security service provider, we fulfil the requirements of the BSI as a testing body for §8a BSIG - testing of critical infrastructures and have the corresponding testing procedure expertise. In addition, we also test according to industry-specific security standards (B3S).
BSI-compliant proof of IT security
You receive objective proof of fulfilment of the requirements of the IT Security Act.
Legal certainty through fulfilment of legal requirements
By complying with the requirements of the IT-SIG, you fulfil your legal obligations.
Improved IT security according to the state of the art
State-of-the-art security increases the security of your IT systems, processes and components.
Prevention of fines
By implementing the requirements, you minimise the risk of high fines as a result of violations.
Greater security of supply
By implementing the minimum level of IT security, you also improve the security of supply of your critical infrastructure.
Raise awareness among your employees
A KRITIS audit raises your employees' awareness of IT security issues & new threats.
Operators of critical infrastructures within the meaning of the IT Security Act are obliged by the BSI Criticism Ordinance to
ISO 27001 certification does not automatically cover the entire scope relevant for proof in accordance with Section 8a BSIG. This means that an ISO 27001 certificate can be used as part of a certificate - but not as a certificate itself - as long as certain general conditions are met.
According to Section 8a BSIG, proof must be provided regularly every two years. The deadline for providing follow-up proof is calculated on the basis of the letter from the BSI that each company receives in response to the submission of proof documents.
The IT Security Act, which has been in force since 2015, focuses on making Germany's IT systems and digital infrastructures the most secure in the world. The Act aims to improve the security of companies, information and the associated information technology in the form of regulations. This is because, particularly in the area of critical infrastructures, potential failures or impairments can lead to significant supply bottlenecks or jeopardise public safety. Regulations to improve the availability and security of IT systems, especially in the area of critical infrastructures, are therefore a central part of the IT Security Act.