The IT security law defines requirements for information security for KRITIS companies.
Do you fall under the criteria of critical infrastructures (KRITIS)?
Сompanies operating in the economic sectors of energy (electricity, gas, mineral oil), water (public water supply, public sewage disposal), nutrition (food industry, food trade), health (medical care, pharmaceuticals and vaccines, laboratories), information technology and telecommunications, Finance and insurance (banks, stock exchanges, insurance companies, financial service providers), transport and traffic (aviation, maritime, inland navigation, rail transport, road transport, logistics), potentially fall under the criteria of critical infrastructures.
Are you KRITIS? What do you have to do?
As a KRITIS company, you are obliged to regularly check whether you exceed the thresholds of the KRITIS regulation. If this is the case, you must implement organizational and technical measures to avoid disruptions in your critical service. In addition, you are obliged to demonstrate implementation at least every two years by means of appropriate audits.
How can abat support you with the implementation of the KRITIS requirements?
To largely meet the requirement, you can e.g. set up an information security management system (ISMS) in accordance with ISO 27001, IT Grundschutz or the framework Cybersecurity (NIST). We would be happy to assist you with the implementation of an ISMS or, if you wish, advise you only in some areas, e.g. when performing risk analyzes, employee training for security awareness or with outsourcing checks of your service providers. We take industry-specific requirements into account. Furthermore, we can support you in the implementation of the IT security catalog for network operators and various B3S.
Why should you choose abat?
To ensure that information security can be promoted in your company and that you are well equipped for certification and testing processes, abat offers you consulting services in this area. Our consultants are licensed as an ISO 27001 auditor at DEKRA Certification GmbH. Furthermore, we have many years of experience in this area and have the additional test procedure competence according to § 8a BSI law. Regular training courses ensure that we are guided by current standards. Our goal is to inform you about dangers in IT or to prepare you for an exam.
Free initial consultation to analyze your needs
During the first consultation, you define your initial situation and we clarify the first questions. This appointment is free of charge and non-binding for you.