Conducting audits in accordance with the requirements of the IT Security Act.
Operators of Critical Infrastructures (KRITIS) are required under the IT Security Act (§ 8a (3) BSI Act) to demonstrate every two years to the Federal Office for Information Security (BSI) that their IT security measures comply with the current state of the art. This proof must be preceded by an audit conducted by an independent body. Such a body can be a BSI-certified service provider like TÜV TRUST IT, a certification body accredited by DAkkS such as TÜV AUSTRIA Deutschland GmbH, or an independent internal unit (e.g., internal audit).
To standardize the required proof and support KRITIS operators, the BSI held a “multipliers workshop” in February 2017. Together with associations and training providers, a training concept was developed to equip auditors with the necessary audit procedure competence for § 8a (3) BSI Act.
TÜV TRUST IT also participated in this workshop and has since held the audit procedure competence in accordance with § 8a (3) BSI Act, which it now applies in various customer projects. TÜV TRUST IT’s training portfolio will also be expanded to include a course for acquiring this audit competence, enabling TÜV TRUST IT to act as a training provider for this qualification.
For more information, please contact Safiye Paulitsch at +49 221 / 969789-17 or safiye.paulitsch@it-tuv.com.