TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, is one of only four security specialists certified by the BSI for all areas of application: penetration testing, IS auditing, and IS consulting.
TÜV TRUST IT has now been certified by the Federal Office for Information Security (BSI) as an IT security service provider for penetration testing, having already received certification for IS auditing and consulting back in 2012. Worldwide, only four security specialists hold BSI recognition as IT security service providers across all areas of application.
These certifications are intended to support federal authorities in selecting qualified IT security service providers. Government organizations with security-sensitive environments, in particular, have high demands regarding the expertise, reliability, and independence of their service partners. This also applies to penetration tests, which are used to assess the security of system components and applications within a network or software system. Since test scenarios can only be standardized to a limited extent due to the individual circumstances of the institution being tested, execution should be entrusted to experts with proven know-how and extensive experience.
“Unlike audits that identify vulnerabilities, penetration tests are risk-based assessments in which targeted attacks are simulated within defined scenarios,” explains Detlev Henze, Managing Director of TÜV TRUST IT. “The results form the basis for a well-founded risk assessment, which is supplemented in the final report with concrete recommendations for improvement for the organization under review.”
With the BSI certification, TÜV TRUST IT has confirmed its specialized competencies required for conducting penetration tests in federal authorities. “This places us among the only four security specialists certified for both penetration testing and IS auditing and consulting in federal institutions,” Henze emphasizes, highlighting TÜV TRUST IT’s unique position in the security services market.
The recognition for IS auditing and consulting was obtained three years ago. This certification enables TÜV TRUST IT to support authorities in developing and implementing security concepts based on IT-Grundschutz, conducting regular IS audits, or performing security reviews in critical business processes, as required by the 2007 Implementation Plan for Federal Administration [UPBund]. Authorities can commission a TÜV TRUST IT audit team to assess the effectiveness of their security organization and determine whether the institution complies with prescribed standards and legal requirements in the field of information security.
TÜV TRUST IT also offers comparable services for IS auditing, consulting, and penetration testing to commercial enterprises. “BSI certification of IT security service providers not only helps public authorities but also provides valuable guidance for companies seeking to choose a partner with top-level expertise and distinguish quality providers from the rest. That’s why we see our certification as a key differentiator even outside the public sector,” Henze explains.