Home   >   Services   >   ISMS - Security and Value of Information   >   IT Security Act & KRITIS

IT Security Act & KRITIS

The IT Security Act (IT-SiG) came into force on 25 July 2015. It aims to achieve a significant improvement in the security of information technology systems (IT security) in Germany. Special significance is attached to Critical Infrastructures (KRITIS), which are central to the functioning of the public community. The sectors and branches of Critical Infrastructures are defined by the Federal Office for Information Security (BSI) and currently comprise nine sectors. With the expected IT-SiG 2.0, the scope is to be extended to other KRITIS sectors.


Obligations of KRITIS operators, including

  • Naming of a contact point in the area of IT security that can be reached at any time to the BSI
  • Immediate notification of reportable IT incidents
  • Relisation of appropriate organisational and technical precautions to avoid malfunctions according to the “state of the art”
  • Proof of compliance with the requirements to the BSI (every two years)

Our services

Your benefits

  • Compliance with the requirements of the IT-SiG
  • Proof of a systematic approach to safeguarding against IT security threats with regard to customers, partners and insurance companies
  • Protection of your critical business processes
  • Overview of your IT risks and thus the possibility of introducing appropriate security measures
  • Effective increase of information security
  • Investment targeting
  • After successful certification: proof of quality and competitive advantage