Home   >   Services   >   ISMS - Security and Value of Information   >   IT Security Act & KRITIS

IT Security Act & KRITIS

The IT Security Act (IT-SiG) came into force on 25 July 2015. The IT Security Act aims to significantly improve the security of information technology systems (IT security) in Germany. Particular importance is attached to critical infrastructures (CRITIS), which are central to the functioning of the community. The sectors and industries of critical infrastructures are defined by the Federal Office for Information Security (BSI) and currently include ten sectors.

In addition, from May 2023, CRITIS companies are obliged to implement and actively use systems for attack detection (SzA). And finally, CRITIS companies are to prove the use of business continuity management systems (BCMS).



Obligations of KRITIS operators, including

  • Designation of a contact point in the area of IT security that can be reached at all times vis-à-vis the BSI.
  • Immediate notification of IT malfunctions worthy of reporting
  • Implementation of appropriate organisational and technical precautions to prevent malfunctions in accordance with the “state of the art”.
  • Proof of compliance with the requirements to the BSI (every two years)
  • From May 2023, use of a system for attack detection (SzA) and proof thereof

Our services

Your benefits

  • Compliance with the requirements of the IT-SiG
  • Proof of a systematic approach to safeguarding against IT security threats with regard to customers, partners and insurance companies
  • Protection of your critical business processes
  • Overview of your IT risks and thus the possibility of introducing appropriate security measures
  • Effective increase of information security
  • Investment targeting
  • After successful certification: proof of quality and competitive advantage