Project Example: VU-ARGE

Home   >   References   >   Smaller and Medium-Sized Energy Suppliers now Securely Positioned

Smaller and Medium-Sized Energy Suppliers now Securely Positioned

The implementation of the IT security catalogue with the introduction of an information security management system normally represents a technical and economic challenge that is difficult to meet for small to medium-sized energy suppliers. But not for the member utilities of the Arbeitsgemeinschaft Versorgungsunternehmen (VU-ARGE). They were supported by TÜV TRUST IT on the basis of a framework agreement and are now prepared for the challenges in IT security.

Initial situation

For more than 30 years, small and medium-sized utility companies from all over Germany have been organising themselves within the framework of the Arbeitsgemeinschaft Versorgungsunternehmen (VU-ARGE) in order to make use of purchasing synergies and exchange expertise. They work regularly in specialised work groups on the advancement of solutions, whereby also smaller supply enterprises can bring themselves in actively. The win-win situation thus established enables VU-ARGE to provide its member companies with tailor-made innovations at limited expense.

In this way, TÜV TRUST IT GmbH has since 2015 helped implement the IT security catalogue (IT-SiKat) in accordance with §11 of the Energy Industry Act, by means of the introduction of an information security management system (ISMS). “A competent and reliable partner in all questions of IT security, which enables a uniform procedure and thus a close exchange between the member plants”, says Stefan Babis, CEO of VU-ARGE.

Approach

On the basis of a framework agreement for the members of the VU-ARGE, cooperation on the IT-SiKat was agreed with almost 30 member companies and at the same time an ISMS work group was established as a forum for a regular exchange of information. The requirements were implemented using the ISMS framework of TÜV TRUST IT. It provides all the necessary document templates required for the development and operation of an ISMS and helps to save financial and personnel costs.

In the meantime, most of these suppliers have been successfully certified, and monitoring audits are currently pending. With TÜV Austria Germany, the TÜV Austria Group also offers these certification services, as has been noticed by many suppliers. In addition, some of the member plants have already extended their scope of application of the ISMS or are planning an extension, for example with regard to water supply. In addition, numerous member plants carry out penetration tests with the support of TÜV TRUST IT. As the IT security specialist, TÜV TRUST IT now represents the leading IT security service provider within the VU-ARGE.

Benefits

“A close, trusting, partnership-based cooperation was established”, says for example Karl-Heinz Kolb, Managing Director of Stadtwerke Neustadt a. d. Aisch, with satisfaction. Andy Hoffmann, Managing Director of Stadtwerke Finsterwalde, can only confirm this because he had had negative experiences with another service provider before joining the VU-ARGE. However, he also mentions other positive experiences: “For example, it was an additional advantage for us that we received very helpful support in communication with the Federal Network Agency.” The close cooperation continues in the working group Information Security Management Systems (AK ISMS), which was set up by TÜV TRUST IT together with the member companies and serves in particular the intensive exchange of experience between the participating utility companies. The AK ISMS is supported by TÜV TRUST IT with background knowledge, trends and regulatory news. Thus a forum has been created, in which the suppliers can discuss technical questions also after project conclusion.
Satisfaction exists with the service partner not only with regard to the culture of cooperation, but also from a technical point of view. “At VU-ARGE, we were able to prove that our ISMS framework is also excellently suited for small to medium-sized utility companies to set up a certifiable ISMS”, says Axel Amelung, Key Account Manager for utility companies at TÜV TRUST IT. He also points out that the member companies are now excellently positioned for all IT and information security requirements. “We are very pleased that this lively working group has been so well received by our customers – especially after the hurdle of the initial certification was successfully overcome”, Amelung notes and adds: “Furthermore, participation can be used as proof of the required training.” TÜV TRUST IT will gladly continue to organise this open working group.