Audit & Standards Implementation

  • Home
  • Audit & Standards Implementation
Audit & Standards Implementation

Expanded EU RED directive enforces higher standards for IoT security from 2024 onwards

Information and communication technology (ICT) has turn an integral part of our everyday experiences. In light of this, businesses and individuals face a constant threat from hackers looking for and exploiting vulnerabilities. This highlights how important security, protection and privacy are for all of us and for our business activities.

Due to socially critical aspects, cyber security has also become a compliance issue. In Europe, for example, data protection is regulated by the General Data Protection Regulation (GDPR). Essential service operators and digital service providers must comply with the EU Network and Information Security (NIS) Directive.

How can you ensure that both your business and your systems are protected and legally compliant? In answer to this question, many standards, best practices and guidelines such as #ISO_27001, #IEC_62443, #BSI_C5, #ISO_27017 for cloud security, #OWASP guidelines, NIST guidelines can be referred to.

As a global leader, Teligencia provides the independent cyber security services you need to assess and certify your IT systems.

 

OUR SERVICES

We are increasingly dependent on information technology to manage our most important business processes in both our professional and personal lives. Every new service is inevitably connected through IT systems, networks, software and the Internet. This in turn makes them more vulnerable to hostile or unforeseen security breaches. At Teligencia, we independently verify that you (and your suppliers) comply with cyber security regulations and standards to reduce this risk.

FOR PROCESSES

  • security management systems (ISO 27017, ISO 27018, ISO 27031, ISO 27001 ISMS)
  • IT service management systems (ISO 20001-1 ITSMS)
  • IEC 62443 Industrial security. IEC 62443-4-1, IEC 62443-4-2 and ETSI EN 303 645
  • TISAX®, eIDAS certification
  • Automotive ISO/SAE 21434
  • Verification of security maturity
  • IT risk assessment (site)
  • Supplier security Assesment
  • Privacy / Data Protection / ISO 27701 PIMS / BVC TS for GDPR
  • ISAE 3000 / 3402 audit
  • Forensics readiness

 

FOR TECHNOLOGIES

  • Potential threat modeling / design review / code review
  • Vulnerability analysis & intrusion testing
  • Cloud security
  • Red Teaming
  • Secure Software Development Lifecycle (S-SDLC)
  • SIEM/SOC testing

FOR PEOPLE

  • Information security awareness and compliant behavior (security awareness)
  • Phishing testing
  • social engineering
  • Training (e.g. cloud security, mobile app security, hands-on hacking)

Special Services

AUDITING OF CRITICAL INFRASTRUCTURES (KRITIS) ACCORDING TO §8A (3) BSIG | TELIGENCIA & EUROFINS E&E

In order to protect critical infrastructures (KRITIS) in particular, the failure of which can have drastic consequences for companies, the economy, society and, in the worst case, even the state, the German government has significantly expanded the CRITIS regulation with the IT Security Act 2.0.

The German Federal Office for Information Security (BSI) defines critical infrastructures (KRITIS) as “organizations and facilities of major importance to the state polity, the failure or impairment of which would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences”.

Why Choose us?

Teligencia Certification accompanies you through your KRITIS audit to help you meet the BSI’s verification requirement.

The scope of a KRITIS audit is more extensive than that of an ISO/IEC 27001 certification, for example. In this way, a higher security standard is to be achieved.

WHICH ORGANIZATIONS SHOULD HAVE A KRITIS AUDIT PERFORMED?

All organizations that belong to the following nine sectors / industries are considered Critical Infrastructures (KRITIS), regardless of their size:

  • State & Administration
  • Energy & Water Supply
  • Healthcare & Food
  • Information Technology & Telecommunications
  • Transportation & Traffic
  • Media & Culture
  • Finance & Insurance

In addition, the applicable legal ordinance of the IT Security Act defines who is considered to be an operator of a critical infrastructure. Rule thresholds are used for this purpose. Detailed information on the new KRITIS Regulation 2.0 can be found on the OPENKRITIS website.

YOUR KRITIS AUDIT

The Federal Office for Information Security (BSI) is the central reporting point for KRITIS audits. According to §8a (3) BSIG there are among others the 3 following possibilities for the audit:

 

  1. Audit based on standards from the field of information security (e.g. ISO 27001 family of standards).
  2. Audit based on an industry-specific security standard recognized by the BSI (B3S)
  3. Audit without the use of an industry-specific security standard

 

As a general rule, all critical infrastructures must establish an information security management system (ISMS) and have it audited every 2 years. In exceptional cases (e.g., after a security incident), interim audits may be mandatory. Any risks, problems and/or attacks must be reported to the BSI.