Expanded EU RED directive enforces higher standards for IoT security from 2024 onwards
Information and communication technology (ICT) has turn an integral part of our everyday experiences. In light of this, businesses and individuals face a constant threat from hackers looking for and exploiting vulnerabilities. This highlights how important security, protection and privacy are for all of us and for our business activities.
Due to socially critical aspects, cyber security has also become a compliance issue. In Europe, for example, data protection is regulated by the General Data Protection Regulation (GDPR). Essential service operators and digital service providers must comply with the EU Network and Information Security (NIS) Directive.
How can you ensure that both your business and your systems are protected and legally compliant? In answer to this question, many standards, best practices and guidelines such as #ISO_27001, #IEC_62443, #BSI_C5, #ISO_27017 for cloud security, #OWASP guidelines, NIST guidelines can be referred to.
As a global leader, Teligencia provides the independent cyber security services you need to assess and certify your IT systems.
We are increasingly dependent on information technology to manage our most important business processes in both our professional and personal lives. Every new service is inevitably connected through IT systems, networks, software and the Internet. This in turn makes them more vulnerable to hostile or unforeseen security breaches. At Teligencia, we independently verify that you (and your suppliers) comply with cyber security regulations and standards to reduce this risk.
AUDITING OF CRITICAL INFRASTRUCTURES (KRITIS) ACCORDING TO §8A (3) BSIG | TELIGENCIA & EUROFINS E&E
In order to protect critical infrastructures (KRITIS) in particular, the failure of which can have drastic consequences for companies, the economy, society and, in the worst case, even the state, the German government has significantly expanded the CRITIS regulation with the IT Security Act 2.0.
The German Federal Office for Information Security (BSI) defines critical infrastructures (KRITIS) as “organizations and facilities of major importance to the state polity, the failure or impairment of which would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences”.
Why Choose us?
Teligencia Certification accompanies you through your KRITIS audit to help you meet the BSI’s verification requirement.
The scope of a KRITIS audit is more extensive than that of an ISO/IEC 27001 certification, for example. In this way, a higher security standard is to be achieved.
WHICH ORGANIZATIONS SHOULD HAVE A KRITIS AUDIT PERFORMED?
All organizations that belong to the following nine sectors / industries are considered Critical Infrastructures (KRITIS), regardless of their size:
In addition, the applicable legal ordinance of the IT Security Act defines who is considered to be an operator of a critical infrastructure. Rule thresholds are used for this purpose. Detailed information on the new KRITIS Regulation 2.0 can be found on the OPENKRITIS website.
YOUR KRITIS AUDIT
The Federal Office for Information Security (BSI) is the central reporting point for KRITIS audits. According to §8a (3) BSIG there are among others the 3 following possibilities for the audit:
As a general rule, all critical infrastructures must establish an information security management system (ISMS) and have it audited every 2 years. In exceptional cases (e.g., after a security incident), interim audits may be mandatory. Any risks, problems and/or attacks must be reported to the BSI.