Operators of critical infrastructure have two essential obligations:
a) To avoid disruptions in service by taking adequate precautions
b) To report significant material disruptions to the Federal Information Security Office (BSI)
The overarching objective is to guarantee the availability of this critical infrastructure. The measures taken are checked not to determine their economic efficiency, but instead to ensure that they are effective in achieving this overall objective. Specifically, "Organizational and technical precautions are appropriate if the effort involved is not disproportionate to the consequences of a failure or impairment of the affected critical infrastructure."
Industry-specific security standards
Critical infrastructure audits per §8a (3) BSIG examine how well companies have met these required precautions. When this requirement was established, the lawmakers granted industry associations to set up industry-specific security standards (B3S) for BSI approval. If a company implements these guidelines and passes an internal audit every two years, the BSI will assume that all the requirements have been met.
IPG's methods based on the BSI B3S guidelines ensures that your infrastructure will be ready for these audits. IPG also provides experienced IT experts and auditors with extended qualifications to perform §8a (3) BSIG audits.