According to Section 39 (formerly Section 8a) (1) BSIG, operators of critical infrastructures (KRITIS) in Germany are obliged to take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity and confidentiality of their information technology systems. These security measures must correspond to the current state of the technical standard.
The KRITIS audit is due in 2025 for the following sectors:
- Finance and Insurance
- Transport and Traffic
- Health
The KRITIS Regulation defines a total of ten sectors that provide critical services to the general public. KRITIS operators are obliged to provide the Federal Office for Information Security (BSI) with evidence every two years that they have implemented cyber security measures in accordance with the state of the art. These audits must be initiated by the operators themselves.
If you need help or advice with your KRITIS audit, please contact us. We are happy to help.
