usd Experts Provide Support for Successful KRITIS Proof of Compliance

6. August 2025

With several data centers spread across the globe, a European cloud hosting provider offers critical services to its customers around the world. This means that in Germany, it falls under Section 39 (formerly Section 8a) (3) of the BSIG (German Federal Security Act) and must undergo regular KRITIS audits. The auditors at usd AG accompanied the cloud hosting provider during its last audit.

KRITIS Audit at a Record Pace

Like all KRITIS operators, our customer is obliged by the German Federal Office for Information Security (BSI) to take appropriate precautions to protect its information technology systems, components and processes. These must correspond to the current state of the art, and full compliance with all measures must be demonstrated on a regular basis. Since proof must be provided for certain industries within a cycle specified by the BSI, the company and the usd auditors had only two months to complete the KRITIS project.

Efficient Audit Mechanisms for a Quick and Successful KRITIS Audit

As an IT security consulting company with many years of experience in a wide range of consulting and audit projects, usd was the ideal partner for the KRITIS audit. Our team of KRITIS experts joined forces to support the customer with a vast amount of experience and specialized tools. The in-depth technical know-how of our experts enabled us to carry out the audit very efficiently at such a high-tech company with a complex IT landscape. This enabled the customer to submit the KRITIS certificate to the BSI on time in accordance with Section 39 (formerly Section 8a) BSIG - while at the same time sustainably improving the customer's IT security level.

"Successfully completing a KRITIS audit from start to finish in just two months is an ambitious project. Our audits are precise and in-depth, yet extremely efficient, saving the client both time and money. We are particularly proud of our team, which can handle such a demanding project with its size and expertise. Of course, this only works if the client shows a great deal of commitment too, which was absolutely the case with our project partners."

Vinzent Ratermann, Managing Security Consultant and Expert for Critical Infrastructure, usd AG
Vinzent Ratermann, Wearing a Shirt and a Pullover, Managing Security Consultant and Expert for Critical Infrastructure

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories