Jump to the main content

News article

TÜV TRUST IT has been appointed an inspection body by BSI within the meaning of the IT Security Act

  •   06/26/2017
  •   Created by TUEV AUSTRIA

TÜV TRUST IT GmbH of TÜV AUSTRIA Group of Companies is among the first inspection bodies to meet the inspection competency requirements as per § 8a of the Federal Office for Information Security Act (BSIG)

The critical infrastructure companies operating in the major sectors must comply with the IT Security Act as of next year at the latest. Consequently, the documented verification of implementation according to its stipulations by a qualified inspection team will play a major role. TÜV TRUST IT is one of the first inspection bodies to be approved by the BSI.

A key feature of the IT Security Act is that, according to § 8a (3) BSIG, every two years operators of critical infrastructures (KRITIS) must prove to the Federal Office for Information Security (BSI) that they have implemented relevant IT security measures. The required measures must be organizationally and technically effective and appropriate. To obtain the verification, an audit must be conducted by an independent and qualified inspection team. The team must possess auditing and information security expertise in addition to a specific inspection procedure competency within the meaning of § 8a BSIG. Experience in the defined KRITIS lines of business is required as well.

TÜV TRUST IT complies with the inspection competency requirements according to § 8a BSIG and has been approved by the BSI as an inspection body. This means that it can carry out audits to ascertain the implementation of appropriate IT security measures as stipulated by the law. “These regular audits will be of central importance in the future. Due to the relatively short intervals between them, they are an effective control tool in continually improving IT security,” Safiye Paulitsch, Manager of the TÜV TRUST IT certification body, emphasizes. “This leads us to realistically assume that a dynamically increasing level of security will establish itself across all the KRITIS lines of business.”

In addition to its function as an inspection body, TÜV TRUST IT also offers training courses on the relevant inspection procedure competency that is compulsory for inspection team members. These cover all the requirements specified by the Federal Office for Information Security, and participants are awarded a certificate upon completion of the training course. On the one hand, the training courses are aimed at operators of critical infrastructures within the meaning of BSIG § 8a. On the other hand, they are intended for internal and external auditors who will conduct audits according to § 8a (3) BSIG. ​Consultants preparing companies for the audit/verification are also welcome to attend the training courses. The tutors giving the classes were instructed by the BSI.

Please find further information on the training course here.

[Translate to English:] Paragraphen Zeichen
  •  | Print
to top