IT security - ISO/IEC 27001

ISO 27001 describes the requirements for an information security management system (ISMS). Information security in turn means maintaining the confidentiality, integrity and availability of information.
Important tasks of an ISMS are

• Formulation of security objectives
• Determining assets that are of value to the organization
• risk assessment
• Risk treatment
• Continuous improvement of the ISMS

Information security is the central element for protecting fundamental company assets. The protection of company information as well as personal customer data, the security awareness of your employees and also the proof of security towards third parties (customers – business partners – legal obligations) has become increasingly important and present. Prove that information security is an integral part of your business processes. With a corresponding certificate from TÜV Saarland Certification.

ISO 27001 certification can also be combined with other management systems. Take advantage of synergies

A TÜV certificate in just a few steps – the certification process:

• Certification audit stage 1: Readiness assessment
• Certification audit stage 2: Practical application
• Issue of certificate & TÜV seal and registration in the database
• Surveillance and continuous optimization (annually)
• Re-certification (after 3 years)

Your ISO 9001 certification is in experienced hands with us. We will guide you through the entire certification process and are available to you as a contact partner at all times.

IT SECURITY CATALOG (BNETZA)

Network operators must ensure the availability, integrity and confidentiality of their systems, which must be proven to the Federal Network Agency (BNetzA) by means of a certified information security management system (ISMS) based on the IT security catalog from an independent certification body.

With TÜV certification in accordance with the IT security catalog, you meet legal requirements and reduce your liability risks. Protect your company and pass this security on to your business partners and customers.

The IT security catalog published in August 2015 in accordance with Section 11 (1a) EnWG was drawn up by the Federal Network Agency (BNetzA) together with the Federal Office for Information Security (BSI) and declared binding by the BNetzA for all electricity and gas network operators.

The IT security catalog defines requirements for grid operators that are necessary for a functioning energy supply with electricity and gas. Secure grid operation depends to a large extent on functioning information and communication technology (ICT). The IT security catalog defines minimum standards for the protection of ICT systems that could jeopardize the security of grid operation.

Regular verification

Section 8a (3) of the IT Security Act requires operators of critical infrastructures to provide evidence of compliance with legal requirements at least every two years. This is possible through security audits, inspections or certifications. However, the Federal Network Agency restricts the proof to certifications, meaning that security audits are not sufficient. The certification procedure must be carried out in the ISO certification cycle with an annual audit.

Basic principles

The legal and normative bases are the IT Security Act, the Energy Industry Act (Section 11 (1a)) and the IT Security Catalog. The IT security catalog was drawn up by the Federal Network Agency together with the Federal Office for Information Security (BSI) and declared binding for all electricity and gas network operators by the Federal Network Agency.

The IT security catalog is based on:

• ISO/IEC 27001
• ISO/IEC 27019

The core requirement is the introduction of an information security management system in accordance with DIN ISO/IEC 27001 extended by the consideration of all measures of Annex A of ISO/IEC 27019 for energy supply

A TÜV certificate in just a few steps – the certification process:

• Certification audit stage 1: Readiness assessment
• Certification audit stage 2: Practical application
• Issue of certificate & TÜV seal and registration in the database
• Surveillance and continuous optimization (annually)
• Re-certification (after 3 years)

TÜV certification – your advantages with TÜV Saarland Certification

• Internationally recognized, accredited certification body
• Personal contact and individual support for your company
• TÜV experts support you in implementing the requirements safely and sustainably.
• The independent assessment and the experience of the TÜV experts provide a precise, reliable statement on the status quo, potentials are revealed and the system is further optimized.
• Our independent TÜV experts with extensive industry experience are always available for you and are always informed about the current standards.
• Successful certification also allows you to benefit from the TÜV brand, which has a very high level of recognition internationally, even exceeding 98% in Germany. Use our recognized
• TÜV seal for your marketing and set yourself apart from your competitors.