


ISMS for operators of critical infrastructures



ISMS certification according to ISO 27001 becomes mandatory for KRITIS operators
The legislator obliges the operators of critical infrastructures to adequately secure their IT according to the state of the art and to meet the IT security standards. The IT Security Act passed in 2015 requires operators of critical infrastructures to review security every two years. The Federal Office for Security and Information Technology (BSI) must also be notified by KRITIS operators of all significant incidents in the area of IT security. The basic services that are important for our society are called critical infrastructures (KRITIS).
Basic infrastructures are healthcare facilities such as hospitals, pharmacies or manufacturers of vital medical products. They also include water and energy supply as well as emergency and rescue services, information technology and telecommunications. These are all areas on which people in our society depend for their basic needs. Reliable, secure infrastructures are an important basis for our society with its ever-increasing trend towards technology and digitisation.
The disruption or destruction of critical infrastructures can have serious implications for the health, safety, economic or social well-being of the population or the effective functioning of governments. Industrial production is not possible without electricity. Drinking water is vital for our survival and would be inconceivable without a continuous supply. The banking business would come to a standstill without functioning information and communication technology. Public life would collapse within a very short time.
The structure of an ISMS according to DIN ISO/IEC 27001 provides protection against such attacks. This international standard for ISMS, which is based on a risk-based approach, offers corresponding possibilities and instruments.
Development of an ISMS according to DIN ISO 27001 with our IT security experts



The scope of application of the IT security catalogue extends to network components or subsystems, which are controllable and thus directly influence the function mode of the network or however to network components, which are not controllable themselves, but indirectly influence the network mode of operation e.g. by provision of data and are in this way also useful for the network control.
Trigonum Consulting is specialized for years in information security management systems. Our IT security consultants have already advised and supported numerous companies in the efficient implementation and successful certification of an ISMS according to the ISO/IEC 27001 standard. Ask us about our reference projects. We would be pleased to arrange a non-binding meeting with you.
Information management system becomes mandatory
The key requirement of the security catalogue to be implemented is the pursuit of a holistic approach. This is fulfilled by the operators of critical infrastructures with the introduction of an ISMS (information security management). The Federal Network Agency issues a security law and obliges all operators of critical infrastructures to introduce an information management system in accordance with the ISO/IEC 27001 standard. According to the current draft, operators of critical infrastructures only have one year after the adoption of the regulation to implement it.
An information management system is aimed at the permanent fulfilment of legal requirements and the sustainable limitation of risks. Only by establishing and adhering to an ISMS with the definition of the associated organisational structure and responsibilities can a continuous improvement in information security be achieved.
An ISMS introduced in the company in accordance with DIN ISO 27001 ensures the availability of business processes and offers appropriate protection against incidents that could damage business. Risks are limited sustainably. Intelligent integration with IT service management creates a further building block for the continuous optimisation of IT systems and processes.
Parallel to the introduction of an ISMS, network operators are obliged to appoint an IT security officer as a contact person for the Federal Network Agency. The task of the IT security officer is to coordinate all IT security-related measures. To fulfil these tasks, the IT security officer works closely with the company management, the IT management, the data protection officer and all other departments of information security management. Trigonum Consulting will provide you with an external security officer on request. Our security officers have many years of expertise. They are experts in the field of national and international information security standards and certified ISO 27001 basic protection auditors.



ISMS for operators of critical infrastructures



ISMS certification according to ISO 27001 becomes mandatory for KRITIS operators
The legislator obliges the operators of critical infrastructures to adequately secure their IT according to the state of the art and to meet the IT security standards. The IT Security Act passed in 2015 requires operators of critical infrastructures to review security every two years. The Federal Office for Security and Information Technology (BSI) must also be notified by KRITIS operators of all significant incidents in the area of IT security. The basic services that are important for our society are called critical infrastructures (KRITIS).
Basic infrastructures are healthcare facilities such as hospitals, pharmacies or manufacturers of vital medical products. They also include water and energy supply as well as emergency and rescue services, information technology and telecommunications. These are all areas on which people in our society depend for their basic needs. Reliable, secure infrastructures are an important basis for our society with its ever-increasing trend towards technology and digitisation.
The disruption or destruction of critical infrastructures can have serious implications for the health, safety, economic or social well-being of the population or the effective functioning of governments. Industrial production is not possible without electricity. Drinking water is vital for our survival and would be inconceivable without a continuous supply. The banking business would come to a standstill without functioning information and communication technology. Public life would collapse within a very short time.
The structure of an ISMS according to DIN ISO/IEC 27001 provides protection against such attacks. This international standard for ISMS, which is based on a risk-based approach, offers corresponding possibilities and instruments.



Development of an ISMS according to DIN ISO 27001 with our IT security experts
The scope of application of the IT security catalogue extends to network components or subsystems, which are controllable and thus directly influence the function mode of the network or however to network components, which are not controllable themselves, but indirectly influence the network mode of operation e.g. by provision of data and are in this way also useful for the network control.
Trigonum Consulting is specialized for years in information security management systems. Our IT security consultants have already advised and supported numerous companies in the efficient implementation and successful certification of an ISMS according to the ISO/IEC 27001 standard. Ask us about our reference projects. We would be pleased to arrange a non-binding meeting with you.
Information management system becomes mandatory
The key requirement of the security catalogue to be implemented is the pursuit of a holistic approach. This is fulfilled by the operators of critical infrastructures with the introduction of an ISMS (information security management). The Federal Network Agency issues a security law and obliges all operators of critical infrastructures to introduce an information management system in accordance with the ISO/IEC 27001 standard. According to the current draft, operators of critical infrastructures only have one year after the adoption of the regulation to implement it.
An information management system is aimed at the permanent fulfilment of legal requirements and the sustainable limitation of risks. Only by establishing and adhering to an ISMS with the definition of the associated organisational structure and responsibilities can a continuous improvement in information security be achieved.
An ISMS introduced in the company in accordance with DIN ISO 27001 ensures the availability of business processes and offers appropriate protection against incidents that could damage business. Risks are limited sustainably. Intelligent integration with IT service management creates a further building block for the continuous optimisation of IT systems and processes.
Parallel to the introduction of an ISMS, network operators are obliged to appoint an IT security officer as a contact person for the Federal Network Agency. The task of the IT security officer is to coordinate all IT security-related measures. To fulfil these tasks, the IT security officer works closely with the company management, the IT management, the data protection officer and all other departments of information security management. Trigonum Consulting will provide you with an external security officer on request. Our security officers have many years of expertise. They are experts in the field of national and international information security standards and certified ISO 27001 basic protection auditors.


Related Services
More and more customers are demanding concrete proof from their suppliers that an efficient information security management system has been established. The German Association of the Automotive Industry (VDA), for example, recommends its members to set up an information security management system in accordance with ISO 27001. Further keywords are Basel II, KontraG and Sarbanes Oxley Act for US listed companies as well as the introduction of comparable European guidelines.
Companies that collect, process or use personal data are obliged to take the technical and organisational measures (TOM) necessary to comply with the provisions of the DSGVO. Measures from the following areas are to be taken, provided that their expenditure is proportionate to the intended protective purpose.