Inspection according to §8a (3) BSIG

Inspection according to §8a (3) BSIG

As an operator of a critical infrastructure, you must prove to the Federal Office for Information Security (BSI) every two years that you ensure the minimum level of IT security. This proof is provided in the form of an audit report based on the BSI specifications. The examination must be performed by a qualified examiner who has the certified ability to perform examinations in accordance with §8a (3) of the BSI Act.

Before the actual test, the test basis must be determined and the test plan drawn up. If you use an industry-specific security standard (B3S) with suitability determination from the BSI, this simplifies the definition of the test basis considerably. In addition, existing certifications that are not older than one year can be taken into account as part of the audit, e.g. ISO27001 or PCI DSS.

The test plan to be drawn up subsequently specifies the test team, the test objects, the test objectives and the intended test method.

The audit itself reviews the available documentation on the targeted safety standards and their practical implementation. Finally, the required verification documents, such as the BSI forms and the test report, are prepared.

We will be happy to conduct the audit in accordance with § 8 (a) BSIG with you and support you with the expertise of our specialists in the exchange of information with the BSI.

Your contact

Dagmar Schoppe

Bereichsleiterin ISMS

Are you looking for a specific certification?

Find out which certifications SRC GmbH can offer in this area.

Related topics

Find out more about the topics we support with our services.

Training on this topic

Experience exciting talks and networking at our event. Register now and become part of the community!

Our partners in this area

Your career at SRC - Discover your opportunities!