Test basis and test plan

Before the actual §8a BSIG inspection, the inspection basis must be defined and the inspection plan drawn up.
If you use an industry-specific security standard (B3S) with suitability determination from the BSI, this simplifies the definition of the test basis considerably. In addition, existing certifications that are not older than one year can be taken into account as part of the audit, e.g. ISO27001 or PCI DSS.
The test plan to be drawn up subsequently specifies the test team, the test objects, the test objectives and the intended test method.

Implementation of the §8a BSIG audit

The audit itself reviews the available documentation on the targeted safety standards and their practical implementation.
Finally, the required verification documents, such as the BSI forms and the test report, are prepared.

We will be happy to conduct the audit in accordance with § 8 (a) BSIG with you and support you with the expertise of our specialists in the exchange of information with the BSI.

Why SRC as a test partner?

SRC has been carrying out security-related tests for many years in environments where technical accuracy and complete verifiability are required. Our audit teams work with clear methods, close coordination and an understanding of the depth that the BSI expects in §8a(3) audits.

Test bases, findings and reports are created in such a way that they are technically reliable, comprehensible and compatible with the existing structures of your company. The combination of technical expertise, experience in formal testing procedures and a focused approach results in an efficient testing process with clean documentation – without detours or unnecessary effort.

Questions about §8a BSIG examination?

Here you will find many answers to numerous questions and our team will also be happy to help you personally.