The IT Security Act (ITSiG) requires operators of critical infrastructures to operate a contact point. Standing by at all times, the contact point exchanges information on significant IT disruptions with the Federal Office for Information Security (BSI). The scope and formal structure of the information are predefined.

In the practical operation of the contact point, the information security management system (ISMS), which is also mandatory, must be adapted in two respects. On the one hand, warnings from the BSI and the protective measures to be initiated must be communicated to the relevant points in one’s own organization. On the other hand, it must be ensured technically and organizationally that the necessary information on significant disruptions is transmitted to the contact point without delay and in the required detail. The fault is then assessed there, the information is processed and a decision is made as to whether a report should be submitted to the BSI.

The necessary adjustments to your information security management system to meet the requirements of the BSI and the practical implementation in your company differ in individual cases.

We are happy to offer you the opportunity to draw on the expertise of our specialists in setting up and operating your contact point.

We support you with

• Registration of the contact point at the BSI
• Adaptation of internal communication and escalation processes
• Definition of suitable security measures based on reports from the BSI