• Privacy Policy
  • Imprint
SRC Security Research & Consulting GmbH
  • Home
  • for customers
    • Topics
    • Solutions
  • SRC blog
  • about SRC
  • Careers
  • Contact
    • How to reach us in Bonn
    • How to reach us in Wiesbaden
  • English
    • Deutsch
  • Search
  • Menu Menu

Auditing according to §8a (3) BSIG

As operators of a critical infra­structure, you have to prove to the Federal Office for Infor­mation Security (BSI) every two years that you meet the minimum level of IT security. Depending on the critical infra­structure they operate, the legis­lator has set the first deadlines for the provision of evidence on May 3, 2017 and September 26, 2019, respectively.

This proof is provided in the form of an audit report. The audit must be carried out by a qualified auditor who has the certified quali­fi­cation to carry out audits in accor­dance with §8a (3) of the BSI Act.

Before the actual audit, the audit basis must be deter­mined and the audit plan drawn up. If you use an industry-specific safety standard (B3S) with the approval of the BSI, this consid­erably simplifies the defin­ition of the audit basis. Otherwise, the audit basis must first be defined and agreed with the operator of the critical infrastructure.

The audit plan to be drawn up subse­quently defines the audit team, the audit objects, the audit objec­tives and the intended audit method.

The audit itself assesses the available documen­tation on the intended security standards and their practical imple­men­tation. Finally, the required verifi­cation documents, such as the BSI forms and the audit report, are prepared.

We would be pleased to carry out the audit in accor­dance with § 8 (a) BSIG with you and support you with the expertise of our experts in the exchange of infor­mation with the BSI.

Contact

Dagmar Schoppe

Dagmar Schoppe

SRC Security Research & Consulting GmbH
  • +49 (228) 2806 — 136
  • dagmar.schoppe@src-gmbh.de

Training

Compact training for additional quali­fi­cation in test-proce­­dures for § 8a (3) BSIG

Topics

  • Healthcare Sector

  • Infor­mation Technology in Critical Infra­struc­tures — KritisVO

Find out about the topics that we support with our services.

Publi­ca­tions

  • IT Security Act audit

    Proof by June 2019 — Failure not intended

    in: KU Health Management 7/2017
    By Prof. Dr. Andreas Becker and Randolf Skerka

Security for your Inbox

Stay up to date with the
SRC Newsletter

SRC Newsletter

Address

SRC
Security Research & Consulting GmbH
Emil-Nolde-Str. 7
D‑53113 Bonn

Telefon: +49 (228) 2806 — 0

Articles from SRC

  • Appli­cation areas of Digital Identities: Digitally repre­senting — and protecting — physical identities6. February 2023 - 20:44
  • SRC goes GEAR (Global Executive Assessor Roundtable)!11. August 2022 - 16:20
  • 8 digit BINs and PCI DSS26. February 2022 - 23:12
© Copyright - SRC Security Research & Consulting GmbH
  • Privacy Policy
  • Imprint
Scroll to top