The IT Security Act (ITSiG) requires operators of critical infra­struc­tures to establish a contact point. On constant standby, the contact point exchanges infor­mation with the Federal Office for Infor­mation Security (BSI) about signif­icant IT malfunc­tions. The scope and formal structure of the infor­mation is pre-defined.

In the practical operation of the contact point, the infor­mation security management system (ISMS), which must also be imple­mented, must be adapted in two ways. On the one hand, warnings from the BSI and the protective measures to be intro­duced must be commu­ni­cated to the relevant author­ities within the own organ­i­sation. On the other hand, it must be techni­cally and organ­i­sa­tionally ensured that the necessary infor­mation on signif­icant malfunc­tions is trans­mitted to the contact point without delay and in the required detail. There, the malfunction is then assessed, the infor­mation processed and a decision made if a report is to be sent to the BSI.

The necessary adapta­tions of your management system for infor­mation security in accor­dance with the require­ments of the BSI and the practical imple­men­tation in your company differ in individual cases.

We are happy to offer you the oppor­tunity to draw on the expertise of our experts when estab­lishing and maintaining your contact point.

We support you in

• Regis­tration of the contact point with the BSI
• Adjustment of internal commu­ni­cation and escalation processes
• Defin­ition of suitable security measures based on reports from the BSI