The IT Security Act (ITSiG) requires operators of critical infrastructures to establish a contact point. On constant standby, the contact point exchanges information with the Federal Office for Information Security (BSI) about significant IT malfunctions. The scope and formal structure of the information is pre-defined.
In the practical operation of the contact point, the information security management system (ISMS), which must also be implemented, must be adapted in two ways. On the one hand, warnings from the BSI and the protective measures to be introduced must be communicated to the relevant authorities within the own organisation. On the other hand, it must be technically and organisationally ensured that the necessary information on significant malfunctions is transmitted to the contact point without delay and in the required detail. There, the malfunction is then assessed, the information processed and a decision made if a report is to be sent to the BSI.
The necessary adaptations of your management system for information security in accordance with the requirements of the BSI and the practical implementation in your company differ in individual cases.
We are happy to offer you the opportunity to draw on the expertise of our experts when establishing and maintaining your contact point.
We support you in
- Registration of the contact point with the BSI
- Adjustment of internal communication and escalation processes
- Definition of suitable security measures based on reports from the BSI