Skip to content

IT security catalog in accordance with Section 11 (1a) of the Energy Industry Act

Mandatory for all electricity and gas network operators

When the electricity and gas network breaks down, everything is quickly paralysed: Lights go out, underground trains get stuck and vital services cannot be provided. The energy sector is therefore categorised as a critical infrastructure (KRITIS).

Accordingly, the Federal Network Agency (BNetzA) has published the IT security catalogue in accordance with Section 11 (1a) of the Energy Industry Act (EnWG). In this catalogue, the legislator obliges grid operators to implement an information security management system (ISMS) in accordance withISO 27001and have it certified.

TÜV NORD is at your side as a certification partner and can answer all your questions about the Security Act and the corresponding certifications.

Contact us

Objectives of the IT Security Catalogue

As an affected electricity or gas network operator, you fulfil the legally prescribed standards and reduce your liability risks with certification in accordance with the IT security catalogue. This is because you implement the three main objectives of the IT security catalogue:

  • You ensure the availability of data and systems worthy of protection
  • You ensure the integrity of the processed information and systems
  • You ensure the confidentiality of the processed information

Finally, you ensure that you take appropriate protective measures against threats to telecommunication and electronic data processing systems. And not just to protect your own technology, but above all to ensure the population's energy supply.

 

ISO 27001 forms the basis of the IT security catalogue

For certification in accordance with the IT security catalogue, the ISO 27001 controls have been extended by the IT-Sicherheitskatalog and ISO 27019 to include specific aspects of grid control. Since August 2015, grid operators have had to provide proof of corresponding certification. In addition, annual surveillance audits are required, which are carried out by an accredited body.

 

TÜV NORD – Your partner for certifications

Certification in accordance with the IT security catalogue pursuant to Section 11 (1a) of the Energy Industry Act must be carried out by an independent certification body that fulfils the so-called conformity assessment programme of the Federal Network Agency and is accordingly accredited by the German Accreditation Body (DAkkS).

TÜV NORD has been accredited by the German Accreditation Body (DAkkS) for many years for the auditing and certification of information security management systems (ISMS). We are at your side as your partner. Benefit from our experience in the auditing of ISMS.

 

Would you like to learn more about ISO 27001 certification, including BNetzA certification? Please feel free to contact us.

ISMS Sales & Projectmanagement