When the electricity and gas network breaks down, everything is quickly paralysed: Lights go out, underground trains get stuck and vital services cannot be provided. The energy sector is therefore categorised as a critical infrastructure (KRITIS).
Accordingly, the Federal Network Agency (BNetzA) has published the IT security catalogue in accordance with Section 11 (1a) of the Energy Industry Act (EnWG). In this catalogue, the legislator obliges grid operators to implement an information security management system (ISMS) in accordance withISO 27001and have it certified.
TÜV NORD is at your side as a certification partner and can answer all your questions about the Security Act and the corresponding certifications.
As an affected electricity or gas network operator, you fulfil the legally prescribed standards and reduce your liability risks with certification in accordance with the IT security catalogue. This is because you implement the three main objectives of the IT security catalogue:
Finally, you ensure that you take appropriate protective measures against threats to telecommunication and electronic data processing systems. And not just to protect your own technology, but above all to ensure the population's energy supply.
For certification in accordance with the IT security catalogue, the ISO 27001 controls have been extended by the IT-Sicherheitskatalog and ISO 27019 to include specific aspects of grid control. Since August 2015, grid operators have had to provide proof of corresponding certification. In addition, annual surveillance audits are required, which are carried out by an accredited body.
Certification in accordance with the IT security catalogue pursuant to Section 11 (1a) of the Energy Industry Act must be carried out by an independent certification body that fulfils the so-called conformity assessment programme of the Federal Network Agency and is accordingly accredited by the German Accreditation Body (DAkkS).
TÜV NORD has been accredited by the German Accreditation Body (DAkkS) for many years for the auditing and certification of information security management systems (ISMS). We are at your side as your partner. Benefit from our experience in the auditing of ISMS.