Verification CRITIS

Verification CRITIS

Assessment, Verification & Protection Requirements

CRITIS-Compliance

For operators of critical infrastructure, information security is inextricably linked to regulatory responsibility. Verification audits pursuant to Section 39 of the Federal Information Security Act (BSIG) are a central component of this process, serving to transparently demonstrate the implementation of appropriate security measures and to provide robust evidence of CRITIS compliance to the Federal Office for Information Security (BSI). We support companies in systematically organizing these requirements, implementing them in an audit-proof manner, and permanently integrating them into their compliance and security organization.

Our approach deliberately goes beyond mere fulfillment of formal verification obligations. We view verification audits as an integral part of effective CRITIS governance, in which technical security measures, organizational responsibilities, documented processes, and regulatory accountability are intertwined. In this way, we lay the foundation for compliance that is not merely established on an ad hoc basis for an audit, but is sustainably embedded within the organization.

We place particular emphasis on a practical, solution-oriented, and at the same time regulatory-compliant approach. CRITIS compliance requires a robust interplay of security level, traceability, and manageability. That is why we support our clients not only in evaluating existing measures but also in structuring the processes and evidence required for robust auditing and reporting.

Our Focus Areas

Regulatory Classification & Compliance Readiness

  • Classification of requirements under the CRITIS regulatory framework
  • Support in structured preparation for compliance audits pursuant to Section 39 of the German Information Security Act (BSIG)
  • Assessment of existing compliance and documentation capabilities

Review of the Safety Organization

  • Analysis of organizational and technical security measures
  • Assessment of existing responsibilities, processes, and control mechanisms
  • Identification of gaps, vulnerabilities, and regulatory requirements

Record Keeping & Audit-Ready Documentation

  • Structured presentation of information relevant to audits
  • Support in providing reliable, traceable, and audience-appropriate documentation
  • Strengthening internal and external reporting and audit capabilities

Action Management & Continuous Improvement

  • Identification of specific measures to address identified gaps
  • Prioritization based on regulatory relevance, risk, and feasibility
  • Support for the ongoing development of CRITIS compliance

Our Consulting Approach

We view verification audits under Section 39 of the German Banking Supervision Act (BSIG) as part of a robust compliance framework. That is why we focus not only on individual audit items, but also on how regulatory requirements can be managed, documented, and consistently adhered to within your organization. Our approach is consultative, structured, and guided by sound business judgment. This results in outcomes that are both regulatory-compliant and practical for day-to-day operations.

Benefits of Implementation

  • Greater confidence in meeting CRITIS documentation and compliance requirements
  • Enhanced ability to undergo audits and provide information to the BSI
  • Early identification of regulatory and organizational needs for action
  • Robust documentation and traceable verification processes
  • Sustainable strengthening of your CRITIS governance and security organization

CRITIS compliance audits in accordance with Section 39 of the German Federal Information Security Act (BSIG) provide the necessary foundation for robustly demonstrating compliance with regulatory requirements and transparently documenting your organization’s security framework. We support you with a practical and solution-oriented approach to help you systematically meet compliance obligations, identify areas requiring action at an early stage, and strengthen your CRITIS compliance in the long term.

If you have any questions or would like an initial consultation, please feel free to contact us at any time using our contact form.