Critical Infrastructure and the IT Security Act

Due to increasing digitalisation, critical infrastructures in particular are becoming more and more vulnerable to internal and external attacks. Special protection of these at the same time means protection of our company.

In July 2015, the Act on Increasing the Security of Information Technology Systems (IT Security Act) came into force. Together with the CRITIS regulation published in 2016 and 2017, the implementation and proof of general as well as sector-specific security measures and a reporting obligation are required. The corresponding transition periods for all affected business entities expire in mid-2019.

KPMG supports you in the implementation of all requirements and the appropriate alignment of information security in your business entity. In doing so, we offer CRITIS operators a holistic range of services with which we address specific industry requirements and take these into account when aligning information security.

• Identification of the requirements not only on the technical level, but also on the process and organisational level
• Effective risk reduction
• Good legal positioning in the event of a security incident
• Loss prevention
• Acquisition of new customer groups
• Competitive advantage over less effectively protected business entities
• Suitable audit within the meaning of § 8a of the Act on the Federal Office for Information Security (BSIG) for the provision of evidence to the Federal Office for Information Security (BSI)

Product Sheet: “CRITIS and IT Security Act”