Amongst others the IT-SiG regulates that operators (companies) of socalled critical infrastructures (KRITIS) must prove a minimum level of IT security and security organization. At the same time IT security incidents must be detected, identified and notified to the Federal Office for Information Security (BSI). The objective is to ensure the reliable supply of the FR Germany and the independent operation of critical company processes.
The IT-SiG applies for companies of critical infrastructures (KRITIS). The branch specific definition of "critical infrastructures" will be defined and regulated (UV KRITIS) by the Federal Ministry of the Interior (BMI).
The infringement of the law will result in penalties in a million euro range.
The IT-SiG applies for already regulated institutions as e.g. the Federal Network Agency, the German Financial Supervisory Authority but also for every company with more than 10 employees and an annual turnover of more than 2 mio. Euro. And also service provider and sub suppliers of KRITIS companies must comply to the conditions of IT-SiG.
Important to know is that companies must prove that the conditions of the IT security law are not applicable. KRITIS companies must confirm the compliance of legal requirements by means of a first audit until the end of 2017 and afterwards at regular intervals of 2 years.
• Health care
• Information technology & Telecommunication
• Finance and Insurance
• Food Industry
With the SecuRisk GmbH the Data Center Group disposes of a highly specialist component within the group of companies. The SecuRisk GmbH advises and supports regarding open issues concerning the IT security law.
© RZ-Products GmbH