IT Security Act

In June 2015 the German parliament passed the first Geman IT Security law (IT-SiG).

Amongst others the IT-SiG regulates that operators (companies) of socalled critical infrastructures (KRITIS) must prove a minimum level of IT security and security organization. At the same time IT security incidents must be detected, identified and notified to the Federal Office for Information Security (BSI). The objective is to ensure the reliable supply of the FR Germany and the independent operation of critical company processes. 

The IT-SiG applies for companies of critical infrastructures (KRITIS). The branch specific definition of "critical infrastructures" will be defined and regulated (UV KRITIS) by the Federal Ministry of the Interior (BMI). 

The infringement of the law will result in penalties in a million euro range.   

The IT-SiG applies for already regulated institutions as e.g. the Federal Network Agency, the German Financial Supervisory Authority but also for every company with more than 10 employees and an annual turnover of more than 2 mio. Euro. And also service provider and sub suppliers of KRITIS companies must comply to the conditions of IT-SiG.   

Important to know is that companies must prove that the conditions of the IT security law are not applicable. KRITIS companies must confirm the compliance of legal requirements by means of a first audit until the end of 2017 and afterwards at regular intervals of 2 years.

Which branches and industries are affected by the IT-SiG?

• Energy
• Health care
• Information technology & Telecommunication
• Transportation 
• Water
• Finance and Insurance 
• Food Industry

SECUrisk

With the SecuRisk GmbH the Data Center Group disposes of a highly specialist component within the group of companies. The SecuRisk GmbH advises and supports regarding open issues  concerning the IT security law. 

Contact details

 
 

RZ-Products GmbH

In der Aue 2
57584 Wallmenroth
Germany
Fax: +49 2741 9321-111
Phone: +49 2741 9321-0

 
 

Navigation system:

Latitude: 50.79398
Longitute: 7.8375

Data Center Group
Data Center Group
proRZ
proRZ
SECUrisk
RZservice
RZproducts
Direktkontakt