Unsupported Browser! This website will offer limited functionality in this browser. We only support the recent versions of major browsers like Chrome, Firefox, Safari, and Edge.
ISO 27XXX | TISAX | IT-Grundschutz | BAIT | etc.
Your personal web demo - Get to know NEXIS 4
Details and registration
QSEC DEMO
QSEC-Demo

Compliance and information security for KRITIS operators in the transport and traffic sector

The transport and traffic sector – from aviation, maritime shipping, inland waterway transport, rail transport to road transport and logistics – is an essential pillar of our society. As operators of critical infrastructure (KRITIS), companies bear a special responsibility, as any disruption or security breach can have far-reaching consequences for the population, the economy, and the state. It is therefore crucial to comply fully with the laws and regulations governing IT security and compliance.

Overview of legal basis

IT Security Act & IT Security Act 2.0

The IT Security Act stipulates that operators of critical infrastructures must ensure a high level of security in line with the latest technology. The IT Security Act 2.0 tightened the requirements in order to ward off cyber attacks even more effectively.

Section 8a BSIG and BSI-KritisV

According to Section 8a of the BSIG, KRITIS operators must take appropriate technical and organizational precautions. The BSI-Kritis Regulation (BSI-KritisV) specifies which industries and thresholds a company may classify as “critical.”

Industry-specific security standards (B3S)

The B3S Transport and Traffic defines specific requirements for the industry. These guidelines create a uniform safety framework that takes into account the specific risks and characteristics of the sector.

Why compliance and information security are essential for transport and traffic

  1. High risk potential The failure of important supply chains, delays in passenger and freight transport, and impacts on emergency and healthcare services show that our dependence on functioning transport routes is enormous.
  2. Social responsibility As an operator of critical infrastructure, you share responsibility for the well-being of society. Smooth transport operations ensure the reliable supply of goods and services.
  3. Competitive advantage through trust A transparent and effective information security management system (ISMS) strengthens the trust of business partners, customers, and authorities—a long-term competitive advantage.

Requirements for a successful ISMS

  • Standards and certifications: ISO 27001 and IT-Grundschutz (according to BSI) are key frameworks. They offer a structured approach to setting up, operating, and continuously improving your information security.
  • Data protection according to GDPR: Extensive personal data is processed in the transport and traffic sector (e.g., passenger data). Robust data protection is therefore essential.
  • Industry-specific additions (B3S): In addition to the general standards, industry-specific requirements for transport and traffic must be taken into account.

QSEC – The GRC software for your success

With QSEC, you get a customized GRC (Governance, Risk & Compliance) solution that covers all important requirements. Whether ISMS according to ISO 27001, IT-Grundschutz, GDPR, or B3S requirements—QSEC supports you in:

  • Introducing, implementing, and operating an ISMS
  • Automated documentation of risks, measures, and audit processes
  • Integrating all industry-specific standards and regulations
  • Audit-proof documentation of your IT security measures

 

The result: An efficient, streamlined process that not only ensures compliance, but also conserves resources and strengthens your reputation.

Your advantages at a glance

Efficient audit preparation

Save time and stress by being fully prepared for TISAX and ISO 27001 audits thanks to QSEC.

Holistic management

Benefit from an integrated approach that combines data protection, risk management, and compliance in a single software solution.

Increased transparency

Keep track of the current status of your ISMS processes at all times and identify areas for action before they become a problem.

Sustainable organization

Reduce friction within your team, standardize processes, and establish a long-term safety culture.

What our customers say

  • In summary, we are very satisfied with the performance of QSEC and will continue to develop and use the software intensively in the future. The manufacturer of the software, Nexis GRC, is a reliable partner for us, always providing us with the best possible support thanks to its decades of experience in implementing global GRC and ISMS projects.
    Dr. Paul-Martin Steffen, Head of Data Protection and Information Security, DSW 21 Dortmunder Stadtwerke AG

  • In the end, QSEC was convincing in the cost-benefit analysis and in terms of scalability as a single-source tool. QSEC supports the dissemination of a uniform understanding of processes. The system acts as a central platform in which all business processes are recorded.

    Marcel Reifenberger, Chief Information Security Officer & CSO, CANCOM SE
  • In Nexis GRC, we have found a partner that speaks our "language" and responds openly to our requirements and ideas. The partnership with Nexis GRC has convinced me throughout the entire duration of the collaboration.
    Thomas Prigge, Information Security Officer, HanseMerkur Krankenversicherung AG
  • Auditing our infrastructure has become much easier and more efficient with the support of QSEC. Based on the auditors' positive assessment of the system's performance, we will continue to expand QSEC in line with our requirements.
    Hardy Krüger, Data Protection Officer, Information Security Officer and Head of Document Management, Harzklinikum Dorothea Christiane Erxleben GmbH
  • The methods and processes already integrated in the standard QSEC have significantly supported us in the professional development and operation of our information security management system. The maturity assessment and development enable us to continuously operate, monitor and further develop our Techem ISMS with QSEC in a resource-saving manner.
    Sebastian Fingerloos, Head of Information Security, Techem GmbH

ISMS, GRC, and data protection software QSEC:

QSEC – the information security management system (ISMS)

ISMS with QSEC means complete support for all processes relevant to information security management in accordance with the requirements

  • of ISO 27001 and/or
  • BSI IT-Grundschutz,

 

including the implementation of data protection requirements in accordance with GDPR.

 

This allows you to plan your information security management on a daily basis

  • plan (Plan)
  • implement (Do)
  • check (Check) and
  • improve (Law)

 

The ISMS tool QSEC guides users methodically and clearly through all task areas with workflow, wizard, and task support, and helps with the cost-saving and resource-optimized implementation of information security management through extensive content and best practices.

Selected
success stories

DSW21 on the successful introduction of an Information Security Management System (ISMS) with QSEC

Read success story

Cancom on the global introduction of an Information Security Management System (ISMS) in accordance with ISO/IEC 27001 with QSEC

Read success story

Techem on the challenges and experiences in information security and risk management with QSEC

Read success story

Harzklinikum Dorothea Christiane Erxleben on software-supported security management in accordance with B3S Health, ISO 27001 and GDPR with QSEC

Read success story

HanseMerkur on the development of a holistic management system taking into account the insurance law aspects according to VAIT

Read success story

Take action now: Take the next step with QSEC!

Rely on holistic information security management that meets your requirements - QSEC is a reliable partner at your side.

Request a live demo:

Experience QSEC in action and let us show you how our ISMS software solves your challenges.

Download ISO 27001 checklist:

Find out which steps are crucial for a successful information security management system.

Upcoming expert meetings

Grundschutz++ in 20 minutes: the BSI's next step
Date: October 29, 2025 | 4:00 p.m.

In this compact live session, Jonas Link will take you on a clear and practical introduction to the new Grundschutz++. He will show you how the requirements have fundamentally changed, what advantages the new must/should/can structure brings and why Grundschutz++ will replace the previous IT Grundschutz.

What to expect:

  • The most important differences to the previous IT baseline protection

  • The new focus on target objects instead of classic building blocks

  • Clear reduction and structuring of requirements

  • Outlook: Transition periods, next steps and practical experience