IT Security Act and KRITIS in the field of information technology & telecommunications
Optimal compliance, maximum security, and targeted measures for your company
Why IT security laws and KRITIS are becoming increasingly relevant
Rapid digitalization opens up countless opportunities—but also brings new risks. In the field of information technology and telecommunications (ICT) in particular, failures or cyberattacks can not only cause high costs, but also lead to far-reaching supply bottlenecks and impairments to public safety. For this reason, the IT Security Act (including IT Security Act 2.0) and the KRITIS (critical infrastructure) requirements impose particularly strict requirements.
Legal requirements & standards in detail
To ensure maximum IT security, the legislator has specified the following key points:
- Mandatory security level at “state of the art” Operators of critical infrastructures must continuously update and secure their systems in order to respond to current threats.
- Implementation of an ISMS (information security management system) An ISMS in accordance with ISO/IEC 27001 or BSI basic protection forms the structured foundation for the systematic planning, implementation, and control of organizational and technical measures.
- Risk management & obligation to provide evidence Companies must regularly identify and assess risks and derive appropriate measures. Proof must be provided to the Federal Network Agency (BNetzA) and the Federal Office for Information Security (BSI).
- Data protection-compliant implementation in accordance with DSGVO In addition to IT security, the legally compliant processing of personal data must be guaranteed at all times.
- Further industry-specific catalogs
- Security requirements in accordance with Section 109 of the German Telecommunications Act (TKG)
- IT security catalog for networks and energy systems
- B3S data center, server farm, and content delivery network
Conclusion: Only by fully complying with and continuously documenting all requirements can costly fines and damage to reputation be avoided.
Greater security, less liability risk
A professional IT security concept offers the following measurable advantages:
- Legal certainty & compliance minimize legal risks and fines by fully complying with all requirements of the IT Security Act and KRITIS regulations.
- Protection against cyber attacks early detection of vulnerabilities and targeted measures significantly reduce the risk of successful attacks on your systems.
- Competitive advantage & image boost customers, investors, and partners trust companies with certified ISMS—this creates transparency and strengthens your market position.
- Efficient resource planning standardized processes in risk management and data protection create clear responsibilities and reduce the workload for your employees.
Your advantages at a glance
What our customers say
In summary, we are very satisfied with the performance of QSEC and will continue to develop and use the software intensively in the future. The manufacturer of the software, Nexis GRC, is a reliable partner for us, always providing us with the best possible support thanks to its decades of experience in implementing global GRC and ISMS projects.
In the end, QSEC was convincing in the cost-benefit analysis and in terms of scalability as a single-source tool. QSEC supports the dissemination of a uniform understanding of processes. The system acts as a central platform in which all business processes are recorded.
In Nexis GRC, we have found a partner that speaks our "language" and responds openly to our requirements and ideas. The partnership with Nexis GRC has convinced me throughout the entire duration of the collaboration.
Auditing our infrastructure has become much easier and more efficient with the support of QSEC. Based on the auditors' positive assessment of the system's performance, we will continue to expand QSEC in line with our requirements.
The methods and processes already integrated in the standard QSEC have significantly supported us in the professional development and operation of our information security management system. The maturity assessment and development enable us to continuously operate, monitor and further develop our Techem ISMS with QSEC in a resource-saving manner.
ISMS, GRC, and data protection software QSEC:
QSEC – the information security management system (ISMS)
ISMS with QSEC means complete support for all processes relevant to information security management in accordance with the requirements
- of ISO 27001 and/or
- BSI IT-Grundschutz,
including the implementation of data protection requirements in accordance with GDPR.
This allows you to plan your information security management on a daily basis
- plan (Plan)
- implement (Do)
- check (Check) and
- improve (Law)
The ISMS tool QSEC guides users methodically and clearly through all task areas with workflow, wizard, and task support, and helps with the cost-saving and resource-optimized implementation of information security management through extensive content and best practices.
Selected success stories
DSW21 on the successful introduction of an Information Security Management System (ISMS) with QSEC
Cancom on the global introduction of an Information Security Management System (ISMS) in accordance with ISO/IEC 27001 with QSEC
Techem on the challenges and experiences in information security and risk management with QSEC
Harzklinikum Dorothea Christiane Erxleben on software-supported security management in accordance with B3S Health, ISO 27001 and GDPR with QSEC
HanseMerkur on the development of a holistic management system taking into account the insurance law aspects according to VAIT
Take action now: Take the next step with QSEC!
Rely on holistic information security management that meets your requirements - QSEC is a reliable partner at your side.
Request a live demo:
Experience QSEC in action and let us show you how our ISMS software solves your challenges.
Download ISO 27001 checklist: