Optimize your IT infrastructure

Reliably and in compliance with the German regulations on Critical Infrastructures (KRITIS)

As the trend towards digitalization gathers pace, IT infrastructures are becoming smarter and more powerful but also more liable to malfunctions and failures. That is why the German Federal Office for Information Security (BSI) has defined legal requirements to provide the optimum protection for infrastructures of vital public importance against attacks or interference. The KRITIS regulations require the operators of Critical Infrastructures to take appropriate sector-specific, state-of-the-art measures to safeguard their IT systems. These updated requirements regarding the protection of critical infrastructures have been in force as of 1st January 2022.

How future-proof is your data centre or server room?

Is your business affected by the Critical Infrastructure regulations? If it is, then it is advisable to examine your existing measures and perform a detailed analysis in order to identify and evaluate potential discrepancies between the current situation and the legal requirements.

Who are the operators of critical infrastructures (KRITIS)? The following sectors are affected:

Energy
Energy
  • e.g. municipal utilities, distribution system operators
  • Gas
  • Petroleum
  • Electricity
  • District heating
Information technology & telecommunications
Information technology & telecommunications
  • Telecommunications providers
  • Mobile telephony providers
Health
Health
  • Medical care
  • Pharmaceuticals and vaccines
  • Laboratories
Water
Water
  • Hydro-electric plant operators
  • Sewage treatment plant operators
Food
Food
  • Food industry
  • Food trade
Finance / insurance
Finance / insurance
  • Banks
  • Stock exchanges
  • Insurance companies
  • Financial service providers
Transport and traffic
Transport and traffic
  • Logistics
  • Air travel
  • Marine transport
  • Road traffic
  • Rail transport
State / public authorities
State / public authorities
  • Parliament
  • Judicial institutions
  • Government and administration
  • Emergency/rescue services
Media and culture
Media and culture
  • Printed and electronic press
  • Television and radio
  • Cultural heritage
  • Buildings of symbolic importance
Municipal Waste Disposal
Municipal Waste Disposal
UnBÖFI
UnBÖFI


Ensuring that datacenters and server rooms comply with the latest Critical Infrastructure requirements

Through our Consulting Services for critical infrastructures, we will be happy to help you achieve and provide proof of compliance with the legal requirements.

  • Does your planned new datacenter or server room comply with the Critical Infrastructure regulations?
  • Can you demonstrate that your IT infrastructure conforms to the “state-of-the-art” requirements demanded by the BSI?
  • What is the right balance between Cloud, colocation & on-premises solutions for your company - while also ensuring compliance with the KRITIS regulations?

Our experts would be delighted to advise you.

Rating

Your objectives:
You operate a critical infrastructure and have to provide evidence of appropriate “state-of-the-art” technical and organizational security measures

Request for proposal

Our services:
Examination of the existing situation and analysis of the technical aspects of information security, the security of the premises and the physical security of your IT infrastructure
|
Pre-audits in accordance with the DIN EN 50600 regulations

One-stop shopping

The result:
Optimization of your IT infrastructure
|
Ideal preparation for confirmation of compliance with legal regulations in the subsequent audit, which can be undertaken by an independent certification body.

Critical Infrastructures (KRITIS) - What areas need attention?

Operators of Critical Infrastructures must comply with minimum requirements regarding IT security and report any significant IT security incidents to the German Federal Office for Information Security (BSI). We will adopt a comprehensive all-round approach to assist you during the examination and certification of the technical aspects of your information security measures, the security of the premises and the physical security of the IT infrastructure.

What is an obligatory Critical Infrastructure requirement?

  • The BSI legislation requires operators of critical infrastructures to implement suitable state-of-the-art technical and organizational security measures
  • The basis for an assessment of the KRITIS V capability is DIN EN 50600, ISO 27001 and the tried-and-tested TSI.STANDARD criteria catalogue from TÜViT
  • Operators of infrastructures subject to a requirement for proof of compliance must submit supporting documents to the BSI. Proof of KRITIS compliance must be provided every two years.

What aspects are considered when evaluating IT operations?

For the following assessment aspects in and around the data centre, technical and/or organizational measures that guarantee a security level in conformity with the identified protection requirement must be taken with regard to the following aspects:​

Environment  |  Building structure  |  Fire prevention, alarm and extinguishing technology   |  Security systems and organization  |  Cabling structure  |  Power supply   |  Air-conditioning and ventilation systems  |  Organization  |   Documentation  |  Dual site datacenter

Advising enterprises affected by the KRITIS regulations on the fulfilment and implementation of the legal requirements

1

Examination of the BSI requirements catalogue in an assessment  

  • Identification of the TSI level for protection requirement and availability
  • Examination of the critical infrastructure requirements / applicable criteria for IT operation

We can conduct and implement various analyses and evaluation methods on behalf of our customers in order to identify any required modifications and ensure compliance with the requirements of the BSI legislation.

2

Drafting of a catalogue of measures

Identification of technical and/or organizational measures

Development of a concept
for a forward-looking IT infrastructure that meets the Critical Infrastructure requirements.
During our activities, we not only help identify the changes that need to be made to the existing IT infrastructure but also work to define the requirements placed on the “new” IT infrastructure. 

3

If required, support during the implementation and integration of the identified measures

Implementation of the consolidation concept, e.g.:

  • Revitalization and renovation
  • Conversions
  • Cloudification/colocation
  • Datacenter relocation
  • Project management

News & Media

Data Center modernization
Blog & Vlog

Making Data Centers fit for the Future - Part 2

Consider the overall IT strategy
What systems and associated applications should remain on-premises?
Analysis and development of a bespoke concept

Learn more
Blog & Vlog

Making Data Centers fit for the Future - Part 1

SWOT analysis: on-premises vs. cloud vs. colocation?
What are the arguments for and against cloud services?
What part of IT will remain on-premises?

Learn more
Blog & Vlog

Vlog #6 IT transformation: On-Premises, Colocation or Cloud?

OSI Insights in our video-blog:
Find the right balance.
What does a holistic approach look like?

Learn more
KritisV – designing an IT infrastructure for the future
Blog & Vlog

Vlog #5 KritisV – designing an IT infrastructure for the future

OSI Insights in our video-blog:
KRITIS and modernizing of IT infrastructure. How do these two things go together?
What are the individual steps that companies must pass through?

Learn more

Consulting & solutions for IT infrastructures - Trust our expertise

One of our particular strengths during project planning lies in our ability to cater for very special requirements and needs. The fact that we combine the flexibility of a mid-sized company with decades of experience in the cabling field is vitally important here.

> 15 years of experience in the planning and implementation of critical infrastructures

  • Services for more than 25,000 m² of data centre space
  • more than 500 projects successfully implemented

Specialist knowledge combined with practical know-how

  • Experts in the field of fiber optic-based connection technology since 1991
  • More than 130 service personnel covering the whole of Germany
  • Expertise in IT security

Everything from a single source: comprehensive service from start to finish

  • Everything from analyses to access controls
  • Support during the conduct of your datacenter transformation
  • Installation and Managed Services from a single supplier

Memberships


Let our experts advise you

This will quickly give you an overview of the current status of your IT infrastructure, vulnerabilities and further need for action in your company. You are not sure whether you belong to the operators of critical infrastructures as defined by the BSI and are affected by the legal regulations? Then we will first carry out a non-binding quick check with you.

Non-binding quick check

You are not sure whether you belong to the operators of critical infrastructures as defined by the BSI and are affected by the legal regulations? Take the Quick Check with us.