Optimize your IT infrastructure

Reliably and in compliance with the German regulations on Critical Infrastructures (KRITIS)

As the trend towards digitalization gathers pace, IT infrastructures are becoming smarter and more powerful but also more liable to malfunctions and failures. That is why the German Federal Office for Information Security (BSI) has defined legal requirements to provide the optimum protection for infrastructures of vital public importance against attacks or interference. The KRITIS regulations require the operators of Critical Infrastructures to take appropriate sector-specific, state-of-the-art measures to safeguard their IT systems. These updated requirements regarding the protection of critical infrastructures have been in force as of 1st January 2022.

How future-proof is your data centre or server room?

Is your business affected by the Critical Infrastructure regulations? If it is, then it is advisable to examine your existing measures and perform a detailed analysis in order to identify and evaluate potential discrepancies between the current situation and the legal requirements.

Who are the operators of critical infrastructures (KRITIS)? The following sectors are affected:

Energy

e.g. municipal utilities, distribution system operators
Gas
Petroleum
Electricity
District heating

Information technology & telecommunications

Telecommunications providers
Mobile telephony providers

Health

Medical care
Pharmaceuticals and vaccines
Laboratories

Water

Hydro-electric plant operators
Sewage treatment plant operators

Food

Food industry
Food trade

Finance / insurance

Banks
Stock exchanges
Insurance companies
Financial service providers

Transport and traffic

Logistics
Air travel
Marine transport
Road traffic
Rail transport

State / public authorities

Parliament
Judicial institutions
Government and administration
Emergency/rescue services

Media and culture

Printed and electronic press
Television and radio
Cultural heritage
Buildings of symbolic importance

Municipal Waste Disposal

UnBÖFI

Ensuring that datacenters and server rooms comply with the latest Critical Infrastructure requirements

Through our Consulting Services for critical infrastructures, we will be happy to help you achieve and provide proof of compliance with the legal requirements.

Does your planned new datacenter or server room comply with the Critical Infrastructure regulations?
Can you demonstrate that your IT infrastructure conforms to the “state-of-the-art” requirements demanded by the BSI?
What is the right balance between Cloud, colocation & on-premises solutions for your company - while also ensuring compliance with the KRITIS regulations?

Our experts would be delighted to advise you.

Your objectives:
You operate a critical infrastructure and have to provide evidence of appropriate “state-of-the-art” technical and organizational security measures

Our services:
Examination of the existing situation and analysis of the technical aspects of information security, the security of the premises and the physical security of your IT infrastructure
|
Pre-audits in accordance with the DIN EN 50600 regulations

The result:
Optimization of your IT infrastructure
|
Ideal preparation for confirmation of compliance with legal regulations in the subsequent audit, which can be undertaken by an independent certification body.

Critical Infrastructures (KRITIS) - What areas need attention?

Operators of Critical Infrastructures must comply with minimum requirements regarding IT security and report any significant IT security incidents to the German Federal Office for Information Security (BSI). We will adopt a comprehensive all-round approach to assist you during the examination and certification of the technical aspects of your information security measures, the security of the premises and the physical security of the IT infrastructure.

Kritis Trusted Site Infrastructure — Derived from the Trusted Site Infrastructure methodology of TÜViT

The BSI legislation requires operators of critical infrastructures to implement suitable state-of-the-art technical and organizational security measures
The basis for an assessment of the KRITIS V capability is DIN EN 50600, ISO 27001 and the tried-and-tested TSI.STANDARD criteria catalogue from TÜViT
Operators of infrastructures subject to a requirement for proof of compliance must submit supporting documents to the BSI. Proof of KRITIS compliance must be provided every two years.

For the following assessment aspects in and around the data centre, technical and/or organizational measures that guarantee a security level in conformity with the identified protection requirement must be taken with regard to the following aspects:

Advising enterprises affected by the KRITIS regulations on the fulfilment and implementation of the legal requirements

Examination of the BSI requirements catalogue in an assessment

Identification of the TSI level for protection requirement and availability
Examination of the critical infrastructure requirements / applicable criteria for IT operation

We can conduct and implement various analyses and evaluation methods on behalf of our customers in order to identify any required modifications and ensure compliance with the requirements of the BSI legislation.

Drafting of a catalogue of measures

Identification of technical and/or organizational measures

Development of a concept
for a forward-looking IT infrastructure that meets the Critical Infrastructure requirements.
During our activities, we not only help identify the changes that need to be made to the existing IT infrastructure but also work to define the requirements placed on the “new” IT infrastructure.

If required, support during the implementation and integration of the identified measures

Implementation of the consolidation concept, e.g.:

Revitalization and renovation
Conversions
Cloudification/colocation
Datacenter relocation
Project management

News & Media

Blog & Vlog

02/28/2023

The challenge of data center relocation: planning, risks, implementation

Pitfalls to avoid
Decision-making aids
Tips for a smooth process

Learn more

Blog & Vlog

02/14/2023

Vlog #9 Optimizing IT security: New guidelines and deadlines

OSI Insights in our video-blog:
KritisV, ISO 27001/27002, NIS-2
Digital Operational Resilience Act

Learn more

Blog & Vlog

12/01/2022

Outlook for 2023

Process organisation promotes agile working
Securing the supply chain
Identifying trends at an early stage

Learn more

Blog & Vlog

11/17/2022

Questions and Answers about Critical Infrastructures

Questions & Answers about Critical Infrastructures
Requirements & Certifications
Obligations for companies & service providers

Learn more

Consulting & solutions for IT infrastructures - Trust our expertise

One of our particular strengths during project planning lies in our ability to cater for very special requirements and needs. The fact that we combine the flexibility of a mid-sized company with decades of experience in the cabling field is vitally important here.

Services for more than 25,000 m² of data centre space
more than 500 projects successfully implemented

Experts in the field of fiber optic-based connection technology since 1991
More than 130 service personnel covering the whole of Germany
Expertise in IT security

Everything from analyses to access controls
Support during the conduct of your datacenter transformation
Installation and Managed Services from a single supplier

Memberships

Let our experts advise you

This will quickly give you an overview of the current status of your IT infrastructure, vulnerabilities and further need for action in your company. You are not sure whether you belong to the operators of critical infrastructures as defined by the BSI and are affected by the legal regulations? Then we will first carry out a non-binding quick check with you.

Non-binding quick check

You are not sure whether you belong to the operators of critical infrastructures as defined by the BSI and are affected by the legal regulations? Take the Quick Check with us.