Information security has become in last years a fixed part of legislative acts and rules and the information exchange between the different players in the market daily routing.

Energy and utility industry in general are according to the IT security law with critical infrastructure and therefore particularly focused. Operators of criticital infrastructures moreover have been attacked by hackers that resulted due to failures and malfunctions in serious supply shortages for society.

The dependencies between the systems increase the sensivity or vulnerability of the complete system. This induces the operators of critical infrastructures to realise IT security and information security in compliance with the state-of-the-art and to regularly demonstrate full compliance. In focus are mainly systems of network control management, system operation and measured-value detection and processing, but as well as plant components for generation, transmission and distribution of energy across the sectors of power, gas, and district heat.



  • Compliance with requirements from IT security law and improvement of IT security and information security in the company
  • Implementation of an Information Security Management System to ISO 27001 in individual sections or company-wide
  • Centralisation and complete implementation of management systems such as integrated management system comprising quality, environment and information security management
  • Workout security policy and security strategy and compliance monitoring
  • Compliance with protection objectives regarding confidentiality, integrity, availability for assets to be protected (to be defined)
  • Regular reporting to BSI and further ISMS development
  • Execution of centralised organisational units /teams to fullfill information security requirements and central contact person, e.g.  as Security Operation Center (SOC) or Computer Emergency Response Team (CERT) of information security
  • Proof of complied requirements to information security and valuation of security level, e.g. by internal audits or penetration tests (technical security analysis)



  • Assistance during implementation and operation of ISMS systems according to ISO 27001
  • Workout risk identification and risk analysis with focus on loss of protection issues
  • Derivation of measure packages to observe protection issues
  • Prepare accompanying documents and check to completeness
  • Perform technical analysis (penetration tests) during system installation and system operation e.g. during FAT
  • Execution of centralised organisational units /teams fo fullfill information security requirements and central contact persons e.g. as Security Operations Center (SOC)