Information and communications technology (ICT) is already an integral part of nearly all business processes of an energy supply company. ICT facilitates such business processes, which is advantageous, but also leads to an increased dependence on ICT systems, which entails a higher risk for companies.
To take account of this threat and particularly the increased risk of attacks on supply security, the legislator stipulated specific requirements for a safe operation of grids in the IT security catalogue (IT-Sicherheitskatalog). The legislator assumes that an ICT system used for grid control purposes is adequately protected if the key requirement of the catalogue is met, i.e. if an information security management system (ISMS) pursuant to ISO 27001 is implemented.
Establishing such an information security management system is, however, not an easy task and may, especially in the initial phase, require a lot of money and effort.
Our experts are not only certified ISMS specialists and ISO 27001 lead auditors, they also have a profound knowledge of the processes within the energy industry and the ICT systems in use. We are therefore well-equipped to provide energy suppliers with comprehensive advice.
Our service portfolio encompasses:
- Workshops/coaching on ISO 27001
- IT security check / security assessment
The IT security check / security assessment provides you with a first overview of the IT security level within your company. We evaluate and assess your ICT systems, processes and the existing documentation. The results enable a company to realistically assess the effort and resources necessary to implement an ISMS. Moreover, the insights gained may also be drawn on in the downstream process.
- Project support or management in the ISMS implementation process
The implementation of an ISMS is not an everyday task and depends on extensive specialist knowledge, all the more so given that there are specific requirements for the protection of energy distribution grids including the implementation of protective measures. Based on many years of experience in the energy sector, we have this expertise and are able to support you throughout the ISMS implementation process, from the design phase to the actual implementation of the system.
- Integration of an ISMS into an existing compliance management system
Together with our lawyers and public auditors, we are able to seamlessly integrate the ISMS into your existing compliance management system. This way, additional costs and effort can be avoided and you will benefit from an integrated system.