Skip to content

Navigating KRITIS Compliance - How SecurityBridge and Turnkey Consulting Can Help You Prepare

If your business operates critical infrastructure in Germany, you may be aware of the new regulations put forth by the German Federal Office for Information Security (BSI) known as KRITIS. These regulations require companies to implement comprehensive security measures to protect against cyber threats and ensure the stability of critical infrastructure.

KRITIS Scope: Is your business provider of critical infrastructure?

KRITIS impacts various business sectors, including energy, healthcare, telecommunications, and transportation. Effective May 2023, companies that fall within the scope of the regulation must comply with strict security requirements. Non-compliance can result in significant penalties, making it crucial for businesses to take action now.  

However, simply complying with the regulation is not enough. The ultimate goal should be to become resilient against cyber threats, and that’s where SecurityBridge and Turnkey Consulting can help. 

May 2023 is coming: Are you prepared?

Already in early 2022, we published an article providing high-level advice on how to prepare for the implementation of the new KRITIS regulations. We highlighted the importance of self-assessment to determine whether your business falls under the scope of KRITIS, and how to identify which IT systems support critical infrastructure or can significantly impact operations.

As part of the regulation, it is mandatory to implement an automated system that detects cyberattacks. For all applications in scope, and per the § 8 a Absatz 1a BSIG regulation, this system must be in place by May 1, 2023. An audit must verify its effectiveness every two years.

KRITIS Compliance: How does it work?

Businesses must provide compliance proof to the German Federal Office for Information Security (BSI) to ensure compliance with KRITIS. A company typically starts with a gap analysis to identify the areas needing change. For KRITIS, this includes the scope definition, which furthers the understanding of the critical good or service and the supporting environment, including IT infrastructure and applications.

Once you’ve defined the scope, the BSI provides clear guidance on which measures you should implement. As always, the regulation text can be misinterpreted, particularly in the context of specific applications such as SAP S/4HANA. To reduce the risk of misinterpretation, specialized consulting firms can provide clear guidance.

KRITIS will conduct an audit on the evidence of compliance with the regulation’s requirements once you have implemented the required measures. The audit will include a review of policies and procedures and technical controls, like the system’s effectiveness to detect cyberattacks.

In our upcoming webinar on April 27th at 15 CEST, SecurityBridge and Turnkey Consulting will elaborate on this topic in the context of SAP application systems. We will provide valuable insights into KRITIS compliance, how to prepare for it, and discuss best practices for achieving resilience against cyber threats.

Join us for this must-attend webinar to learn how to confidently navigate KRITIS compliance. Register today and take the first step towards protecting your business and ensuring compliance with the new KRITIS regulations.

Posted by 

Christoph Nagy

Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Senior SAP Developer Singapore
As a Senior SAP Developer, you will be responsible for designing, developing, and maintaining SAP solutions while leading and guiding a team of developers. You will play a crucial role in the development of standard products, and your technical expertise and communication skills will be instrumental in ensuring the success of our projects. This role demands strong leadership, technical acumen, and the ability to collaborate effectively in an international development team.
Earlier this year, IBM presented its 18th edition of ‘The Cost of a Data Breach Report’ (you can find it here). This publication provides detailed and valuable insights into various factors related to data breaches. It is based on research carried out at 553 impacted organizations - any IT security professional should check it out. In this article, we will highlight some of this report’s findings and bring them into the context of SAP security.
We're hiring a financial controller/analyst
As a Controller/Financial Analyst at SecurityBridge, you will play a crucial role in managing and optimizing financial processes, ensuring accurate reporting, and providing strategic financial insights. This is an exciting opportunity for a detail-oriented professional to contribute to the financial success of the fastest-growing cybersecurity provider for SAP systems.