ISMS, NIS-2 & Co. - BSI attestation
Xyna Bulletin #18
Dear friends, partners and customers of Xyna,
Autumn has begun - and we actually wanted to introduce you to some exciting features and extensions of Xyna 10.1 in this issue. But the BSI got there before us - so today we have some news from the area of cyber security to announce.
Enjoy reading!
Kind regards from Mainz,
Philipp
Xyna GmbH
Dr. Alexander Ebbes & Philipp Dominitzki
::
Successful audit: BSI IT baseline protection at GIP Exyr
The Network and Information Security Directive 2 (NIS 2) heralds a new era of cyber security in Europe ... even if the debate in the Bundestag at the beginning of October on the government version of the NIS2UmsuCG ("Law on the implementation of EU NIS2 and strengthening cyber security") was probably quite sparsely attended by the number of Bundestag members:
Image source: German Bundestag / n24
Well, even if our ladies and gentlemen in Berlin are obviously not very enthusiastic about the topic: for our customers - and for us as part of the KRITIS supply chains - the implementation of this EU directive will mean a lot of work and responsibility.
To put this into a few figures: the number of companies affected by cyber security requirements will grow from around 4,500 (previous KRITIS sphere) to a good 30,000 in 18 different areas. With record losses of €178 billion from cyber attacks this year, this is certainly a good idea, because for many companies - including those that supply IT and software for critical infrastructure - topics such as secure-by-design, defense-in-depth or thread modeling are still unknown territory.
A key requirement for all participants in KRITIS supply chains is the establishment of a comprehensive information security management system (ISMS) based on the BSI IT basic protection. It forms the basis for dealing with the growing threat situations, strengthening resilience against cyber threats and implementing security aspects in the early design phases of IT applications. Protecting our IT infrastructures is not only a legal obligation, but also a decisive factor for the future security of our society and economy.
So much for the preface - now for the good news: on October 21st, GIP Exyr GmbH successfully passed the IT basic protection audit!
The audit was carried out according to the audit scheme of the Federal Office for Information Security (version 2.0 dated April 11, 2022) by ATM Consulting, a consulting company specializing in cybersecurity with BSI approval for ISMS audits. Our auditor Mr. Gremeyer has a history in the IT / Telco sector with stints at Vodafone, Deutsche Bahn, EDS, Telekom, etc. - and was able to bring a lot of context and understanding of our work into the audit process.
If you are interested in something like that: the BSI has an overview of the ongoing certification procedures for ISO 27001 based on IT-Grundschutz. We are in illustrious company there:
And what happens next: the certificate we have now received certifies the progress and a very good interim status of our plan to obtain full ISO 27001 certification. For this, we still have to complete some elaborations and adjustments to our processes before we start the certification process at the beginning of 2025. We will of course keep you up to date on this.
If you would like to learn more about our efforts in cybersecurity and IT resilience, or how the BSI requirements are reflected in our products and individual developments, please contact us at any time...