Icon Ordner mit Schloss

IT Security Catalogue pursuant to Section 11 (1a) EnWG – Certification of your Information Security Management System (ISMS) for network operators

Would you like to have your Information Security Management System (ISMS) certified to the IT Security Catalogue pursuant to Section 11 (1a) EnWG? Below you will find all the essential information about the certification process. Find out what benefits this certification brings, how the certification procedure works and which steps you go through up to the issuing of the certificate. We introduce the three-year audit cycle and how regular audits ensure the effectiveness of your security measures. We have answered further questions at the end of this page in the form of FAQs. If you have any open questions, please feel free to get in touch.



What is the IT Security Catalogue pursuant to Section 11 (1a) EnWG?

To protect against threats to the telecommunications and electronic data processing systems necessary for secure network operation, minimum standards are set out in the so-called "IT Security Catalogues". The IT Security Catalogue pursuant to Section 11 (1a) EnWG applies specifically to operators of electricity and gas networks.

With the adoption of the IT Security Catalogue pursuant to Section 11 (1a) EnWG, network operators were required to introduce and have audited an ISMS to ISO/IEC 27001 in conjunction with ISO/IEC 27002 and ISO/IEC TR 27019. Clauses 4–10 of ISO/IEC 27001 set out the guidelines and principles for initiating, implementing, operating and improving the ISMS, while the Annex to ISO/IEC 27001 and ISO/IEC 27019 set out the controls that must be implemented.

Responsibility for implementing the requirements of the IT Security Catalogue lies exclusively with the operators of an electricity or gas network (listed with the Federal Network Agency under a corresponding operating number). This applies regardless of whether a network operator operates an electricity or gas network as owner or under a lease model. This means that operators of energy supply networks whose systems, applications and components fall within the scope of the IT Security Catalogue, but which are operated entirely by one or more third parties, must be certified.


Benefits of certification

Meeting legal and regulatory requirements

Improved perception of information security as an organisational attribute, both externally and internally

Competitive advantages and, at the same time, proof of trustworthiness and reliability

Proof of effectiveness of the security measures you have implemented, through an independent audit

A stronger information security awareness and thus a higher level of information security in the organisation


Process of a certification procedure

Diagramm zum Ablauf einer Zertifizierung

The general certification cycle is designed for three years due to the validity of the certificates and consists of the following phases:

  1. Initial certification
    1. Stage 1 audit (document review / adequacy review of the ISMS)
    2. Stage 2 audit (effectiveness review of the ISMS)
  2. First surveillance audit (no later than 12 months after the certificate is issued)
  3. Second surveillance audit (approx. 24 months after the certificate is issued)

Your path to IT Security Catalogue pursuant to Section 11 (1a) EnWG

Enquiry

Submit an enquiry and optionally arrange an introductory meeting via video call at short notice

Quotation

Complete our basic data as a basis for an initial understanding of your organisation and for preparing the quotation

Order placement

Place the order with RSM Certification GmbH and jointly coordinate the next steps (including scheduling)

Stage 1-Audit

Only for an initial certification: to gain a better understanding of your organisation and your ISMS, we usually carry this out in a joint remote session. Aim: to determine certification readiness

Stage 2 audit / recertification

Conducting the Stage 2 audit / recertification audit, the effectiveness review of your ISMS

Technical review

Technical review of the auditor(s)' documentation and the certification decision by RSM Certification GmbH

Issuing the certificate

Issuing the certificate

Handover

Handover of the audit report, the certificate and the certification seal

Review

Reviewing the continuous development of the ISMS as part of the surveillance audits


Certification by RSM Certification GmbH

Would you like us to certify you? Feel free to get in touch with us without obligation.

info@rsm-certification.com
+49 211 540148 00


Get in touch without obligation

Please add 5 and 2.

FAQ

How much does certification to the IT Security Catalogue pursuant to Section 11 (1a) EnWG cost?

The requirements for the effort calculation under the IT Security Catalogue are very similar to those of ISO/IEC 27001. However, the IT Security Catalogue gives rise to specific requirements for electricity and gas networks that must be taken into account accordingly. These requirements can be found in the "Conformity assessment programme for the accreditation of certification bodies". These include, for example, the auditing of so-called unmanned operating sites.