The BSI's counter-surveillance review groups are primarily responsible for reviews that relate to state protection of classified information. This includes public authorities and industrial companies that are subject to the Federal Ministry for Economic Affairs and Energy's (BMWi) duty to safeguard classified information.
Because of the significantly increased auditing requirements in the area of state protection of classified information and limited staffing resources, it is only possible to carry out work for other private companies in exceptional circumstances and only on reimbursement of costs.

Effective eavesdropping protection can only be achieved by combining several protective measures. These are as follows:

1. Access control
   Untrusted persons must not be allowed to stay unsupervised in the room that is protected. This can be achieved by locking rooms when not in use and monitoring them with an intruder alarm system. Untrusted persons shall be escorted for the entire duration of their stay in the room.
   However, this measure may not provide protection from internal attacks.

2. Structural protection measures
   Structural protection measures are designed to achieve the following:

   • offer an attacker as few opportunities as possible to hide and install eavesdropping devices
   • achieve the highest possible acoustic sound insulation so that conversations cannot be overheard from outside
   • carry out electronic eavesdropping checks as effectively and reliably as possible
3. These measures also make it more difficult for an inside perpetrator to install an eavesdropping system or to operate it undetected for a longer period of time.
   A detailed catalogue of requirements is applied for public authorities, which lists concrete structural measures. The complete catalogue is not published for reasons of confidentiality.
4. Regular eavesdropping defence checks
   During these checks, the eavesdropping-protected room is visually inspected and examined for the presence of eavesdropping equipment using specialist tools. Checks like these cover the room, the installations and the entire interior and therefore require the consent of the room user. They take one to two days, depending on the size of the room and the equipment it contains. This eavesdropping check establishes the current actual state of the room; permanent eavesdropping protection can only be ensured alongside effective access control and supervision of outside personnel.
5. Protective measures on the telecommunications system
   The telecommunications system can also be misused for eavesdropping on room or telephone calls using specific settings in the system configuration.

There are many companies in Germany that provide counter-surveillance audits. However, the BSI cannot make any recommendation regarding the quality of the services provided.