Many business processes utilise electronic systems, and large quantities of information are stored digitally, digitally processed and distributed in IT networks. This makes businesses, public administration and private citizens themselves dependent on the flawless operation of the information technology deployed at all times. Information security is therefore now an important aspect of all of our lives.

Scope "IS audit based on IT-Grundschutz"

IS audits based on IT-Grundschutz form an integral part of any successful information security management system.
Certified IT security service providers within the scope "IS audit based on IT-Grundschutz" complete the following tasks and offer the following services:

• Support for the creation of security models according to IT-Grundschutz, providing assistance during the completion of security analyses and supplementary risk analyses on the basis of IT-Grundschutz
• Providing implementation support for the creation of security models according to IT-Grundschutz, providing assistance during the completion of security analyses and supplementary risk analyses on the basis of IT-Grundschutz
• Completion of internal audits and completion of IS audits based on IT-Grundschutz in accordance with the "Guideline for information security audits based on IT-Grundschutz"
  

Scope "IS penetration tests"

An IS penetration test is a proven and appropriate technique for identifying the susceptibility to attack for an IT network, an individual IT system or a (web) application.
Certified IT security service providers within the scope "IS penetration tests" complete the following tasks and offer the following services:

• Completion of security analyses and vulnerability detection work
• Performance of penetration tests

The IT security service providers commissioned with these tasks must be reliable and independent, and must offer a high-quality, technically competent service. The goal of certification is therefore to provide assurances as to the trustworthiness and competencies of this provider, so as to help public authorities in the IT security service provider selection process.