After an IT security incident, companies are often overwhelmed with the incident resolution. If it is a complex IT security incident that requires both broad technical expertise and experience in incident analysis and incident handling, as well as competent human resources, the use of a certified IT security service provider is required.

The certified service provider has demonstrated that it has a team of at least two certified incident experts. It offers the following tasks and services:

• analysis of more complex IT security incidents, especially on-site,
• rapid containment of the extent of damage from a major IT security incident,
• determining the causes of more complex attacks,
• recovery of various affected systems after an IT security incident.

The aim is to be able to fall back on competent and experienced IT security service providers as part of the cyber security network, which can offer support after an IT security incident occured.

The commissioned IT security service providers must be characterised by reliability and independence as well as professional competence and the quality of the service. The aim of the certification is therefore to ensure the trustworthiness and competence of the IT security service provider in order to support users in the selection of IT security service providers.