In addition to the certification of IT products and IT systems with regard to their security functionalities and interoperability, it is also possible to obtain sector-specific certification of an information security management system (ISMS) structured according to ISO/IEC 27001 for certain use cases. This becomes necessary if, apart from the proof of the general operation of an ISMS, the proof of the fulfilment of certain requirements for a specific target group/sector towards third parties is necessary or desired.

Technical guidelines, describing these requirements are developed and published by the BSI. This is done only after a national security or
public interest need has been identified.

The conformity of a management system to a Technical Guideline (in conjunction with conformity to ISO/IEC 27001) can be confirmed with a certificate by a DAkkS :accredited certification body for ISMS, which has personnel qualified by the BSI. In the course of this procedure, an assessment is carried out by an auditor on the basis of the requirements specified in the Technical Guideline. The assessment is supervised by the responsible certification body and confirmed with a certificate after successful completion.

Certification is currently in preparation for the following TR:

• TR-03108 Secure E-Mail Transport

The certification system is described in the " Hinweis für Zertifizierungsstellen von sektorspezifischen Managementsystemen basierend auf ISO/IEC 27001" .

Notice:

Please note that the accreditation of the certification body basically only refers to the pure certification according to ISO/IEC 27001.