To help federal public authorities during the selection process for IT security service providers, the BSI, as a neutral government office, has developed a certification process for IT security service providers. For public authorities whose departments handle sensitive data, the IT security service provider commissioned must be reliable and independent, and must offer a high-quality, technically competent service. The goal of IT security service provider certification is therefore to provide assurances as to their trustworthiness and competencies. The basis of any professional service is qualified and competent employees.
The remit of IS audit and IS consulting experts (in short: IS auditors) is to provide federal public authorities with support during the creation and implementation of security models, and during the regular completion of IS audits in accordance with the "Guideline for information security audits based on IT-Grundschutz".