The Federal Office for Information Security (BSI) carries out certifications of persons in the field of conformity assessment on the basis of the BSI Act of 14 August 2009. Qualified persons are required to carry out evaluations and examinations for the purpose of certifying products and management systems and to support the BSI in the area of IT security services. The aim of the process is to provide competent persons in the areas of application and to ensure the quality and comparability of evaluations/examinations, audits and services.

The process is described in the document Process Description for the Certification of Auditors.
The document Process Description for Evaluating Persons and Certifying Their Competence describes the groups of persons "IT-Grundschutz consultant", "IS auditor and IS consultant" in addition to "IS penetration tester".
Further information on the areas of application can be found in the table of contents.

The document "Verzeichnisse" [Directories] contains the central breakdown of all references (master list of current documents) and a glossary.

The competence evaluation process

The competence evaluation process is used to demonstrate the professional competence of those employees who are employed by recognised testing bodies and certified IT security service providers. However, the competence assessment is carried out within the framework of the procedure for the recognition of test centres and certification of IT security service providers and does not represent an independent certification of persons.

Certification of persons

For certification, an application for certification is submitted by an individual and a certification process is carried out. For certification, these persons must prove their professional competence within the framework of a competence assessment, so that a final decision can be made on a personal certification. The certification process is a personal certification reserved exclusively for natural persons.

The procedure begins in the application phase with the application and examination of the scope. This is followed by a competence assessment of the person in the evaluation phase. This phase is the preparation for the certification decision. During the certification phase (duration: 3 years), the competence of the person is monitored and maintained, if necessary, through exchanging experiences. If the BSI detects a violation of the person's procedural descriptions and guidelines, or if the person exhibits significant competence deficiencies in particular, the BSI can pronounce the suspension of the certification in a warning phase.

Further information on the various areas of personal certification can be found in the respective programmes for the groups of persons listed below. 

Please note:
Unfortunately, the option to check documents before submitting an application -- in whatever form -- is not provided for and cannot be set up, as this cannot be accounted for in accordance with the Administrative Procedure Act. The admission requirements for certification as well as the way of providing evidence are sufficiently described in the respective programmes.

Costs of the certification procedure:
The costs of the certification procedure are governed by the Special Fees Ordinance of the Federal Ministry of the Interior, Building and Community for individually attributable public services in its area of responsibility. The fees must also be paid if the application is rejected or withdrawn.