eurofunk provides implementation support for BSI IT-Grundschutz
The Federal Office for Information Security (BSI) is the body responsible for ensuring that your digital data stays safe and that threats to the state, the economy and the society are dealt with effectively. Regular publications on IT-procedures and methods enable users to develop security concepts that conform to BSI standards, thus helping their organization or authority to receive certification.
eurofunk’s information security team helps customers and project teams to develop comprehensive security concepts. It is our job to assist with IT-Grundschutz checks and to assess and implement IT-security measures. The result is a comprehensive IT security concept containing all relevant documents required by the BSI.
High aims
Maintaining and improving Information and IT security is a goal that eurofunk set early and continues to treat with the utmost importance when planning, implementing and maintaining customer projects. Through external BSI certification and an additional practitioner certification for all relevant employees, we aim to provide our customers with much needed transparency and to equip our employees with the tools they need to better evaluate customer system requirements.
We know your time is valuable which is why we do our best to create concepts quickly and with a minimum of effort on your part. Current requirements are always taken from the BSI standards 200-x and the IT-Grundschutz compendium 2021. To further optimize the process, eurofunk helped establish BSI IT-Grundschutz profiles for control centers. This allows sector-similar authorities and companies to reduce time and effort by minimizing the number of repeat steps.
eurofunk is BSI certified!
BSI certification covers the business processes of the eurofunk KAPPACHER Group for the implementation and maintenance of customer systems in Austria and Germany. Beginning 2019 with a comprehensive audit of the effectiveness of our information management system, we took our first steps towards initial certification according to ISO27001. Following the complex audit process and the implementation of BSI recommendations, eurofunk was granted certification on September 16, 2020 taking IT security far beyond market level and guaranteeing that eurofunk conforms with BSI IT-Grundschutz in all areas.
BSI IT-Grundschutz practitioners
In April, 2021 comprehensive training was offered to those employees interested in information security. The course focused on security concepts and information security management systems (ISMS). IT-Grundschutz practitioners also have the necessary know-how to prepare an ISO27001 audit which gives them an edge when it comes to the evaluation and implementation of customer requirements.
BSI IT-Grundschutz profiles
The effort required to set up an ISMS that complies with BSI IT-Grundschutz is enormous. The idea behind IT-Grundschutz profiles was to document and store relevant information that can be applied to all companies in the respective industry and reused by template.
At the end of June 2019, eurofunk organized a kick-off workshop together with the BSI and industry representatives to create an IT-Grundschutz profile for control centers. This profile was published by the trade association for control centers on the BSI website in February 2021.
The profile itself includes an information network reference architecture for control centers, assists in determining the need for protection, and lists the building blocks to be modeled.
eurofunk offers more than just BSI IT-Grundschutz
If required, our systems can be tested by certified pentesters using state-of-the-art equipment and techniques. Attack patterns can be reproduced, and the system examined for possible attack vectors. Customers receive a comprehensive report and recommendations for action.
In addition, an automated vulnerability scan based on the BSI-certified vulnerability scanner Greenbone is performed before the systems are delivered. Vulnerabilities such as misconfigurations, uninstalled updates or outdated software products can thus be detected and highlighted.