qSkills Logo

SC160: Requirements for CRITIS-ISMS and Additional Audit Procedure Competence According to BSIG for CRITIS Operators

Training: Governance, Risk & Compliance - Security - Certification

Allianz für Cyber Sicherheit Partner Logo

Participants acquire the specialized audit procedure competency for § 8a BSIG that auditors and auditing bodies must demonstrate for audits at KRITIS operators. The new requirements effective from 01.04.2025 with focus on the NIS2UmsuCG are covered. The successfully completed examination serves as official competency certification with the BSI™ and qualifies for audits in KRITIS environments.

Online event Online event

Start: 2026-06-22 | 09:00 am

End: 2026-06-24 | 04:00 pm

Location: Online

Price: 2.250,00 € plus VAT.

Hybrid event Hybrid event

Start: 2026-10-12 | 10:00 am

End: 2026-10-14 | 05:00 pm

Location: Nürnberg

Price: 2.250,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • The course includes the following topics:

    • Module 0: Introduction: Presentation of BSI™, critical infrastructures
    • Module 1: IT-SiG, NIS2UmsuCG, BSIG: Deadlines, information system and reporting obligations/channels, forms, state of the art
    • Module 2: BSI™-KritisV: Fundamentals, structure and content, annexes, facility categories and threshold values, consequences
    • Module 3: Audit fundamentals: Legal foundations, audit topics from guidance document B3S, variants for audit procedures without B3S
    • Module 4: Audit process: Legal regulations on evidence, evidence process, operator tasks, qualification and tasks of audit team and auditing body

  • Examination: 60 minutes (multiple choice)

  • The course is oriented on the official module contents of the 3-day BSI™ basic course and the examination questions of BSI™.
  • The 3-day qSkills™ course provides adequate space for in-depth discussions of the complex subject matter.

  • BSI™ does not issue official certificates for auditors or auditing bodies regarding audit competence §8a BSIG! Participants receive after passed examination from qSkills™ a confirmation with reference to the course instructor and the course modules. Auditors and auditing bodies can hereby demonstrate their competence sufficiently to BSI™.

Objectives:

Participants acquire the "special audit procedure competence for §8a BSIG" and receive an overview of the relevant laws, audit topics, and requirements for auditors and auditing bodies, audit processes, as well as necessary evidence and forms. The course does not include how the orientation guide for B3S or a B3S can be implemented in organizations or which measures correspond to the state of the art. The course does not offer legal advice on laws and regulations, e.g., to what extent an operator and its facilities fall under the BSI™-KritisV in individual cases. It neither replaces legal consultation nor inquiries with the BSI™.

Target audience:

The course SC160 Requirements for KRITIS-ISMS and additional audit procedure competence according to BSIG for KRITIS operators is primarily targeted at auditors and employees of auditing bodies.
All members of an audit team and at least one employee of an auditing body must provide proof of competence.
For employees of KRITIS operators (information security officers, internal auditors etc.), whose organization must be audited according to §8a BSIG, the course SC160 Requirements for KRITIS-ISMS and additional audit procedure competence according to BSIG for KRITIS operators provides important insights into audit processes and expected audit topics (see course objectives).
The course is not focused on specific KRITIS sectors or industry-specific security standards (B3S).

Prerequisites:

Knowledge in the area of ISMS (e.g., 27001, IT-Grundschutz) or comparable management systems. Participants should have initial auditor experience and basic knowledge of the BSI™ Act in the IT Security Act and the BSI™ Critical Infrastructure Ordinance.

Description:

The participants of the course SC160 Requirements for KRITIS-ISMS and additional audit procedure competence according to BSIG for KRITIS operators receive the "special audit procedure competence for §8a BSIG". This must be demonstrated for auditors and auditing bodies that conduct audits at Critical Infrastructures (KRITIS) that operate a critical facility according to the BSI™-Kritisverordnung.


From 01.04.2025, all KRITIS operators must fulfill comprehensive new requirements – the course particularly considers the aspects from the NIS2UmsuCG.

The participation and the successfully completed examination serve as proof of your competence at the Federal Office for Information Security (BSI™).

check-icon

Guaranteed implementation:

from 2 Attendees

Booking information:

Duration:

3 Days

Price:

2.250,00 € plus VAT.

(including lunch & drinks for in-person participation on-site)

Exam (Optional):

100,00 € plus VAT.

Testimonials:

Cheerful male participant, representative of all customers who have provided feedback on qSkills' services.
#Testimonials
If qualification, then qSkills™

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.