SC160: Additional Audit Procedure Competence for § 8a BSIG (Critical Infrastructure) Considering NIS2

Training: Governance, Risk & Compliance - Security - Certification

Allianz für Cyber Sicherheit Partner Logo

Participants acquire the specific auditing competence required under § 8a BSIG, which auditors and auditing bodies must demonstrate for audits of KRITIS operators. The course covers the new requirements effective from 01.04.2025 with a focus on the NIS2UmsuCG. Successful completion of the exam serves as an official proof of competence with the BSI™ and qualifies participants for audits in KRITIS environments.

Hybrid training Hybrid training

Start: 2025-10-13 | 10:00 am

End: 2025-10-15 | 05:00 pm

Location: Nürnberg

Price: 2.250,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-01-19 | 10:00 am

End: 2026-01-21 | 05:00 pm

Location: Nürnberg

Price: 2.250,00 € plus VAT.

Online training Online training

Start: 2026-06-22 | 10:00 am

End: 2026-06-24 | 05:00 pm

Location: Online

Price: 2.250,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-10-12 | 10:00 am

End: 2026-10-14 | 05:00 pm

Location: Nürnberg

Price: 2.250,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • The course includes the following topics:

    • Module 0: Introduction: Presentation of BSI™, critical infrastructures
    • Module 1: IT-SiG, NIS2UmsuCG, BSIG: Deadlines, information system and reporting obligations/channels, forms, state of the art
    • Module 2: BSI™-KritisV: Fundamentals, structure and content, annexes, facility categories and threshold values, consequences
    • Module 3: Audit fundamentals: Legal foundations, audit topics from guidance document B3S, variants for audit procedures without B3S
    • Module 4: Audit process: Legal regulations on evidence, evidence process, operator tasks, qualification and tasks of audit team and auditing body

  • Examination: 60 minutes (multiple choice)

  • The course is oriented on the official module contents of the 3-day BSI™ basic course and the examination questions of BSI™.
  • The 3-day qSkills™ course provides adequate space for in-depth discussions of the complex subject matter.

  • BSI™ does not issue official certificates for auditors or auditing bodies regarding audit competence §8a BSIG! Participants receive after passed examination from qSkills™ a confirmation with reference to the course instructor and the course modules. Auditors and auditing bodies can hereby demonstrate their competence sufficiently to BSI™.

Objectives:

Participants acquire the "special audit procedure competence for §8a BSIG" and receive an overview of the relevant laws, audit topics, and requirements for auditors and auditing bodies, audit processes, as well as necessary evidence and forms. The course does not include how the orientation guide for B3S or a B3S can be implemented in organizations or which measures correspond to the state of the art. The course does not offer legal advice on laws and regulations, e.g., to what extent an operator and its facilities fall under the BSI™-KritisV in individual cases. It neither replaces legal consultation nor inquiries with the BSI™.

Target audience:

The course SC160 Additional Audit Procedure Competence for § 8a BSIG (Critical Infrastructure) Considering NIS2 is primarily aimed at auditors and employees of auditing bodies.
All members of an audit team and at least one employee of an auditing body must provide proof of competence.
For employees of critical infrastructure operators (information security officers, internal auditors, etc.) whose organization must be audited according to §8a BSIG, the course SC160 Additional Audit Procedure Competence for § 8a BSIG (Critical Infrastructure) Considering NIS2 offers important insights into audit processes and expected audit topics (see course objectives).
The course is not tailored to specific critical infrastructure sectors or industry-specific security standards (B3S).

Prerequisites:

Knowledge in the area of ISMS (e.g., 27001, IT-Grundschutz) or comparable management systems. Participants should have initial auditor experience and basic knowledge of the BSI™ Act in the IT Security Act and the BSI™ Critical Infrastructure Ordinance.

Description:

Participants of the course SC160 Additional Audit Procedure Competence for § 8a BSIG (KRITIS) considering NIS2 will receive the "special audit procedure competence for §8a BSIG". This is required for auditors and auditing bodies conducting audits on Critical Infrastructures (KRITIS) that operate a critical facility according to the BSI™-Kritis regulation.

The course particularly considers aspects from NIS2UmsuCG.


Participation and successful completion of the exam serve as proof of your competence at the Federal Office for Information Security (BSI™).
check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

2.250,00 € plus VAT.

(including lunch & drinks)

Exam (Optional):

100,00 € plus VAT.

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.