Energy – ISMS –according to ISO 27019, IT security catalog and B3S

QSEC® – ISMS Software for KRITIS provider and energy supplier


Electricity and gas network providers are obliged by the IT security catalogue to implement minimum IT security standards and to introduce an ISMS according to ISO 27001.

These requirements lead KRITIS operators to many different questions. Some examples are:

  • What is the current state of the company regarding IT and information security?
  • What is the current status of safeguarding critical and system-relevant processes in the company?
  • Which measures are necessary to meet the requirements regarding the required security level?

The ISMS software QSEC offers the best possible support in the implementation of the requirements for KRITIS operators in the energy supply sector.

Based on the requirements of ISO 27001 (information security management system) and complemented by the energy-specific requirements of ISO 27019, the entire management of information security, including

  • Compliance Management
  • Risk Management,
  • Measure Management
  • Security Incident Management,
  • Document Management and
  • Reporting

can be implemented in QSEC in accordance with the industry specific requirements and specifications of the IT security catalogue for energy suppliers. The requirements of the B3S Energy are also considered in QSEC.

QSEC is a modern, database-supported software solution, which is highly integrated in programming and already includes all necessary modules, such as compliance management, risk management, security incident management, action management, document management and reporting, as standard. The data protection according to GDPR is also already integrated in QSEC, so that the advantage is to be able to fulfill the requirements of information security and data protection together via one system.

Through the workflow, wizard and task functionalities, the user is guided user-friendly through all requirements for the fulfillment of compliance.

The solution is multilingual, mandate-capable and meets all requirements of companies up to the largest corporate structures.

With the integrated reporting and dashboard function, managers can evaluate the current security and data protection status on a daily basis, providing management with important information for decision-making and process optimization based on facts.

We would be pleased to show you how QSEC can support you in implementing your information security management system according to the IT security catalogue and B3S.

References – Energy supply (excerpt):

  • Energienetze Mittelrhein GmbH & Co. KG
  • Stadtwerke Düsseldorf AG



References & case studies


QSEC Online-Demo