B3S and IT Security Law for KRITIS operators in the water/waste water sector


According to §8a BSIG, providers of critical infrastructures have to prove that their IT security meets the “state of the art”. This is possible with the implementation of the industry standard B3S water/waste water developed by the German Association of the Industry, which has already been approved by the Federal Office for Information Security in 2017.

As a basis for the B3S water/waste water implementation, it is recommended to establish an information security management system according to

  • ISO 27001 and/ or
  • BSI support (IT-Grundschutz)
in which the industry-specific requirements of the B3S can be integrated.

The GRC/ISMS software QSEC offers comprehensive and sustainable support in the implementation of an information security management system and the requirements for KRITIS providers in the water/waste water sector.

The QSEC software methodically provides

  • Compliance
  • Data Protection Management
  • Risk Management
  • Security Incident Management and
  • Measures Management

and enables the implementation of the requirements from established standards such as ISO 27001 or BSI standard (IT-Grundschutz).

All other relevant industry-specific requirements from the B3S can be implemented in QSEC.

With QSEC the compliance with legal requirements by increasing the overall IT security according to B3S, can be documented in an audit proof manner.

Convince yourself of the performance of QSEC in a web demo.


References & case studies


QSEC Online-Demo