Sector water

Branchen Icon

Sector water

IT security for water supply and disposal companies

In recent years, more and more utilities and waste management companies have aligned their security to the requirements of an ISMS in accordance with ISO/IEC 27001:2013. All plants that fall under the BSI Kritis regulation have the option of meeting the requirements of the BSI law by implementing the B3S water industry standard as an alternative to setting up an ISMS.

We support our customers in the preparation of control documents, especially with regard to the basic conditions of control technology. The organization of 24/7 operations is a particular challenge in the implementation of IT security.

We attach particular importance to the technical implementation of the organizational measures from the security management. The focus is always on protecting the entire control technology, especially through a secure implementation of basic servicesand network segmentation.

In all solutions for the water sector, the focus is always on the technical and operational effectiveness of the measures that ensure effective IT security.

Our solutions for water provider and disposer

    • Support in the implementation of the B3S water industry standard
    • Development of an ISMS according to ISO/IEC 27001:2013
      • Organizational and technical gap analyses on the degree of compliance with ISO/IEC 27001:2013
      • Creation of security guidelines, processes and procedures
      • ISMS implementation at organizational level according to ISO/IEC 27001:2013 and the BSI-100 series (basic protection)
      • Security concepts / controls according to ISO/IEC 27002:2013 and ISO/IEC TR 27019:2013
      • ISMS certification support
    • Technical ICS audits with regard to the protecting measures of the control system
    • ISMS operationalization of security measures for effective IT security
      • o We implement the organizational measures from the security management (e. g. ISMS) in a technically effective manner
    • Implementation and support for secure operation of centrally controlled basic services (malware prevention / antivirus, patch management, directory services / Active Directory, backup and recovery, security monitoring and account management)
    • Integrated IT security concept (ICS Security Guideline)
    • Networksecurity
      • To increase security, we optimize your network by reducing complexity, increasing reliability through redundancy and coupling networks with network segmentation
      • Protection of remote maintenance access for own service employees and third party access
    • Security Monitoring for the earliest possible detection and correction of problems
    • Incident Response
      • Establishment of an Incident Response Team (CSIRT/CERT)
      • Establishment of a Security Operating Center (SOC)
      • We take over the incident response for you with our CSIRT.
        • The CSIRT service is provided 24/7 and covers all technical, organizational and procedural aspects.
        • A high degree of specialization in different technologies enables a wide range of applications. It goes without saying that standardized procedures and methods are used. Even more: We contribute to shaping the standards around the Digital Evidence Process
    • Physical security
      • Physical evaluation and auditing of your infrastructures
        • The upgrading, planning and realization of data center and technical rooms
        • We support companies and organizations with the goal of data center certification
        • Another focus is the intelligent video monitoring of downstream alarms.
        • In order to guarantee holistic security of physical infrastructures, the trade interfaces are designed and coordinated as a whole
      • Risk management
        • Risk assessments taking into account the results of the security tests, the company risk strategy and the core business processes
        • Integration of IT risk management into corporate risk management

Your contact person


Andreas Eichmann

Senior account manager
Tel. +49 2173 20363-0

Reference projects

  • Conversion B3S W/A
    • 9 KRITIS operators water sector
  • Technical safety tests
    • Water supply and disposal companies
  • Creation of regulatory documents
    • Municipal waste water disposal company

more reference projects...

Committee work

  • Working group "WI-5.4 Cyber-Security"
    • DWA
  • ISO IEC JTC1 SC27 (WG3 and WG4)
    • ISO
  • Mirror committee NA 043-01-27
    • DIN

more committee work...


  • The benefits of a safety test for process control technology
    • Westermo Solution Days - Roadshow
    • Feb 2016
  • Consistent security management with the help of central services
    • IT-Security requirements for the energy industry
    • May 2014
  • Technical tests for ICS systems
    • 14. German IT Security Congress
    • May 2015

more lectures...


  • Consistent security management with the help of central services
    • SPS IPC Drives Kongress
    • Nov 2012
  • Hazard situation and safety of pump stations in open pit mining operations
    • a+s
    • Feb 2012
  • Information Security for Energy Automation Systems
    • EW
    • Sep 2009

more publications...