Mastering KRITIS and NIS-2 Compliance – How to Secure Your Critical Infrastructure for the Long Term
The new EU NIS 2 Directive and the KRITIS Framework Act present operators of critical infrastructure with significant IT security challenges. For companies and public authorities in Germany—particularly those in essential sectors such as energy, healthcare, finance, and transportation—this entails binding obligations regarding cyber risk management, reporting requirements, and comprehensive security strategies. The new regulations require not only technical protective measures but also a coordinated organizational approach.
In this interview, our colleagues from the Hosting & IT Operations, Visitor and Yard Management, and Information Security departments explain how we can effectively support companies with critical infrastructure using our VISIT product and our services.
How does ASTRUM IT’s VISIT visitor and yard management system support compliance with KRITIS and NIS-2?
Daniel Tantinger, Christoph Weber und Daniel Tripp
Daniel Tripp: “Our VISIT software platform plays a central role in securely managing physical access and visitor flows in sensitive areas. In KRITIS environments, it is essential to precisely control access rights and track who was on site and when. This significantly improves security controls. This enables companies and government agencies to prevent unauthorized access and, in an emergency, quickly determine whether security protocols were followed. In addition, VISIT automates approval processes, verifies identification documents, and provides self-service terminals for efficient check-in. This prevents unauthorized access and ensures transparent documentation.”
What is ASTRUM IT’s focus in the area of hosting and IT operations for KRITIS compliance?
Daniel Tantinger: “Through our hosting and IT operations, we ensure that critical IT systems remain highly available, secure, and monitored. This includes redundant infrastructure, continuous monitoring, and rapid response capabilities in the event of security incidents. For KRITIS and NIS 2 operators, it is crucial that their systems not only remain secure but also operate stably and reliably, as any downtime can have serious consequences. Through our close partnership with noris network, one of Germany’s leading providers of highly secure data centers, we offer state-of-the-art infrastructure, industry-specific security concepts, and the highest certification standards (including ISO/IEC 27001). Data is processed in German high-security data centers and protected by multi-layered security systems as well as geographically redundant backups. This ensures that even critical applications remain reliably available and compliant with legal requirements.”
How does ASTRUM IT support information security and ISO 27001?
Christoph Weber: “Information security is at the heart of every KRITIS compliance program. We assist with the implementation and maintenance of ISO 27001-certified management systems that systematically identify and minimize risks. ISO 27001 certification ensures that security processes are not only documented but also actively implemented. A must for operators of critical infrastructure!”
What added value does the combination of these skills offer at ASTRUM IT?
Daniel Tripp: “The integration of physical visitor management, secure IT operations, and a robust information security management system creates a comprehensive security architecture.”
Daniel Tantinger: „“This enables us to offer our customers highly secure services and provide tailored solutions that meet their specific needs.”
Christoph Weber: “It provides operators of critical infrastructure with the necessary security in an ever-changing threat landscape.”
In a nutshell: What advice do you have for decision-makers in industry and government agencies?
Daniel Tripp: “Use modern tools like VISIT to address physical security vulnerabilities.”
Daniel Tantinger: “Choose professional hosting and IT operations services that minimize the risk of downtime.”
Christoph Weber: “And be sure to systematically expand your information security management system in accordance with ISO 27001—it’s well worth the effort.”
Conclusion: KRITIS and NIS-2 as an opportunity to strengthen your IT resilience
On November 13, the German Bundestag passed the national NIS2 Implementation Act. Now, more than ever, it is time to analyze risks and define areas for action. With ASTRUM IT, you have an experienced partner at your side who will guide you safely through the complex requirements, step by step. Rely on certified IT security solutions and sustainably increase the cyber resilience of your company or government agency.
Want to know if you’re affected? Simply check the BSI website, answer a few simple questions, and get a clear assessment right away.
If you have any questions about KRITIS and NIS-2, please feel free to contact us!
Further information is also available on our website and in our Video!
