Focus of the technical unit
This technical unit accredits several types of conformity assessment bodies: testing laboratories (DIN EN ISO/IEC 17025), certification bodies for products, processes and services (DIN EN ISO/IEC 17065), certification bodies for management systems (DIN EN ISO/IEC 17021-1), inspection bodies (DIN EN ISO/IEC 17020) and certification bodies for persons (DIN EN ISO/IEC 17024).
Information technology
Information technology (IT for short) is a generic term for electronic data processing and the hardware and software infrastructure used for this purpose. Worldwide, considerable parts of administration, organisation, communication and entertainment are implemented on the basis of information technology. Accreditations of conformity assessment bodies in the area of IT are therefore of fundamental importance. In practice, this results in a wide range of topics. Important conformity assessments in this area are, for example, the testing of accessibility and ergonomics for software or hardware, certifications of IT service management in accordance with ISO/IEC 20000 or the testing of basic communication protocols such as TCP, UDP, IP etc..
Cybersecurity
Cybersecurity refers to properties of technical or non-technical systems for information processing, storage and warehousing that ensure the protection goals of confidentiality, availability and integrity. Information security serves to protect against dangers and threats, to avoid economic damage and to minimise risks.
The Cybersecurity Act (CSA) is an EU-wide framework for the IT security certification of products, services and processes. The Cybersecurity Act was introduced as part of a comprehensive package of measures to increase cybersecurity and strengthen the European Union's resilience against cyberattacks.
Conformity assessment bodies in this area are accredited according to ISO/IEC 17065 in accordance with Art. 60 CSA and require additional authorisation from the Federal Office for Information Security (BSI) in accordance with the Act on the Federal Office for Information Security (Section 9a BSIG). In addition, IT security laboratories are accredited in accordance with ISO/IEC 17025. Conformity assessment is carried out here using the EU adaptation of the well-known Common Criteria Framework.
Other important conformity assessment activities in the area of cybersecurity include the ISO/IEC 27000 family of standards and the IEC 62443 series of standards for IACS (Industrial Automation and Control Systems) as well as the conformity assessment programme of the Federal Network Agency for operators of energy networks and systems.