Skip to content

Qualified Entities: a list of QuaSte providers according to the NIS Act

The Austrian NIS Act requires operators of essential services to conduct regular audits of their network and information security. The audits are organisational and technical and must be carried out every three years.

These audits must be carried out by "qualified entities" ("QuaSte"). The list of qualified entities is provided to operators of essential services upon request.

We have taken the trouble to compile a list of qualified entities in Austria for you.

Qualified Entities according to the NIS Act

Name Technical fields Organisational fields Headquarters
A1 Digital International GmbH 1 to 11 1 to 11 Vienna
BDO Consulting GmbH 1 to 11 1 to 11 Vienna, Linz
B-SEC better secure KG 1 to 11 1 to 11 Weingraben
Certification & Information Security Services GmbH 1 to 11 1 to 11 Vienna
CERTAINITY GmbH 1 to 11 1 to 11 Vienna
Certitude Consulting GmbH 1 to 11 1 to 11 Vienna
condignum GmbH 1 to 10 1 to 10 Vienna
CoreTEC IT Security Solutions GmbH 1 to 11 1 to 11 Vienna
Devoteam Consulting GmbH 1 to 11 1 to 11 Vienna
Ernst & Young Management Consulting GmbH 1 to 11 1 to 11 Vienna
GAI NetConsult GmbH 1 to 11 1 to 11 Berlin
HACKNER Security Intelligence GmbH 1 to 11 1 to 11 Krummnußbaum
K-Businesscom AG 1 to 11 1 to 11 Vienna
KPMG Security Services GmbH 1 to 11 1 to 11 Vienna
Limes Security GmbH 1 to 11 1 to 11 Hagenberg
Österreichische Computer Gesellschaft 1 to 11 1 to 11 Vienna
PwC Advisory Services GmbH 1 to 11 1 to 11 Vienna
RISE GmbH keine 3 to 6 Schwechat
SBA Research gGmbH 1 to 11 1 to 11 Vienna
SEC Consult Unternehmensberatung GmbH 1 to 11 1 to 11 Vienna
T-Systems Austria GesmbH 1 to 11 1 to 11 Vienna
TÜV AUSTRIA CERT GMBH 1 to 11 1 to 11 Vienna
TÜV SÜD Landesgesellschaft Österreich GmbH 1 to 11 1 to 11 Wiesing
XSEC infosec GmbH 1 to 11 1 to 11 Vienna
ZT Zeiler, Ziviltechniker Gesellschaft m.b.H. 1-2, 4-5, 6.1, 7-11 1 to 11 Vienna

This overview has been compiled to the best of our knowledge and belief. We do not guarantee the accuracy and timeliness of the information.

We are happy to receive tips and information regarding changes and new entries. Please send us a short message to hello@syslifters.com.

Here is an overview of the fields.
The table headings are translated "Categories according to NISV", the subheadings translated "Safety measures according to NISV".

1 Governance and Risk Management
1.1 Risk Analysis
1.2 Security Policy
1.3 Network and Information Systems Review Plan
1.4 Resource Management
1.5 Information Security Management System Review (World Record Attempt by the Austrian Government for the Longest Word)
1.6 Human Resources
2 Dealing with Service Providers, Suppliers and Third Parties
2.1 Relations with Service Providers, Suppliers and Third Parties
2.2 Service Agreements with Service Providers and Third Parties
3 Security Architecture**
3.1 System Configuration
3.2 Assets
3.3 Network Segmentation
3.4 Network Security
3.5 Cryptography
4 System Administration
4.1 Administrative Access Rights
4.2 Systems and Applications for System Administration
5 Identification and Access Management
5.1 Identification and Authentication
5.2 Authorisation
6 System Maintenance and Operation
6.1 System Maintenance and Operation
6.2 Remote Access
7 Physical Security
7.1 Physical Security
8 Incident Detection**
8.1 Detection
8.2 Logging and Monitoring
8.3 Correlation and Analysis
9 Incident Management
9.1 Incident Response
9.2 Incident reporting
9.3 Incident Analysis
10 Business Continuity
10.1 Business Continuity Management (nicely translated, dear government)
10.2 Emergency Management
11 Crisis Management
11.1 Crisis Management