Qualified Entities: a list of QuaSte providers according to the NIS Act
The Austrian NIS Act requires operators of essential services to conduct regular audits of their network and information security. The audits are organisational and technical and must be carried out every three years.
These audits must be carried out by "qualified entities" ("QuaSte"). The list of qualified entities is provided to operators of essential services upon request.
We have taken the trouble to compile a list of qualified entities in Austria for you.
Qualified Entities according to the NIS Act
| Name | Technical fields | Organisational fields | Headquarters |
|---|---|---|---|
| A1 Digital International GmbH | 1 to 11 | 1 to 11 | Vienna |
| BDO Consulting GmbH | 1 to 11 | 1 to 11 | Vienna, Linz |
| B-SEC better secure KG | 1 to 11 | 1 to 11 | Weingraben |
| Certification & Information Security Services GmbH | 1 to 11 | 1 to 11 | Vienna |
| condignum GmbH | 1 to 10 | 1 to 10 | Vienna |
| CoreTEC IT Security Solutions GmbH | 1 to 11 | 1 to 11 | Vienna |
| Devoteam Consulting GmbH | 1 to 11 | 1 to 11 | Vienna |
| Ernst & Young Management Consulting GmbH | 1 to 11 | 1 to 11 | Vienna |
| GAI NetConsult GmbH | 1 to 11 | 1 to 11 | Berlin |
| HACKNER Security Intelligence GmbH | 3 to 9 | 3 to 9 | Krummnußbaum |
| K-Businesscom AG | 1 to 11 | 1 to 11 | Vienna |
| KPMG Security Services GmbH | 1 to 11 | 1 to 11 | Vienna |
| Limes Security GmbH | 1 to 11 | 1 to 11 | Hagenberg |
| Österreichische Computer Gesellschaft | 1 to 11 | 1 to 11 | Vienna |
| PwC Advisory Services GmbH | 1 to 11 | 1 to 11 | Vienna |
| RISE GmbH | keine | 3 to 6 | Schwechat |
| SBA Research gGmbH | 1 to 11 | 1 to 11 | Vienna |
| SEC Consult Unternehmensberatung GmbH | 1 to 11 | 1 to 11 | Vienna |
| T-Systems Austria GesmbH | 1 to 11 | 1 to 11 | Vienna |
| TÜV AUSTRIA CERT GMBH | 1 to 11 | 1 to 11 | Vienna |
| TÜV SÜD Landesgesellschaft Österreich GmbH | 1 to 11 | 1 to 11 | Wiesing |
| XSEC infosec GmbH | 1 to 11 | 1 to 11 | Vienna |
| ZT Zeiler, Ziviltechniker Gesellschaft m.b.H. | 1-2, 4-5, 6.1, 7-11 | 1 to 11 | Vienna |
This overview has been compiled to the best of our knowledge and belief. We do not guarantee the accuracy and timeliness of the information.
We are happy to receive tips and information regarding changes and new entries. Please send us a short message to hello@syslifters.com.
Here is an overview of the fields.
The table headings are translated "Categories according to NISV", the subheadings translated "Safety measures according to NISV".
| 1 | Governance and Risk Management |
|---|---|
| 1.1 | Risk Analysis |
| 1.2 | Security Policy |
| 1.3 | Network and Information Systems Review Plan |
| 1.4 | Resource Management |
| 1.5 | Information Security Management System Review (World Record Attempt by the Austrian Government for the Longest Word) |
| 1.6 | Human Resources |
| 2 | Dealing with Service Providers, Suppliers and Third Parties |
| 2.1 | Relations with Service Providers, Suppliers and Third Parties |
| 2.2 | Service Agreements with Service Providers and Third Parties |
| 3 | Security Architecture** |
| 3.1 | System Configuration |
| 3.2 | Assets |
| 3.3 | Network Segmentation |
| 3.4 | Network Security |
| 3.5 | Cryptography |
| 4 | System Administration |
| 4.1 | Administrative Access Rights |
| 4.2 | Systems and Applications for System Administration |
| 5 | Identification and Access Management |
| 5.1 | Identification and Authentication |
| 5.2 | Authorisation |
| 6 | System Maintenance and Operation |
| 6.1 | System Maintenance and Operation |
| 6.2 | Remote Access |
| 7 | Physical Security |
| 7.1 | Physical Security |
| 8 | Incident Detection** |
| 8.1 | Detection |
| 8.2 | Logging and Monitoring |
| 8.3 | Correlation and Analysis |
| 9 | Incident Management |
| 9.1 | Incident Response |
| 9.2 | Incident reporting |
| 9.3 | Incident Analysis |
| 10 | Business Continuity |
| 10.1 | Business Continuity Management (nicely translated, dear government) |
| 10.2 | Emergency Management |
| 11 | Crisis Management |
| 11.1 | Crisis Management |