What does KRITIS mean?
KRITIS means kritische Infrastrukturen. The Critical Infrastructures (KRITIS) are regulated under the BSI Act. The legal framework serves to protect essential sectors, whose failure could lead to severe supply shortages, disruptions to public order and safety, or other serious consequences.
Businesses operating in these sectors are required to comply with the statutory provisions due to the high level of responsibility involved. This also applies to employees: anyone performing a critical function involving sensitive information or systems, or applying for a corresponding position, must be trustworthy and meet the applicable compliance standards.
Critical Infrastructure sectors
Under the KRITIS framework, all organisations in these sectors (large or small) are recognised as Critical Infrastructures:
- Energy
- Health
- Information technology and telecommunications
- Transport and traffic
- Media and culture
- Water
- Finance and insurance
- Food
- Municipal waste disposal
- State and administration
KRITIS compliance and regulations
The BSI KRITIS Regulation specifies which facilities and organisations are impacted by this law. This is based on threshold values that determine the national importance of their services.
Organisations are legally required to comply with:
- reporting,
- verification,
- and cybersecurity standards as outlined by the Federal Office for Information Security (BSI).
Is pre-employment screening crucial in combination with KRITIS?
The KRITIS law also includes the human factor. Employees with access to sensitive systems or data are a risk for companies within these critical sectors. Many businesses are involving employment screening in their compliance strategy.
This way, you will hire someone with the right qualifications. This will not affect your time-to-hire. The average screening time is around 5 working days.
Verifying the trustworthiness and integrity of your candidates not only strengthens internal security but also shows a proactive commitment to BSI-compliant risk management.
Pre-employment screening will give your company the comfort of being sure and is crucial, because it strengthens your compliance strategy.
Relevant background checks
By screening your candidates, you show that your company is taking BSI compliance seriously. There are different background checks that you can do to protect your systems and the people who depend on your company:
Always confirm the applicant’s identity using a valid ID document. Employers must keep a copy for their records. Beyond a basic ID verification, DISA also provides a Personal ID-check, which confirms both the authenticity of the document and that the person presenting it is the rightful holder.
Verify that all listed diplomas or degrees are genuine.
Reach out to the references listed by the candidate to confirm their previous employment. Make sure job titles, responsibilities, and dates correspond with the information provided on the CV.
Perform a careful review of publicly available online information. Ensure that all findings and actions fully comply with GDPR and privacy regulations.
This check helps organisations identify potential risks before they escalate. If an employee or partner has a questionable background, the financial and reputational impact can be severe. By conducting these checks early, you protect your organisation from unnecessary exposure and costly mistakes.