Myra demonstrates competence in critical infrastructure: Audit confirms the highest security standards

MYRA NEWS | 29 June 2021

In a voluntary audit, Myra Security has demonstrated that it more than meets the highest requirements for critical infrastructure security in the information technology and telecommunications sectors, as well as in the finance and insurance sectors, in accordance with Section 8a of the Act on the Federal Office for Information Security (BSI Act – BSIG).

As a specialist service provider, it goes without saying that Myra meets the same stringent IT security requirements as our customers. In sensitive and highly regulated sectors such as finance, government, healthcare, and critical infrastructure, certified quality is crucial – and there is no room for error.

“We are fully aware of our responsibility at all times. Independent auditors therefore audit Myra on a regular basis,” says CEO Paul Kaffsack. “Myra knows critical infrastructure. In a global comparison, no other security-as-a-service provider is as exhaustively certified as Myra Security.”

BSI Act sets high security requirements

Specifically, Section 8a (1) BSIG requires the operators of critical infrastructure to “take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity, and confidentiality of their information technology systems, components, or processes.” The state of the art must be adhered to. Myra meets all these requirements, as verified by the successful completion of the critical infrastructure audit.

Myra works to the highest quality standards

The critical infrastructure readiness audit carried out by usd, including an on-site inspection, followed the same strict inspection process that critical infrastructure companies have to undergo in order to receive official certification from the German Federal Office for Information Security (BSI). The audit catalog comprised roughly 100 points from the following categories:

  • Compliance

  • Information Security Management System (ISMS)

  • Asset management

  • Risk management

  • Continuity management

  • Personnel security

  • Incident response

  • Technical information security (data backup and recovery, IT resources, mobile devices)

  • Checks during day-to-day operations

  • Supplier relationships, service providers

  • Physical and environmental security

The audit, which lasted several days, showed that Myra had successfully implemented all the comprehensive protective measures – such as those relating to IT compliance, business continuity management, and ISMS – and complied with the highest security standards.

Our certifications at a glance

  • BSI qualified: The BSI catalog contains 37 wide-ranging requirements for DDoS protection providers to qualify for critical infrastructure protection. As one of the leading providers, Myra fulfills all 37 criteria.

  • ISO 27001 based on IT-Grundschutz (IT baseline protection): This exacting form of ISO 27001 confirms Myra’s successful implementation of comprehensive measures to protect the company’s IT. Our information security management system (ISMS) ensures the confidentiality, availability, and integrity of all information at the highest level.

  • PCI DSS certified: This certification allows us to securely process over 10 billion euros in credit card transactions annually via Myra’s infrastructure in accordance with the Payment Card Industry Data Security Standard. Not only are we “PCI DSS compliant,” we also have five fully “PCI DSS certified” sites.

  • BSI C5 (in progress): With the C5 attestation, Myra will demonstrate that our cloud services meet all minimum information security requirements according to the BSI Cloud Computing Compliance Criteria Catalog (BSI C5). Customers can use the C5 attestation report as a basis for conducting their own risk analysis.

  • Trusted Cloud according to the Federal Ministry for Economic Affairs and Energy (BMWi): Myra fully satisfies all of the requirements for transparency, IT security, data protection, and legal security associated with the Trusted Cloud label. Our customers can be sure that the confidentiality and security of their data are maintained.

  • Compliant with GDPR and the IT Security Act (IT-SIG)

Related articles