Transformation der Energiebranche mit CRISAM®.

Energy & utilities IT risk management & ISMS compliance software

The energy sector is in transition. Secure control centres, SCADA and smart metering, evidence ISO 27001 and ISO 27019 compliance, support your UK NIS / NCSC CAF obligations, and produce audit-ready reports at the push of a button — as standard software, with no additional programming.

See whats included

Home » Energy & Utilities

Definition

What is CRISAM® for energy & utilities?

CRISAM® for energy & utilities is a governance, risk and compliance (GRC) platform with a built-in information security management system, designed for critical-infrastructure operators. It ships with specific content for control centres, SCADA systems, telecontrol devices and smart metering, delivers compliance proofs at the push of a button for standards including ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27019, calculates IT risk using the scientifically proven CRISAM® method, and generates audit-ready reports. Available as SaaS or on-premise.

Specific content for control centres, SCADA, telecontrol and smart metering (headend, MDMS, gateway, meter)
Compliance proofs at the push of a button for ISO 27001, ISO 27002, ISO 27019 and energy-sector catalogues
Scientifically proven CRISAM® method with multi-compliance mapping to evidence UK NIS / NCSC CAF obligations

Cyberattacks are now the #1 risk

Cyberattacks are the top risk for businesses — and energy supply companies are a prime target for hacker groups with military or criminal backgrounds.

Automation opens new attack vectors

Power plants and substations are now controlled automatically and remotely. Technology cycles in automation and protection cannot keep pace with current threats and must be elaborately secured.

New legal frameworks demand evidence

New legal frameworks require additional evidence of implemented safety measures — in the UK, under the NIS Regulations 2018 and the NCSC Cyber Assessment Framework.

An industry that is a critical infrastructure — and a top target

How CRISAM® solves it

One integrated management system for critical infrastructure

The scientifically proven CRISAM® method

Risk is calculated, not estimated. Reproducible results instead of subjective scoring — a method that holds in audit.

Compliance proofs at the push of a button

ISO/IEC 27001, 27002 and 27019, the BDEW Whitepaper 2.0 and the Oesterreichs Energie smart-metering catalogue — generated as audit-ready reports.

Digitised management process incl. audit management

An efficient, structured approach digitises the entire management process end-to-end, drawing on the CRISAM® ISMS Content Library and the BSI IT-Grundschutz Compendium.

Built for OT: SCADA, control centres & smart metering

Specific content evaluates control centres, SCADA systems, telecontrol and machine control systems, plus smart metering across headend, MDMS, gateway and meter.

Multi-compliance mapping for UK NIS / CAF

Answer a control requirement once and evidence it across several frameworks — so the same ISMS work supports your ISO standards and your NIS / NCSC CAF reporting.

SaaS or on-premise — same functionality

Dedicated SaaS instance (CALPANA or your own Azure tenant) or on-premise — no shared service, no feature restrictions.

What’s in the content library

Energy-sector compliance content out of the box

CRISAM® delivers compliance proofs at the push of a button for the standards and catalogues below, and supports the IT security catalogues in accordance with § 11 paragraph 1a/b. Its multi-compliance mapping lets you evidence the same controls against UK NIS / NCSC CAF obligations. Content is updated at least once a year within your subscription.

ISO 27001ISMS

ISO 27019Energy utilities

ISO 27002Controls

BDEW WP 2.0Energy

BSI IT-GrundschutzBaseline

40+ moreContent library

Also included: the Oesterreichs Energie requirements catalogue for end-to-end security in smart metering and the NIS Fact Sheet on the provided mappings. UK NIS Regulations 2018 / NCSC CAF obligations are supported via multi-compliance mapping.

In practice

CRISAM® evaluates your entire IT landscape

With its specific energy content and numerous knowledge packs, CRISAM® assesses everything from control centres, SCADA systems and telecontrol devices to smart-metering components and corporate IT — against the state of the art. The integrated analysis tools show immediately where the greatest need for action lies and which measure reduces the overall risk the most.

Prefabricated, configurable reports make all recorded data, results and analyses available transparently for different recipient groups: information security officers, business-unit heads, executive management and auditors.

Request now

How CRISAM® compares

CRISAM® vs. a generic GRC tool vs. spreadsheets

Capability	CRISAM®	Generic GRC tool	Spreadsheets & docs
ISO 27019 / energy-sector content	✓ Included	● Partly	✕ Manual
SCADA, control-centre & telecontrol evaluation	✓ Specific content	✕ Generic	✕ No
Smart-metering content (headend, MDMS, gateway, meter)	✓ Yes	✕ No	✕ No
Compliance proof at the push of a button	✓ Yes	● Effortful	✕ Days of work
Multi-compliance mapping (ISO ↔ NIS / CAF)	✓ Automatic	✕ No	✕ No
Scientifically proven CRISAM® method	✓ Yes	✕ No	✕ No
Return on Security Invest / simulation engine	✓ Built in	✕ No	✕ No
Standard software, no programming	✓ Yes	● Partly	—
SaaS & on-premise	✓ Both	● Usually SaaS only	—

Categories shown rather than named products. ✓ Yes · ● Partly · ✕ No.

FAQs

Energy IT risk & ISMS compliance — your questions

No risk – let’s stay in touch

See CRISAM® for energy & utilities in action

A live demo with a CRISAM® GRC specialist, tailored to your compliance obligations and existing tooling.