Comparison Cyber Trust Labels

There are two quality levels to cover different target groups. The quality levels differ regarding their security claim as well as the assurance level.

Cyber Trust Austria Label

The basis label addresses primarily smaller companies and organisations. It comprises 14 baseline security requirements, which any organisation should be able to fulfil; the effort is reasonably limited. The assessment is based on a validated self-declaration. The process is therefore simply and fast.

Cyber Trust Austria Label Gold

The advanced label is geared towards larger enterprises and organisations which want to (or have to) fulfil a higher security level. It comprises the 14 baseline security requirements plus 11 additional requirements. To comply with this standard, organisations need preparation and a certain effort accordingly. The assessment is based on a third-party audit. This process takes some more time but can also be completed in a few weeks.

Cyber Trust Austria Label
Cyber Trust Austria Label Gold
BaselineKSV1870 Cyber Risk B RatingKSV1870 Cyber Risk A+ Rating
Assurance LevelSelf-declarationAudit
Assurance MethodAnswering a questionnaire followed by external validation; acceptance of eventual random surveillance audits, conduction of an automated web risk scoringsEvidence based third party audit by a qualified auditor (QuaSte accreditation by NIS authority); conduction of an automated web risk scorings
Security ClaimBaseline SecurityAdvanced Security
Criteria1425
RequirementsQuestionnaire B-RatingQuestionnaire A-Rating
Label
Requirements for the LabelValid KSV1870 CyberRisk B-Rating of 190 or betterValid KSV1870 CyberRisk A+ Ratings of 190 or better
Target GroupsSMEs who take cybersecurity seriously and want to show that to its customers
Suppliers of Operators of essential Services according to §16 NIS-Law (BGBL Nr. 111/2018) in less critical areas
Large companies and corporates
Suppliers of Operators of essential Services according to §16 NIS-Law (BGBL Nr. 111/2018) in more critical areas (e.g. software companies, processors of sensitive data, etc.)
Validity1 Year1 Year
Renewal ProcessRenewed answering of the questionnaire*Renewed Audit*
* The criteria are re-evaluated every year and adapted accordingly.