During the purchasing process, it is difficult for consumers to assess to what extent digital services or smart consumer products meet IT security requirements. Against this background, the IT Security Label was developed by the Federal Office for Information Security (BSI), which is intended to create transparency for consumers about IT security by making the basic security properties of IT products recognizable at a glance. In addition, the label is intended to create incentives for companies to implement minimum standards in IT security in order to increase IT security on the market as a whole.
The IT Security Label will be evaluated for the first time on November 24, 2024 and thereafter every three years. Against this background, the BSI commissioned ConPolicy and imug I research to collect representative key figures for the evaluation as part of a research project. The central target groups of the IT security label - and thus the focus of data collection - are, on the one hand, manufacturers and service providers of consumer products and, on the other hand, consumers.
Specifically, the project has been implemented in four work packages:
- Work package 1: Initial and further meetings as well as project management
- Work package 2: Manufacturer survey
- Work package 3: Consumer survey
- Work package 4: Final report
ConPolicy was charge of the project and responsible for the implementation of work packages 1 and 3. The institute also coordinated the collaboration with the project partner imug I research and the market research company INNOFACT AG.