TÜV Rheinland is the largest independent service provider to combine competence in the field of information security with comprehensive industry and mobility expertise and has been ensuring the technical security of people and their environment on an international level for more than 140 years.
As part of the certification process, we performed a data protection audit as well as internal and external security analyses. These involved inspections of various computer centres along with a simulation of an external hacker attack with the aim of stealing confidential data.
The result was that TÜV Rheinland was able to certify that the online application of the Beurer HealthManager meets the legal requirements of the German Federal Data protection Act (BDSG) – both from a technical standpoint and with regard to responsibility and processes – and complies with important aspects of international standards such as ISO 27001 and ISO 18028. This means:
- The confidentiality and integrity of the processed information are assured
- The declarations of the data privacy statement are effectively implemented
- Personal data is effectively protected in accordance with the German Federal Data Protection Act
To ensure a high level of data security, Beurer stores customer data in two independent computer centres.
- Externally accessible, technical systems are effectively protected against unauthorised use.
The TÜV Rheinland certification is valid for a period of three years. A follow-up audit is performed after 12 months, to establish whether data protection and security is still assured and how processes can continue to be optimised. After 36 months, a re-Certification must take place as a means of continuing the ongoing improvement process with regard to data protection and security in the long term.