TÜV Rheinland is the largest independent service provider to combine competence in the field of information security with comprehensive industry and mobility expertise and has been ensuring the technical security of people and their environment on an international level for more than 140 years.
As part of the certification process, we performed a data protection audit as well as internal and external security analyses. These involved inspections of various computer centres along with a simulation of an external hacker attack with the aim of stealing confidential data.
The result was that TÜV Rheinland was able to certify that the online application of the Beurer HealthManager meets the legal requirements of the German Federal Data protection Act (BDSG) – both from a technical standpoint and with regard to responsibility and processes – and complies with important aspects of international standards such as ISO 27001 and ISO 18028. This means:
- The confidentiality and integrity of the processed information are assured
- The declarations of the data privacy statement are effectively implemented
- Personal data is effectively protected in accordance with the German Federal Data Protection Act
To ensure a high level of data security, Beurer stores customer data in two independent computer centres.
- Externally accessible, technical systems are effectively protected against unauthorised use.
The Beurer HealthManager is a health management system comprising a mobile app, PC software and the newly certified web platform.
To register and download the HealthManager to an end device, the user must log in with their personal data prior to first use.
The user can save measured body values such as weight, blood pressure and blood sugar either via USB or wirelessly via Bluetooth® technology or NFC (Near Field Communication) and then view graphical representations of this data.
The TÜV Rheinland certification is valid for a period of three years. A follow-up audit is performed after 12 months, to establish whether data protection and security is still assured and how processes can continue to be optimised. After 36 months, a re-Certification must take place as a means of continuing the ongoing improvement process with regard to data protection and security in the long term.