Information security

Maximum protection for maximum resilience.

Information security

Maximum protection for maximum resilience.

We favor the holistic approach

Information is a critical resource in companies, authorities and organizations. This is why information security is a key factor for your business success due to the increasing digitalization of business models and processes. Information security is defined as the practice of protecting information (both physical and digital data) from unauthorized access, use, alteration, loss or interference. Cyberattacks can pose an existential threat to companies and have a lasting and serious impact on their reputation. The failure of IT-supported services – even if it is only temporary – can lead to significant costs.

From our experience, we know that a holistic approach offers the best possible protection for your data. Our information security management system (ISMS for short) combines technical security mechanisms with organizational measures. It not only includes the physical protection of your company, access control to files or compliance with laws and guidelines. Employees must also work responsibly at their desks so that sensitive data does not fall into the wrong hands. Sustainable implementation and continuous improvement are the hallmarks of a reliable ISMS.

With us, you can proactively prevent, detect and fend off security threats. Because nothing is more important than protecting sensitive data while complying with all standards.

Robust information security with us

Since 2022, all clinics and hospitals have been obliged to implement appropriate measures to increase IT security. This is exactly what an ISMS does. It also describes the process described in § 75c SGB V para. 2 industry-specific safety standard for medical care (B3S). In addition, there are other norms and standards for the management of information security, such as the national IT baseline protection of the German Federal Office for Information Security (BSI). This standard is primarily aimed at establishing an actual security level and is primarily used in the government environment.

The internationally recognized standard in the field of information security is ISO 27001. ISO/IEC 27001 contains a comprehensive collection of best practices for the management of information security. A particular advantage of ISO/IEC 27001 is its worldwide distribution and the possibility of individually designing the ISMS to be modeled. The flexible extension of the standard to include use case-specific scenarios, for example for cloud services (ISO/IEC 27018), is also an advantage.

Everything from a single source

Development of an ISMS

We favor the holistic ISMS approach. Your processes are aligned company-wide with the required security level, taking into account all security-relevant processes.

Implementation

Implementation of an ISMS in accordance with the ISO/IEC 27000 series or the BSI basic protection compendium.

Flexibility

With the help of an ISMS, legal requirements or the requirements of your own IS audit can be implemented and continuously adapted.

Holistic approach

Maximum protection of the confidentiality, availability and integrity of your information and resilience of IT systems (in accordance with EU GDPR)

Creating transparency

Our ISMS supports your organization in creating transparency with regard to risks arising from business and IT processes.

Advice and support

Implementation of the BSI's technical guideline on "Security requirements for digital health applications" (BSI TR 03161).

Analyses and tests

Carrying out vulnerability analyses and penetration tests. The results of the risk analysis process and/or a so-called business impact analysis can serve as a basis for decision-making. This avoids inadequate or misguided investments that fail to meet actual needs. GAP analysis/assessment in accordance with ISO/IEC 27001 based on the requirements of the IT Security Act.

Accessibility

Establishment and operation of a contact point in accordance with Section 8b (3) of the BSI Act, so that the requirement to be reachable at all times as the operator of a critical infrastructure is met.

Security

Appointment of an external Information Security Officer (ISO).

Your advantages at a glance

Responsibility

Our external Information Security Officer (ISO) provides support with the systematic monitoring and documentation of ISM or takes on all tasks in this area.

Completeness

Operation of an information security management system (ISMS) in accordance with various standards (e.g. TISAX, ISO/IEC 27001, KAIT and BSI standard).

Optimization

Continuous improvement of the security of your information assets through systematic and automated monitoring processes.

Communication

You have a contact person for your information security issues.

Quality

Certified IT security and information security.

Tests & analyses

Conducting compliance audits and risk analyses.

Cooperation

Close cooperation with all departments involved.

Knowing what matters

Our team of experts is familiar with the various challenges associated with the introduction of an ISMS and knows how to overcome them. Among other things, it supports you in identifying and assessing risks, defining suitable security controls and integrating security practices into existing business processes. We offer you proven methods to make the implementation process run smoothly. Our goal is not only to meet your compliance requirements, but also to ensure that you can successfully integrate your risk management and compliance management into your organizational strategy. Put your trust in us: we will guide your company competently on the path to robust information security and operational resilience.

What ourcustomers say.

"Landeskrankenhilfe (LKH) is a private health insurance company. As a mutual insurance association, LKH is not tied to a group and is independent of shareholders. HBSN has been supporting us from the very beginning in further digitizing LKH and making the specialist services of the telematics infrastructure (TI) available to our customers. We use its expertise in project management and consulting on the topics of telematics, information security, data protection and partner management. With the successful establishment of the health insurance number allocation process, we have reached a milestone and will continue to rely on the proven and valued consulting expertise of HBSN for the next steps."

Pavel Berkovitch

Member of the Management BoardLandeskrankenhilfe (LKH)

"With the professional consulting and implementation support provided by HBSN, we have created and achieved another important building block "the form center" for the expansion of our digital customer service area "My Healthcare World". We thus offer a valuable contribution to our customers in the context of digital service support and at the same time fulfill the legal obligation of the Online Access Act (OZG), which requires the provision of administrative services digitally via online access for citizens. We are delighted to have taken the next successful step in the digitalization of the healthcare sector."

Johannes Kelle

Consultant for strategic online marketingAOK Sachsen-Anhalt

"HBSN supported us actively and professionally in the "GESUNDESKONTO" project with the conception, development and project coordination. HBSN's agile approach enabled us to launch the application on time and within a very short development time. HBSN was an ideal partner for the extensive integration services into our existing system because it has the necessary experience and knowledge of the processes, the system and the operation of oscare®. That is why it is now also providing maintenance and support for the "GESUNDESKONTO". It is particularly helpful for us that we have access to everything from a single source, from consulting and design to software development, maintenance and support. The consultants impress with their structured and systematic approach, their expertise and their experience and prudence."

Wilfried Ziemer

Head of Product and BrandAOK Sachsen-Anhalt

"HBSN has been involved in the project right from the start and is supporting us professionally, innovatively and with a high level of software expertise to meet the very demanding professional and technical challenges that the connection to the TI entails. The focus here is on using the most secure and state-of-the-art technologies, especially with regard to the future expansions and innovations that will arise in the context of the digitalization of the healthcare system. In addition, HBSN's specialist knowledge of the structures and the necessary networking of the individual service providers in the healthcare sector and the technologies used is very comprehensive and knowledgeable, so that our processes are understood and optimally designed. We are delighted with the excellent cooperation."

Christian Hälker

Managing DirectorPKV-Verband

"HBSN supports us in the change, release and test management project. They accompany it from the very beginning, initially in the analysis phase, through the conception phase to implementation. The consultants impress with their specialist knowledge and methodological expertise and are the designers and drivers of change. It is also helpful that HBSN has extensive industry expertise and a broad network in the German healthcare sector. As one of the few consulting companies, HBSN also works for the important external parties involved in the change process (data center and inventory system supplier)."

Sascha Porbadnik

Head of IT Service & Business IntelligenceAOK Nordost

"HBSN provided us with expert and efficient support from the analysis to the realization of the projects for the development of BIG direkt gesund's IT strategy. All consultants have in-depth knowledge and an excellent overview of the market. It was precisely from this objective position that they also provided us with convincing support as a sparring partner for technical process optimization."

Peter Kaetsch

Management BoardBIG direkt gesund

"Thanks to the in-depth expertise of its consultants and its broad focus on the German healthcare market, HBSN is an important and very reliable partner for gkv informatik in the areas of project management, IT / data center consulting, IT security and networking."

Georg Büttner

Managing Director 2013-2020gkv informatik

"Together with HBSN, we have already successfully implemented several projects in the SHI sector. Their expertise and project experience were and are the basis for a successful collaboration and make HBSN a reliable partner at our side."

Andreas Stucke

Managing DirectorMobil ISC GmbH

"We look after more than 800,000 insured persons and repeatedly use HBSN's advice on IT strategy and project management. Together, we succeed in keeping our IT strategy flexible and adapting it to the needs of our more than 1,000 employees."

Stefan Brückner

Board Representative ITVIACTIV Krankenkasse

"Even those who are unaware of their security gaps are liable for the damage as a board member. Together with the specialists from HBSN, we have systematically searched for weaknesses in our IT system and will introduce a certified ISMS system (information security management system) in the future. Together with the HBSN, we are the first health insurance company to strive for the 'Data protection for health insurance companies' seal of approval. This puts us and our customers on the safe side."

Roland Wien

Former Management BoardVIACTIV Krankenkasse