TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, confirms compliance with data protection and data security criteria
To ensure their digital services offer users the highest level of security, azh myYOLO Deutschland GmbH had its application “azh myYOLO SIGN” reviewed and certified by TÜV TRUST IT according to the “Trusted Device” standard.
azh myYOLO Deutschland GmbH is a subsidiary of NOVENTI HealthCare GmbH, the national market leader in the healthcare sector for pharmacies and other service providers. For over 30 years, the azh brand has stood for secure billing with statutory health insurers and private invoicing, as well as innovative software solutions. With various additional services and comprehensive IT offerings, the company provides therapists and other healthcare providers with innovative and customizable solutions for efficient practice and therapy support. azh myYOLO focuses on web-based complete solutions for health sports, aiming to generate benefits such as financial security, time savings for higher-quality therapy services, and improved therapy outcomes.
Information security is a strategic corporate goal at azh myYOLO. Against this backdrop, the application “azh myYOLO SIGN” version 3.3 was reviewed and certified for security.
With “azh myYOLO SIGN,” contracts, memberships, and invoices for health sports providers are not only created and sent digitally. The complete solution also meets the requirements for digital billing in rehabilitation sports. The required signature can be captured either via a connected signature pad or a touchscreen device.
For the “Trusted Device” certification, a tiered procedure of the “Trusted Application” certification was applied. As part of a “Trusted Application” audit, assessments are conducted in the categories of security management, operations, technical security, and data protection. The requirements catalog is based on various standards and laws (e.g., ISO 27001, BDSG, ISO 27033), as well as TÜV TRUST IT’s own criteria and common best practices in information security. The “Trusted Device” audit focuses solely on the evaluation of technical security—in the case of the “mY SIGN” application, this includes an examination of the end devices, transmission paths, and backend security. This approach allows for a future expansion of the certification scope to “Trusted Application” if needed.
The “Trusted Device” certification audit is divided into several steps. These include an analysis of the infrastructure and services, as well as the application from the perspective of both unauthorized and authorized users. Additionally, an analysis of the internal infrastructure is carried out. These sub-scenarios simulate classic threats from the internet. The goal of the analysis was to assess the entire accessible infrastructure of the application complex at the network and service level. In addition to the external view of the infrastructure, the offered services were also checked for their currency and patch status. For this, both publicly available tools and proprietary tools from TÜV TRUST IT were used. All tool-based results were manually verified to eliminate potential false positives.
“It is important to us not only to give our users a strong sense of security, but also to ensure the highest possible level of actual security,” emphasizes Holger Lerch, Managing Director of azh myYOLO Deutschland GmbH. “We have met this standard with the TÜV certificate we received.” Praise also comes from the certifier. “We found no vulnerabilities in the technical architecture or operations during the certification process,” explains Mohammad-Kheri Murad, Consultant at TÜV TRUST IT, justifying the issuance of the “Trusted Device” certificate.