Seal of approval from TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, confirms the security of the solution for rehabilitation providers.
Because information security is of high importance to opta data Abrechnungs GmbH, the company had its application “Rehasportzentrale” certified by TÜV TRUST IT. To achieve this, classic internet threats were simulated through various scenarios, and the corresponding IT infrastructure was also examined.
The opta data Group, with more than 50,000 customers, offers solutions ranging from billing and innovative industry software to business consulting and professional marketing. The group employs over 2,000 people across 19 independent companies. Information security is a key component of all solutions and services offered by the group. For this reason, opta data had the “Rehasportzentrale” application reviewed and certified for security. This system solution for rehabilitation sports providers enables paperless documentation and billing of rehabilitation sports measures and functional training.
For certification under “Trusted Device,” a tiered procedure of the “Trusted Application” certification was applied. As part of an audit according to “Trusted Application,” assessments are conducted in the categories of security management, operations, technical security, and data protection. The requirements catalog is based on various standards and laws (e.g., ISO 27001, BDSG, ISO 27033), as well as TÜV TRUST IT’s own criteria and common best practices in information security. The “Trusted Device” audit focuses solely on the evaluation of technical security—in the case of the “Rehasportzentrale” application, this includes an examination of the end devices, transmission paths, and backend security. This approach allows for a future expansion of the certification scope to “Trusted Application” if needed.
The certification audit according to “Trusted Device” is divided into several steps. These include an analysis of the infrastructure and services as well as the application from the perspective of both unauthorized and authorized users. Additionally, an analysis of the internal infrastructure is carried out. These sub-scenarios simulate classic threats from the internet. For the analysis, both publicly available tools and proprietary tools from TÜV TRUST IT were used. All tool-based results were manually verified to eliminate potential false positives.
“We’re pleased to have received the TÜV certificate on our first attempt. We’re very proud of the result,” says Burkhard Ugolini, Head of Organization/IT at opta data Abrechnungs GmbH.
The goal of the analysis was to assess the entire accessible infrastructure of the application complex at the network and service level. In addition to the external view of the infrastructure, the offered services were also checked for their currency and patch status.
“No vulnerabilities were found during the certification process that could potentially compromise the secure transmission of rehabilitation sports data,” explains Stefan Möller, Head of Sales at TÜV TRUST IT, justifying the issuance of the certificate.