Project Example: E&R AG
The pension manager and the LuGIS portal of Entgelt & Rente AG have successfully undergone an audit by the TÜV TRUST IT GmbH group TÜV AUSTRIA. The certification was based on the “Trusted Application” catalogue of requirements.
Initial situation
Entgelt & Rente AG’s pension manager offers employers a service tool for the complete handling of company pension schemes. Entgelt & Rente AG uses the LuGIS portal to process its outsourcing offer in the field of payroll accounting for companies with additional modules (e.g. holiday and time management). Not only employers can access information at any time via the two web portals.
The pension beneficiaries or employees also have access to their pension or salary data and documents via their own accounts. Entgelt & Rente AG has commissioned TÜV TRUST IT to test and certify the applications in accordance with the “Trusted Application” catalogue of requirements so as to prove to its customers that they meet the required quality and security standards.
Approach
On the basis of the TÜV TRUST IT catalogue of requirements “Trusted Application”, the pension manager and the LuGIS portal were checked with regard to data security and data protection. The areas of information security, data protection, secure software development and technical security were taken into account. The catalogue of requirements “Trusted Application” is based on standards and laws (including ISO 27001, BDSG, ISO 27033, ISO 15504) as well as special criteria of TÜV TRUST IT.
Due to the certification procedure of TÜV TRUST IT with the consideration of IDW requirements, Entgelt & Rente AG had the opportunity to have the application and the offered services efficiently certified according to IDW PS 951 by an auditing company.
The project procedure was divided into different steps. In addition to a technical examination of the infrastructure, the relevant organisational processes for the administration of the applications and the infrastructure were also examined. The organisational analyses were carried out on the basis of document checks and supplementary interviews. Finally, the included data protection check checked that customer data had been handled in accordance with data protection regulations.
“The pronounced awareness of the need to handle highly sensitive personal information in compliance with data protection regulations is particularly positive,” explains Stefan Möller, Head of Sales at TÜV TRUST IT GmbH, group TÜV AUSTRIA.
Benefits
With the certification of the TÜV TRUST IT GmbH, group TÜV AUSTRIA, Entgelt & Rente AG can now prove to its customers that the customer data on their applications is secure. “We manage sensitive personal data for our customers.
Therefore the topic of data protection is particularly important. With the TÜV TRUST IT seal of approval, we can give our customers the assurance that their data is effectively and permanently protected”, explains Anabel Meichsner, member of the Management Board of Entgelt & Rente AG.
