Topic
Security Requirements and Implementation Tips – Also for General Healthcare Applications
Are you a provider of a digital solution in the healthcare sector or planning to launch one?
Then it’s essential to familiarize yourself early on with the relevant security requirements and regulations – especially with regard to the BSI Technical Guideline TR-03161.
Since January 1, 2025, certification according to TR-03161 is mandatory for all DiGA and DiPA applications under Section 139e SGB V. The guideline defines comprehensive security standards for:
- Mobile applications (smartphone/tablet)
- Web applications
- Backend systems (servers/cloud infrastructure)
It integrates international standards such as OWASP ASVS, MASVS, and WSTG to ensure a high level of security.
Register now and discover valuable insights and practical experiences regarding the audit of your DiGA/DiPA application.
What should you pay attention to, especially in relation to the BSI TR-03161 audit?
Prepare your application optimally with expert knowledge!
At the end of the online session, our experts will be available for questions and discussion.
Training dates
No dates are currently available.
Webcast Content
Experience and Best Practices:
Which typical security aspects should you consider early in the development of your digital healthcare application?
BSI TR-03161 Auditing:
What is required for a successful audit of your application?
We’ll show you how to best prepare for the BSI audit and which steps are crucial.
Security Review and Data Protection:
Which preparatory measures in the areas of data protection and your Information Security Management System (ISMS) are useful to minimize the effort involved in the audit?
Lessons Learned:
Which mistakes can you avoid?
What have other DiGA/DiPA providers learned from their experiences?
Practical Steps:
Find out when the best time for the audit is, what the preparation looks like, and how to structure your approach effectively.
Experiences with the BSI:
How does the BSI handle specific topics in audit results?
What does the communication process look like?
Key topics
- Establishing an ISMS
- Conducting protection needs analyses
- Ensuring secure software development
- Data protection management
- Auditing according to BSI TR-03161
Your benefits
- Take away best practice insights
- Save time and money during development
- Gain valuable information for the approval process of your DiGA/DiPA
Speakers
- André Zingsheim / Hendrik Dettmer, TÜV TRUST IT
- Sebastian Schulz / Thorsten Krebs, TÜV TRUST IT
- Holger Hinzmann, TÜV TRUST IT
Information & Contact
A few days before the webinar, we will send you a MS Teams link for you to join.
For any questions, please contact veranstaltungen@tuv-austria.com
Register for a Webcast
"*" indicates required fields