Information Security Guaranteed

medavis certified according to ISO-27001:2013

medavis, Karlsruhe, Germany based radiology information system (RIS) provider, maintains an information security management system that was successfully audited and certified in 2020 by TÜV Süd in accordance with the leading ISO-27001:2013 standard. “Especially when dealing with sensitive patient data, information security is of the utmost importance and represents an essential basis for data protection. With the successful certification, the effectiveness of our security procedures has been confirmed by independent security experts and the risk for us and our customers has been significantly reduced,” explains Dr Günter Hellstern, Head of Support and Chief Information Security Officer (CISO) at medavis.

The information security management system ensures the confidentiality, integrity and availability of all data and is thus a central pillar of effective data protection in the company. The information security management system of medavis GmbH covers not only the classical IT areas, but all processes of the value chain, in particular the areas of software development, project implementation and support, which are important for our users and system operators. “This aspect is very important to us in particular because it supports the trust that our customers place in us every day,” emphasizes Dr Hellstern.

ISO-27001:2013 specifies the requirements for institutions to implement, maintain and continuously improve a documented information security management system, including the requirements for assessing and addressing information security risks. “During the audit, which lasted five days in total, we demonstrated the effective implementation of the standard in our processes. In addition, we were able to prove a high level of information security in the development of our software solutions and the operation of IT facilities using automated test suites and penetration tests,” the CISO is pleased to report.

“For our users, this means that they can fully trust medavis as a certified manufacturer to consistently implement the rules of a recognized standard. The certification according to ISO-27001 ideally complements the standards ISO-9001 for the quality management system and ISO-13485 for the quality management system for medical devices, according to which our company has already been certified for many years,” explains Dr Günter Hellstern.