The DQS certification according to the ISMS standard ISO 27001 helps aLIVE-Service GmbH to optimally protect sensitive patient data and thus to stand out from the competition. Consistent adherence to the security requirements of ISO 27001 certification ensures that the full-service and IT provider for health insurance companies and companies in the healthcare market can process sensitive health data with a higher level of quality and security than would be possible for the health insurance companies themselves.
ISMS certification as a key factor of the entire business model
Information about a person's health status is undoubtedly one of the most sensitive areas when it comes to data protection. Handling this information in a legally compliant and secure manner is simply necessary. After all, the patient data stored and processed here would be worth its weight in gold for many. Whether it is pharmaceutical companies, insurance companies, employers or hackers, such information could all become cash. That's why this data is also legally considered to be in need of very special protection.
Especially for organizations working in the healthcare sector, a suitable data protection concept is essential. This is the only way to prevent the misuse of sensitive information. Because of this, information security has been at the top of aLIVE-Service's agenda from the very beginning.
The Magdeburg-based full-service and IT provider offers statutory health insurers and companies in the German healthcare market various back-office solutions. This involves, for example, the provision of services in the areas of premium collection, receivables management, bonus, children's sick pay and hardship case processing, call center services, income verification, long-term care insurance, statutory benefits or the ePA helpdesk for insred persons (ePA-VHD).
"An ongoing Information Security Management System (ISMS) is quite important to close vulnerabilities and minimize risks. After all, we handle a large amount of sensitive patient data every day, which must be protected at all costs," emphasizes Martin Behmann. For the managing director of aLIVE-Service, process quality and security have therefore been the cornerstones of the company's philosophy ever since it was founded in 2013.
aLIVE-Service GmbH with a certified management system according to the ISMS standard ISO 27001.
In order to stand out from the competition and meet the performance requirements of its customers in the best possible way, aLIVE-Service relies on high standards in this regard, which the company regularly has certified. It is not without reason that certifications have now become one of the key factors in the overall business model, says Behmann:
This is not just about sending a signal to our customers. Rather, it is about the binding enforcement of processes and quality standards throughout our entire company in order to permanently maintain the highest possible quality that we strive for.
Management systems as the basis for business success
To this end, aLIVE-Service has had its quality management certified every year since 2014 in accordance with the well-known ISO 9001 standard. The focus here is on key factors critical to success, such as the efficiency of internal processes or service quality.
The company also sets an example in environmental protection by complying with the standard requirements of ISO 14001. Due to constantly growing environmental regulations and increasing demands from customers and authorities, it is of great importance for the Magdeburg-based company to have a sustainable environmental management system in accordance with the well-known ISO standard and to attach great importance to the responsible use of natural resources.
However, the centerpiece in terms of information security is now the certification according to the ISMS standard ISO 27001, which the company has had carried out by DQS since 2019. The standard for information security - officially ISO/IEC 27001:2017 - applies worldwide and helps to establish, implement and continuously develop a functional information security management system (ISMS) in organizations.
Care must also be taken to ensure the availability of the IT systems involved. The requirements of the internationally recognized standard are generally applicable. They apply to private and public companies as well as non-profit organizations.
Good experiences - always on the safe side with DQS
"A colleague recommended working with DQS to us. It's not for nothing that DQS has a reputation for having the routine and ability to quickly identify the strengths and weaknesses of companies. The unconventional help we were offered immediately in order to be able to participate in a tender at short notice once again strengthened our decision. DQS reacted flexibly in terms of time and carried out the audits faster than originally planned," says Managing Director Behmann.
For the certification, aLIVE-Service went through a multi-stage certification process together with DQS: "For this purpose, an auditor came to our company and started with an analysis and evaluation of whether our management system is at all ready for certification or whether the requirements of the ISMS standard are at all applicable to our existing management processes," reported Behmann. DQS then prepared an offer tailored to aLIVE-Service's individual needs."
"A colleague recommended that we work with DQS."
This is because each certification is planned individually - tailored to the respective circumstances and company goals. To this end, DQS auditors bring many years of industry experience in evaluating information security and other management systems. With their expertise, they provide valuable impulses on how to further develop the management system and increase its performance.
With a view to the ISMS standard, the aspects examined at aLIVE-Service included the following
- Information security policies and their organization
- Access rights to data and user responsibilities
- Cryptography of information as well as its physical and environmental security
During the audits, however, not only IT processes were examined. The auditors also took into account aspects of the company infrastructure such as organization, personnel and buildings.
aLIVE-Service met all the requirements without complaint and was ultimately awarded the ISO 27001 certificate by the independent certification board of DQS.
ISMS standard ensures greater confidence
Of course, one-time certification is not enough. Every year, key components of the management system are re-audited on site in order to achieve further improvements. aLIVE-Service even employs a full-time staff member who prepares the internal enforcement of the external audits and continuously commits the company's employees to compliance with the standard requirements, supporting and training them in the process.
In this way, in addition to permanent documentation and auditing, the company also succeeds in developing a quality culture and a culture of preventing and remedying errors, which is of central importance in the continuous detection of weaknesses in the company's processes and services. In this way, daily compliance with the company's own specifications from ISO certification ensures that aLIVE-Service can process the personal data of the health insurance, in some cases with a higher quality than would be possible for the health insurance itself.
External auditors from the health insurance companies also check whether the ISMS standard requirements are being met. Here, at the latest, the proof of success of the consistent work becomes apparent: "The positive audit results, which regularly take place without any complaints, are unparalleled in a competitive comparison. We enjoy a high level of trust from our customers."
"With our ISO 27001 certification, we can objectively and credibly demonstrate the effectiveness of our information security management system."
Existing risks are regularly identified, analyzed and remedied by qualified measures. In this way and with the experience gained, aLIVE-Service protects confidential data and improves the integrity and availability of its services.
However, the certificate is not just another document that aLIVE-Service hangs on its wall. For Behmann, certification must also be brought to cultural life within the company: "Every single employee should learn to keep their eyes open. In this respect, it is above all the management that is called upon. The boss is the quarterback, so to speak, who should carry his team along, motivate the employees and share his experiences. Because those who have stopped wanting to be better have stopped being good."
aLIVE-Service-Gmbh – Figures, facts and data
aLIVE-Service GmbH supports health insurers and companies from all over Germany with customized back-office solutions and provides services and IT solutions for companies in the German healthcare market. This includes a wide range of services, ranging from employer services (collection of contributions, mandatory notification procedure), receivables management (insolvency processing) and insurance service (collection of self-payers contributions, family insurance, income review), to other services (bonus and hardship case processing, call center, children's sick pay, sick pay case management and care services).
Background to the ISMS standard
The international ISO 27001 standard for information security management systems (ISMS) applies worldwide. It provides organizations of all sizes and industries with a framework for planning, implementing and monitoring information security, which goes well beyond IT security. The requirements are generally applicable and apply to private and public companies as well as non-profit institutions. We would be happy to help you if you want to have the information security of your company or organization certified.
DQS: Simply leveraging Quality.
DQS specializes in audits and certifications for management systems and processes. With over 35 years of experience and the expertise of 2,500 auditors worldwide, the Frankfurt-based company is a competent partner for management.
DQS audits according to about 200 recognized standards and regulations or according to specific requirements - regionally, nationally and internationally. Impartiality and objectivity are essential elements for DQS when performing audits and certifications. And this applies not only to the normative areas, but also to the performance of all audit activities.
Do you have any questions?
Without obligation and free of charge.
We look forward to talking to you.