For the ISMS tool verinice, the sector-specific standard B3S Krankenhaus (hospital) is now available. It supports hospitals in implementing requirements for the protection of their information infrastructure. Users can apply the standard in the IT baseline protection or in the ISM/ISO perspective. The standard is published by the German Hospital Federation. As additional content for verinice, it can be purchased via the verinice.SHOP or downloaded from the verinice.PRO repository. Please note: This B3S is only available in German.
Hospitals with more than 30,000 inpatient cases per year are considered "critical infrastructures". They are subject to special legal requirements to protect their information infrastructure. To support this, the German Hospital Federation has developed the industry-specific security standard for hospital healthcare (B3S Krankenhaus). The verinice.TEAM at SerNet has prepared this standard for verinice: For the perspective of the modernized IT baseline protection all requirements are listed as well as sector-specific threats, which can be modeled in verinice on the IT organizations. In addition, a model of a sample hospital is available, which contains sample structures and thus facilitates the introduction. For the ISM/ISO perspective, an example organization has been created, which contains all central contents of the security standard (for the exact contents see the store at https://shop.verinice.com/de/content/).
Michael Flürenbrock, verinice-Product-Owner: "We are convinced that the combination of verinice and the sector-specific standard is a great help for hospitals in securing their information infrastructure". In addition, a data protection module could be used and this sensitive area for hospitals could also be covered by verinice. SerNet managing director Reinhild Jung also points out that verinice is 100% open source and 100% "Made in Germany". SerNet GmbH is the publisher of verinice and pursues an open source strategy with completely disclosed source code. Jung: "This in particular is an important contribution to security management for critical infrastructures.
Ulf Riechen and Dirk Brand (Sila Consulting) were actively involved in the implementation of the B3S Krankenhaus for verinice. Both are long-standing verinice.PARTNERs and experts. The verinice.TEAM was able to create the now available additional content based on their work and would like to thank them explicitly for their commitment! The verinice partners are an important part of the verinice ecosystem. With their proven expertise, they advise customers, among others with specialization in the healthcare sector, and help to continuously develop verinice according to customer experiences and requirements.
About verinice: verinice is the only tool for the management of information security under OpenSource license. It is used in 4 federal states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public institutions, especially for critical infrastructures. For the industrial sector, verinice supports the ISO 27001 in addition to theIT baseline protection of the BSI and is in use here at companies throughout Europe as well as at the Council of the European Commission and European National Banks. SerNet, as the publisher of verinice, also holds the trust seals "IT security made in Germany" and "IT security made in EU".
On 4 November 2020, Know IT Göttingen, an IT trade congress for trainees, took place in the Lokhalle Göttingen. 160 participants followed the event, which was streamed due to the Corona pandemic. Among the speakers was Jule Anger, a SerNet GmbH scholarship holder, who presented her project "Embargio".
Jule Anger works as a student trainee in the "SAMBA" team alongside her computer science studies at the Georg-August University of Göttingen. In her lecture, she presented her project "Embargio": An Embargo Control Software, which is a student research project commissioned by SerNet. The aim is to be able to match sanctions lists with the help of open source software. "Embargio" is to be freely available on GitLab from January 2021. The URL embarg.io is projected.
Know IT is an event for professional exchange and IT career orientation. The speakers are all IT trainees, the participants are final-year or pre-degree students. The joint organisers are gpdm mbH, the IT-InnovationsCluster Südniedersachsen, the Federal Employment Agency Göttingen and the Gesellschaft für Wirtschaftsförderung und Stadtentwicklung Göttingen mbH (GWG).
Starting their apprenticeships, young people at SerNet GmbH in Göttingen once again seized their chance and launched into working life. Whether training, studies or thesis work: SerNet enables and supports a wide range of options for optimally promoting young talent - even in the corona pandemic. A total of 11 trainees and students are currently employed by SerNet.
Thomas Pach began his IT specialist training in system integration in the ITSEC department. Felix Ducke and Tim Herwig are already in their third and second year of training respectively. The winwerk-Team is also training an IT specialist in system integration: Oskar von Ohlen has just started his second year of training. Niklas Spuck is a trainee IT specialist in application development and enriches the SAMB team.
A new addition to the SerNet administration team is a dual student who is starting her Bachelor's degree in Business Administration. SerNet is a partner company of the VWA Göttingen and the University of Cooperative Education Göttingen. Parallel to the three-year Bachelor's degree course, students at SerNet complete their training as office management assistants with a final IHK examination.
SerNet supports former trainees in their subsequent studies: Jonas Reineke and Lukas Henze take advantage of this opportunity. They work with a working student contract during the lecture-free period as fully trained IT specialists in their former training areas. There is also a working student in the Samba team - she is studying computer science at the Georg-August-University of Göttingen.
Training options are also available at the Berlin location in the verinice team. Here SerNet cooperates with the Berlin University of Applied Sciences. Since the beginning of August, Yasmine Khemiri has been working as part of the team on her master's thesis for the Business Informatics course with a focus on IT management/project management. Finn Westendorf is beginning his final year of training as an IT specialist in application development. Most recently, Tatjana Anisow successfully completed her extra-occupational master's degree in Security Management at Brandenburg Technical University.
Are you interested in a career opportunity with SerNet? The ITSEC department is currently looking for a trainee IT specialist in system integration to start training in August 2021. The verinice team will also be offering a training position as an IT specialist in application development from August 2021. For more information, please visit our Open Positions page. We are also happy to discuss the possibility of writing a scientific thesis with us.
SerNet GmbH uses the seal "IT Security made in EU" from now on. The trust mark is an initiative of TeleTrusT, the German IT Security Association, and complements the already established "IT Security made in Germany".
To be allowed to use the trust mark "IT Security made in EU", companies must commit themselves to binding criteria. These include, among other things, that offered products may not contain any hidden access points (no "backdoors") and that the requirements of the EU General Data Protection Regulation are respected. Further details on the initiative and the criteria can be found on the TeleTrust website.
TeleTrusT is, according to its own statement, the largest competence association for IT security in Germany and Europe. SerNet is a member since 2015. Currently, 60 TeleTrusT members have applied to use the "IT Security made in EU" mark.
The City of Berlin has extended its contract with SerNet GmbH for the use of the ISMS tool "verinice". For another four years, the state administration institutions will thus use this widely used OpenSource tool for managing information security. The contractual partner on the side of German's capital is the IT Service Center "ITDZ - IT-Dienstleistungszentrum Berlin". The ITDZ Berlin also uses verinice for its own purposes and was the first company to receive the BSI certificate according to the modernized IT base line security "IT-Grundschutz" in 2018.
Besides the use for the management of information security, verinice is also used for data protection management. For this purpose, the Berliners use a SerNet data protection module specially designed for the modernized IT-Grundschutz. The tool can be used in all Berlin state institutions - the institutions in the immediate vicinity of the Berlin state administration with main and 11 district administrations, including the 9 senate administrations and their subordinate authorities, institutions and companies - such as Berlin's vocational schools.
Karsten Pirschel is IT Security Officer at ITDZ Berlin and welcomes the continued cooperation: "We are able to enable the rapid adaptation of the modernized IT-Grundschutz and the possibility of using it from school operations to KRITIS environments via a central tool in the City of Berlin".
Michael Flürenbrock, verinice Product Owner, is excited about the continuation and expansion of the long-standing cooperation: "verinice is mainly created at the SerNet location in Berlin - 100% made in Germany. We are particularly pleased that our product is to be used throughout the country, especially here". SerNet managing director Reinhild Jung adds: "It is great that the state of Berlin is also following our open source strategy: Fully disclosed source code is an important contribution to security management".
About verinice: verinice is the only tool for the management of information security under Open Source license. It is used in 4 German federal states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public institutions, especially for critical infrastructures. For the industrial sector, verinice supports ISO 27001 in addition to IT-Grundschutz and is in use here at companies throughout Europe and also at the Council of the European Commission or European National Banks.