Next to the existing certifications ISO 27001 and NEN 7510 (the norm for information security in Dutch healthcare), Minddistrict is now ISAE 3000 conform. But what do these standards and certifications mean? We tell you more about it in this blog article.
For starters: What is this about?
ISAE 3000 is about information security. Just like our other certifications, like ISO.
Information security means that the data of our customers is safe. In concrete terms, this means: is data available when it's requested? Is the data correct and complete? And is the data treated confidentially?
And how does that work?
If I ask you ‘How do you secure a bank?’, you probably automatically start painting a picture in your mind on how that's done. But ask ‘How do you secure information?’, and that probably seems more difficult to explain.
Actually, the difference is not that big. You secure information by taking all possible technical and organisational measures to prevent anything from happening to the data.
In a bank, you take care to use a good strong safe (technical measure). And you make sure, that not everybody who enters the bank can enter the safe. You leave this to specific employees, who follow a specific protocol (organisational measure). The same goes for data.
ISO and ISAE are about information security
What do these certifications mean?
Minddistrict already has several information security certifications, such as NEN 7510 and ISO 27001. Simply put, these certifications show that we take the right measures and stick to them. That creates trust. You don't take your money to a bank if you think it's unsafe. The same applies to an ehealth platform. Our customers must be able to trust that we have our affairs in order. ISO, and in the Netherlands NEN, provide this trust.
A certification shows that a company has taken measures to ensure data security
So why did we go for the new ISAE certification? Why is it needed?
There is good. And then there's excellent. To come back to the example of the safe: there is a good, strong safe. And then there is a fantastic, unbreakable safe. The kind of safe you'd see in films like ‘Mission impossible’.
ISO and NEN are good, solid and robust. And then there's ISAE 3000, which is the very highest standard when it comes to information security.
What does the “3000” mean in the certification?
We don’t want to confuse you too much with the number.In fact, there is a whole range of number sets: ISAE 3402, for example, deals with financial reporting. And ISAE 3000 is about the delivery of an IT-environment or IT-service.
Minddistrict is a software platform. We offer software-as-a-service. And ISAE 3000 is an internationally recognised information security standard that focuses on this type of service.
ISAE 3000 is an internationally recognised standard for IT-services and the highest standard for information security
To be precise: Minddistrict has the ISAE 3000 Type 1 C5 certification. What does that mean exactly?
A distinction is made between Type 1 and Type 2. You can think of Type 1 as a photo, and of Type 2 as a film.
Minddistrict currently has a Type 1 certification. This describes a snapshot, i.e. a measurement at a specific time and date. You take a photo, so to speak, to show that all control measures are properly implemented at this point in time.
Type 2 is even more secure. Think of it as a film: it shows that all measures have worked for a whole year. Minddistrict has just taken the photo, and we have started making the film. The next step for us is to become Type 2, but that will take time.
And what about C5?
C5 is an abbreviation and stands for Cloud Computing Compliance Criteria Catalogue. This is a framework of requirements for secure cloud computing services. It was developed by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik).
What's interesting about all this, is that the really big professional cloud providers such as Microsoft, Atos, IBM, etc. opt for ISAE 3000 to reassure their customers. This is the highest standard that can be achieved and goes beyond ISO. And Minddistrict now has it too.
Why is the certification so important to Minddistrict?
We know we're not as big as the providers mentioned above. So why would we want ISAE 3000?
Well, Minddistrict is active in Germany: German hospitals also use our ehealth platform. And according to new regulations in Germany, public organisations – including hospitals – are only allowed to work with suppliers that have this ISAE statement. And now we have it.
Because ISAE 3000 is an internationally recognised standard, it's not only useful in Germany. So no matter whether you're using Minddistrict in the Netherlands, Denmark, Belgium, Germany, or one of the other countries, you have the reassurance that Minddistrict's information security is not just good, but excellent.
A short summary:
Minddistrict has a new certification for information security. There was already ISO, and in the Netherlands NEN, but now there is also the ISAE 3000 type 1. ISAE is an internationally recognised standard and the highest standard you can achieve in the field of information security. If healthcare organisations or people using the Minddistrict platform have concerns about data security, these certifications help provide reassurance and trust.
Want to know more?
If you want to hear more about this or other certifications, or want to talk to someone from our compliance team:
Contact us!
Or watch this video in which our colleague Cristina explains what compliance is: