Tool Trused by
What is B3S and How We Can Help?
B3S is an industry-specific standard in the healthcare industry that provides clear requirements and measures for operators of critical infrastructures such as hospitals to implement an information security management system. The German Hospital Association has created the standard to improve information technology security in the industry.
Compliance Aspekte is a comprehensive solution that supports B3S implementation and helps companies in the healthcare sector implement an ISMS. With Compliance Aspekte, you can efficiently apply the standard across your entire organization.
B3S Compliance Made Easy with Compliance Aspekte
Testimonials
We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process. Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with such compliance aspects and rules before. So we decided to get third-party assistance and signed up with Compliance Aspekte. Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.
The three-day workshop from expertree consulting GmbH helped us establish more detailed steps for implementing our information security and data protection management system in our company. During the workshop, we were able to directly model our individual company processes, the unique requirements, and the current status in the holistic GRC solution, the Compliance Aspekte. The additional possibility of completing the seminar with a certification as a “BSI practitioner” from the Federal Office for Information Security gives us the secure feeling that we are well prepared for the future and found a suitable solution with Compliance Aspekte.
Constantly evolving regulations such as BSI IT-Grundschutz and GDPR are a must for us as a healthcare organization. As critical infrastructure providers, we need reliable and customizable compliance software. It was easy to adapt Compliance Aspekte to our processes. We can assess our clinic’s areas and processes in terms of security and data privacy. Besides, it enabled us to maintain a complete compliance record for the BSI IT-Grundschutz and GDPR (DSGVO) audit.
Quick glance
at the Compliance Aspekte system
- Each B3S requirement has a detailed description.
To make the assessment easier and more transparent, the requirements are displayed in detail and can be assessed separately. This greatly simplifies the decision-making process regarding the compliance state.
Each company has to analyze requirements and identify the necessary controls. Some controls will already be fully in place, some might need reviews and extensions.
SCM is the perfect place to manage requirements, and their controls, track those and plan necessary steps via tasks.
We provide consulting and advice on the integration of the B3S standard into your ISMS.
- Industry-specific threats
The B3S standard contains the list of industry-specific threats. In addition, threats from other catalogs (e.g. IT-Grundschutz threat catalog) can be added to the risk analysis.
Compliance Aspekte allows users to perform holistic analysis and reporting of all the relevant standards and policies in one view. It might be needed as the requirements according to § 8a paragraph 1 BSIG can also be met in other ways than those described in the B3S standard.
- Easy start of the B3S integration
Compliance Aspekte provides a sample of the modeling specifically for the hospitals. This sample contains the asset structure & linking of the modules with the requirements, as well as threats. We provide the tool-based documentation kit to compliance according to the B3S standard.
Furthermore, we provide consulting and advice on the integration of the B3S standard into your ISMS.
- Task Management
Task Management module of the Compliance Aspekte tool allows efficient management of all the tasks for
the requirements implementation as well as controls execution. It transparently prioritizes the list of work to be done.
Reporting to auditors or management contains all the needed information. Dashboards that are tailored to the specific project, scope, or process are used for an overview, decision-making, and planning purposes, and clearly show the status of information security in your organization in tables and graphical views.
Process of B3S Implementation with Compliance Aspekte
To ensure an efficient compliance process, Compliance Aspekte provides users with the following features:
- Modelling of the security concept by selecting necessary business processes, applications, and IT systems
- Grouping of assets in a hierarchical structure and their transparent visualization
- Defining protection needs and automatic inheritance of requirements
- Defining protection goals
- Custom fields for adjusting to the depth of data of assets
- Representation of assets in both tree and table view, including options to edit, bulk-edit, arrange, group, sort, filter, and export data to Excel or CSV format
- Standard report creation with the asset name, type, subtypes, description, and links
The users define the security requirements and fully model their concept as well as prepare the details for the test plan and carry out the compliance test.
Compliance Aspekte offers:
- Automatic assignment of modules, requirements, and measures
- Monitoring of the implementation status of defined measures, requirements, and the general compliance status of assets
- Bulk editing of data, e.g., changing the realization status of requirements and measures for multiple assets
- Assignment of responsible managers for task fulfillment and control
- Data visualization in table view with different perspectives
- Standard and custom reports
Compliance Aspekte has an in-built qualitative risk management workflow based on BSI IT-Grundschutz that comprehensively covers all stages of an organization’s risk management.
Compliance Aspekte includes:
- Qualitative risk analysis based on IT-Grundschutz, which allows the user to quickly determine which risks an organization should focus on
- Automated risk analysis of assets that have high and very high protection requirements
- Standard catalog of threats with included 47 elementary risks and the possibility to create user-defined ones
- Flexible risk matrix represented in 4×4 or 5×5 format
- Various dashboards to visualize risk profiles
- Risk analysis reports
Other standards we support
Test for Free
FAQ
It is an industry-specific standard for critical industries, also known as KRITIS sectors in Germany. It was created by industry associations for CI’s and approved by the BSI. The B3S standard represents the essential requirements for an ISMS and industry-specific security measures for IT systems.
The B3S standard for the healthcare sector focuses on
– Development and implementation of an Information Security Management System (ISMS)
– Development and implementation of a Data Protection Management System (DPMS)
– Development of a Risk Management System
Not long ago, implementing the B3S standard was not obligatory in hospitals covered by KRITIS. However, with the high risks of damage that cyber threats can cause the critical healthcare infrastructure, starting from January 1, 2022, all hospitals in Germany have been legally obliged to implement the industry-specific security standard approved by the BSI IT-Grundschutz.
Thus, it has been compulsory for all hospitals to take state-of-the-art organizational and technical precautions to avoid disruptions to data availability, integrity, and confidentiality.
Compliance Aspekte is a comprehensive GRC solution with everything you need in one platform for successful compliance:
– Information security management
– Data protection management
– Risk management
The solution helps you to easily comply with B3S as well as with other standards.
Compliance Aspekte is not limited to B3S only. It supports GDPR, TISAX, ASPICE, ISO 9001, ISO 1400, ISO 22301, ISO 27001, ISO 27019, ISO 31000, BSI IT Grundschutz, and other standards on our customers’ demand.
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.
