FP subsidiary is the first future De-Mail provider to receive confirmation of the security of the information domain from the Federal Office for Information Security (BSI) – Milestone en route to accreditation.
Mentana-Claimsoft AG, a subsidiary of Francotyp-Postalia (FP), is the first future De-Mail provider to receive ISO 27001 certification on the basis of IT-Grundschutz (IT baseline protection) from the Federal Office for Information Security (BSI). The certificate, which Mentana boardmember Axel Janhoff received at the BSI in Bonn on Friday, confirms the security of Mentana-Claimsoft AG’s De-Mail infrastructure.
The “ISO 27001 certificate on the basis of IT-Grundschutz” is a crucial milestone en route to accreditation as a De-Mail provider. It certifies the successful conclusion of an extensive audit, which Mentana-Claimsoft AG has undergone in recent months. “The so-called security of the information domain was examined”, explains Friedrich Hembach from the BSI. “That starts with the technical infrastructure and ends with the measures to protect against fire in the computer centre. The question of whether responsible persons have been defined for specific tasks – and whether these report directly to the executive management in order to have rapid access to the decision-makers in cases of doubt – also plays a key role.” The audit was carried out by auditors certified by the BSI. The time-consuming process usually takes several months. “Obtaining certification has placed considerable demands on us in recent weeks”, explains Janhoff. “We have documented vast quantities of existing technology and processes, provided evidence and answered questions – this naturally makes the fact that we now have the certificate even more gratifying.”
Three certificates are required in total to obtain accreditation as a De-Mail provider from the BSI. Evidence has already been provided for the area of information security as part of the ISO 27001 certification on the basis of IT-Grundschutz. A data protection certificate (as defined in article 18 (3) No. 4 of the De-Mail Act), which is issued by the Federal Commissioner for Data Protection and Freedom of Information (BfDI), is also required. And there is a function and operability test, for which, if passed successfully, the BSI issues a certificate. “We assume that our subsidiary, Mentana-Claimsoft, will soon have all the requisite evidence and will receive accreditation as a De-Mail provider correspondingly rapidly. We will finally be able to start the service at the beginning of 2012”, explains Andreas Drechsler, CSO of Francotyp-Postalia Holding AG.
De-Mail increases the level of security when exchanging documents electronically. It is a legally binding and secure communication infrastructure by which digital letters can be sent with special legal effect in Germany. The De-Mail Act provides the legal basis for this. De-Mail is of particular interest to senders who otherwise send documents in physical format, such as authorities and companies. Reminders, invoices, delivery notes, confirmations of orders, notifications, personal data or registered post with advice of receipt are examples of important mail that can be delivered completely electronically and in a legally binding manner by De-Mail in future.
Further information on the ISO 27001 certification process can be found in the press area of the BSI website at www.bsi.bund.de.
LinkedIn