C5 certification for RehaCom®

Cloud security tested according to BSI standards

Logo mit Hinweis auf C5-Testat nach BSI-Kriterien für Cloud-Sicherheit.

At RehaCom®, IT security and data protection are not optional extras, but fundamental prerequisites for the responsible use of our software in therapeutic and medical contexts. Precisely because users cannot check the internal security measures of a software product themselves, we rely on transparent, external audits.

For this reason, RehaCom was tested in accordance with the Cloud Computing Compliance Controls Catalogue (C5) of the German Federal Office for Information Security (BSI) and has received C5 certification.

What does the C5 certificate mean?

The BSI's C5 catalog is currently the most comprehensive and important security standard for cloud products in Germany. It defines detailed requirements in areas including:

  • Information security management
  • Data protection and data processing
  • Access controls and permissions
  • Operational safety and availability
  • Incident and risk management
  • Traceability and transparency of processes

The audit is conducted by external, independent auditors and requires an established information security management system that complies with internationally recognized standards such as ISO/IEC 27001.

Significance of C5 testing for RehaCom®

The C5 certificate confirms that:

  • RehaCom's security-related processes and technical measures are documented, implemented, and appropriately designed
  • RehaCom® systematically meets the BSI's requirements for a secure cloud product
  • there is a high degree of transparency and traceability vis-à-vis customers, partners, and public authorities

Security as a continuous process

For us, the C5 certification is not a one-time milestone, but part of an ongoing process. Our security and data protection measures are regularly reviewed, further developed, and adapted to new legal, technical, and organizational requirements.

This is how we ensure that RehaCom® remains a trustworthy, secure, and compliant platform for therapists, institutions, and patients in the long term.