Skip to content 
CareSocial GmbH
C5 compliance in the healthcare sector in record time
CareSocial GmbH
CareSocial GmbH is a software provider from Dresden, specializing in web-based care software for the healthcare and social services sector. Since 2007, the company has been developing secure, user-friendly cloud solutions for outpatient and inpatient care facilities with a particular focus on data protection and process optimization.
Location
Dresden, Germany
size
11-50 employees
Industry
IT services / maintenance software
Solution
C5 testing
Before SECaaS - the initial situation
As an innovative cloud service provider, CareSocial developed secure care software for the healthcare sector. However, with the introduction of the new Section 393 SGB V “Cloud use in the healthcare sector”, CareSocial was suddenly under pressure to act:
A C5 certificate was required at short notice to legally secure the operation of the cloud services.
Although the highest security standards were already established in the company, the formal documentation for an audit was missing.
The challenge:
How can a complete ISMS and risk management system in accordance with the C5 standard be set up in the shortest possible time – without affecting business operations or agile development processes?
As regulatory pressure grew, it became clear that the legal deadline for C5 testing could not be met without a structured approach.
The challenge
CareSocial had state-of-the-art cloud infrastructure and strong security awareness – but formal C5 testing presented new challenges:
Complete documentation of all safety measures was missing
Internal processes and guidelines did not yet fully comply with the C5 criteria
Technical and organizational measures had to be demonstrably implemented under high time pressure
The agile development approach must not be impaired by the new compliance requirements
There was a lack of routine in dealing with formal audits and certification procedures
With the fixed deadline for the C5 test certificate in mind, CareSocial was faced with the challenge of reconciling security, agility and documentation requirements in the shortest possible time.
The solution through SECaaS
SECaaS.IT started with a structured C5 compliance program based on the PRISM platform and personal consulting.
The following steps were implemented together with the CareSocial team:
Analysis of the existing cloud infrastructure and security processes
Creation of a customized ISMS according to the C5 standard
Development and implementation of guidelines and document templates
Carrying out a complete risk assessment according to C5 criteria
Development of a technical and organizational catalog of measures
Assistance with internal preparation for the external audit
The entire process was successfully completed within a few weeks – without disrupting business operations and with close coordination betweenIT, management and SECaaS.IT.
"The new legal situation initially gave us a headache. A C5 test certificate in such a short time seemed impossible. But with SECaaS.IT at our side, everything went amazingly quickly - today we not only have documented security, but are also well prepared for the future."
Johannes Kersten, Managing Director, CareSocial GmbH
After with SECaaS - the results
#
Before
Afterwards
1
2
3
4
5
No complete documentation of safety measures
High time pressure without a clear project plan
Lack of preparation for the C5 audit
Risk of missing legal deadlines
Agility and business operations at risk
Complete ISMS and risk management in accordance with the C5 standard
Structured roadmap with rapid implementation
Smooth audit with successful C5 Type 1 testing
Timely certification before the end of 2024
Compliance ensured without compromising agility
Conclusion
With the PRISM platform and personal advice from SECaaS.IT, CareSocial was not only able to achieve C5 compliance in a short time, but also establish a viable information security management system.
The path to legal C5 Type 2 testing is now prepared – without affecting ongoing operations, without uncertainty.
Next step
Would you like to find out how your company can meet legal requirements such as C5 or ISO 27001 quickly and in a structured manner?
Or how you can strengthen your IT security strategy in the long term?
Secure a free initial consultation with our experts now.
Together we will find out where you stand – and how we can achieve your goals safely and efficiently.
Stay informed -
Resources
Important insights, practical tips and innovative solutions for your IT
DORA Regulation – New requirements for digital resilience in the financial sector from 2025
