Skip to main content

1. Introduction

As x-tention's core competencies lie primarily in the provision of IT services within health and social care, the security of processed information and the protection of personal data (e.g. health data) against unauthorised access and unlawful modification are of critical importance. Furthermore, as a service provider, delivering high-quality services is essential. To ensure this, x-tention operates a management system for information security, data protection and quality – the x-tention Management System (xtMS).

x-tention's Information Security Management System (ISMS) has been certified to the ISO/IEC 27001 standard since early 2011. This standard describes a model for the establishment, implementation, operation, monitoring, review, maintenance and improvement of a documented ISMS. The focus is not limited to IT security alone, but encompasses the protection of information in its broadest sense (information security) and represents a strategic decision by the company.

Since late 2018, x-tention's Data Protection Management System (DPMS) has also been certified – and since 2021 to the ISO/IEC 27701 standard. This certification confirms that the processes for implementing data protection requirements have been examined and verified.

Since 2019, x-tention has also operated a Quality Management System (QMS) certified to the ISO 9001 standard. This standard describes a model for the establishment, implementation, operation, monitoring, review, maintenance and improvement of a documented QMS. The focus is on improving the quality of services delivered and, by extension, the continuous improvement of overall business performance.
 

2. Objectives and strategies

As an IT service provider operating primarily within health and social care, the management of information security, data protection and quality forms an integral part of the company's strategy. To embed information security, data protection and quality throughout the organisation, these disciplines are actively managed by the executive board and the respective designated officers. The objectives and principles of information security, data protection and quality management are implemented in alignment with the business strategy and corporate objectives. The resources required to maintain and further develop the x-tention Management System are provided by the executive board.

Information security
The objective of the xtMS in the area of information security is to protect all data processed by x-tention (predominantly personal data) to the highest possible standard, as well as to identify and address risks in a timely manner. The highest priority is given to ensuring the availability, confidentiality, integrity and legal compliance of data and systems. These so-called "information security protection objectives" are defined as follows:

  • Availability: data and systems are accessible whenever they are needed.
  • Confidentiality: data is protected against unauthorised access.
  • Integrity: data is protected against unauthorised modification.
  • Legal compliance: applicable legal and regulatory requirements (e.g. data protection legislation) are adhered to when processing data.
     

Data protection
The overarching objective of x-tention with regard to data protection is compliance with data protection legislation, in particular the provisions of the EU General Data Protection Regulation (EU GDPR, hereinafter "GDPR") and applicable national data protection legislation, as well as the data protection principles set out in Art. 5 GDPR.

All personal data relating to natural persons (e.g. personnel data, patient data, client data, etc.) is subject to the GDPR and applicable national data protection legislation in their respective current versions, and must not be processed, used or disclosed without authorisation. The provisions of the GDPR and applicable national data protection legislation in their current versions must be observed in full by all employees, processors and other external contractors.

Quality management
The objective of the xtMS in the area of quality management is to deliver services to the highest standard and thereby ensure client satisfaction. To succeed as a service provider, the highest priority is to deliver services in a manner that meets client requirements.
 

3. Roles and responsibilities

x-tention's management system ensures that the defined strategy and planned objectives can be achieved through a clearly defined allocation of roles, responsibilities and accountability within the organisational structure.

The executive board of x-tention group GmbH bears overall responsibility for the x-tention Management System. It takes strategic decisions and provides the resources required to support them.
 

4. Risk management

To ensure that risks – in particular IT and information security risks, data protection risks and quality risks – can be effectively managed, x-tention operates a risk management system. Risk management forms the basis for the selection of information security, data protection and quality measures.
 

5. Awareness and training

To raise awareness among employees in relation to information security, data protection and quality management, ongoing measures to build awareness and share knowledge are implemented through regular training for all employees.
 

6. Maintenance and continuous improvement

Information security, data protection and quality management is an ongoing process that must be regularly reviewed, maintained and, where necessary, adapted or improved during day-to-day operations (continuous improvement process, CIP). The executive board is responsible for providing the appropriate organisational, technical and commercial framework conditions to support this.

Last updated: 14 April 2026