Gebäude des Leopoldina Krankenhaus der Stadt Schweinfurt


The German IT Security Act (EU NIS Directive) contains comprehensive security requirements for operators of essential services (OES). Certain hospitals are obliged to guarantee that they are able to ensure the treatment of their in-patients in acute situations. In practice, hospitals can meet this requirement by setting up an information security management system (ISMS).



The obvious question to ask was: which measures does the hospital need to take to enable it to fulfil its responsibility to both the patient and the law while guaranteeing that financial and personnel resources are used efficiently? Leopoldina Hospital in Schweinfurt has used the current legal requirements to raise its level of information security to a new level. To do so, it used x-tention’s comprehensive ISMS template package, which completely covers all requirements from the German Hospital Federation’s sector-specific security standards, B3S. This allowed us to set up a tailored ISMS for hospital operations.



Bringing nearly 20 years of hands-on experience in the healthcare sector to the table, we were able to perfectly tailor the general requirements from standards and legislation to hospital operations. This allowed us to reduce the cost and effort involved while focusing the security measures on key areas that require protection in the healthcare sector. The ISMS implementation project culminated in a compliance audit, as per Section 8a BSI Act, and the hospital received a great result.


Logo Leopoldina KH Schweinfurt

Leopoldina Hospital Schweinfurt GmbH

Schweinfurt, Germany


"We worked with x-tention to integrate an ISMS into our critical processes in a permanent and organized way. Right from the start this project had tight deadlines, so x-tention’s quick and straightforward cooperation was really helpful. The ISMS templates provided by x-tention allowed us to considerably reduce the amount of work required to create an ISMS as the documents were adapted and implemented by the specialist departments themselves. x-tention’s wide-ranging practical experience and their flexible approach to the particular set-up in our hospital meant that we could quickly create an ISMS that meets our needs perfectly. The commitment of all participants was rewarded with an excellent compliance audit result from the auditing body"


Thomas Balling MScThomas Balling MSc
Head of IT



You receive an ISMS template package that...

  • contains B3S requirements;
  • is based on tried and tested workflows from real-life healthcare scenarios;
  • has already been implemented, monitored and audited many times in the healthcare sector.

Implementing an ISMS using our ISMS template package allows you to...

  • be perfectly prepared for an audit as stipulated by Section 8a BSI Act;
  • systematically document and optimize your internal processes and develop them to a suitable level of maturity;
  • reduce the liability risk for management in the long term.

How you benefit from working with x-tention:

  • From real life – for real life: Our ISMS contains data based on experience from nearly 10 years of certified ISMS operations
  • Boilerplate texts and content are pre-formulated and have extensive commentary
  • Guidance from experts with in-depth knowledge of the health and social care system
  • You save considerable time and effort when setting up your ISMS
  • This is an excellent basis for ISO/IEC 27001 certification and successful verification in accordance with Section 8a BSI Act
  • No special software is required – you only need Microsoft Office
Teaser image of the success story document
Success Story Leopoldina Hospital