Good security ratings for BVG Exchange
BVG Exchange is prepared for potential cyber risks. This is confirmed by Oneconsult AG, which has carried out a comprehensive technical security audit of the exchange platform in recent months.
With BVG Exchange, affiliation data of insured persons is transferred between occupational benefits institutions and vested benefits institutions in a standardised manner. Data is exchanged via a programming interface (API). These interfaces are accessible via the Internet and are therefore vulnerable to cyber criminals. The Substitute Occupational Benefit Institution therefore decided to subject it to a professional audit.
The Zurich-based company Oneconsult examined the interface using a penetration test. It also checked the security of the security-relevant areas of the configuration in the backend as well as the security of the architecture and design.
Expertly configured
The audit was conducted in accordance with the internationally established OSSTMM standard, which helps companies to systematically identify vulnerabilities and sustainably increase their IT security. A risk assessment value (RAV) is determined during this process. The calculation is based on a formula that displays a value between 0 and 100%. 100% would be the perfect balance between target area and security measures. The RAV of BVG Exchange is at the upper end of the benchmark for the financial sector determined by Oneconsult AG.
In the final report, Oneconsult underscores: «The results of the assessment give a good report on the environment examined. The environment is configured professionally and attests to the technical expertise of those responsible. The achieved level of safety is good.»
The BVG Exchange managers will be happy to explain the details of the report. If you are interested, please contact