{"id":5828,"date":"2025-06-11T16:47:23","date_gmt":"2025-06-11T14:47:23","guid":{"rendered":"https:\/\/www.bayoomed.com\/news\/close-the-gap-everything-about-bsi-tr-03161\/"},"modified":"2025-06-11T16:47:23","modified_gmt":"2025-06-11T14:47:23","slug":"close-the-gap-everything-about-bsi-tr-03161","status":"publish","type":"news","link":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/","title":{"rendered":"\u201cClose the Gap\u201d &#8211; Everything about BSI TR-03161"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:calc( 70vw + );margin-left: calc(- \/ 2 );margin-right: calc(- \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-margin-bottom-large:20px;--awb-width-medium:100%;--awb-order-medium:0;--awb-width-small:100%;--awb-order-small:0;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-1 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:0px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:39;line-height:var(--awb-typography1-line-height);\"><h2>DiGA test for technical guideline 03161<\/h2><\/h2><\/div><div class=\"fusion-text fusion-text-1 fusion-text-no-margin\" style=\"--awb-margin-bottom:50px;\"><p><strong>Author: Lukas Schmidt <\/strong>Software Engineer at BAYOOMED\n<strong>Co-author: Alexandra Heuel <\/strong>Project Manager at BAYOOMED<\/p>\n<\/div><div class=\"fusion-text fusion-text-2\"><p>With TR-03161, the <a href=\"https:\/\/www.bsi.bund.de\/DE\/Home\/home_node.html\" target=\"_blank\" rel=\"noopener noreferrer\">Federal Office for Information Security (BSI<\/a> ) is implementing a comprehensive guideline for increasing the security standards and data integrity of <a href=\"https:\/\/www.bayoomed.com\/en\/entwicklung\/diga\/\">Digital Health Applications (DiGA)<\/a> and Digital Care Applications (DiPA).<\/p>\n<p>This is intended to increase user confidence in digital health applications in the long term. Since January 1, 2025, certification in accordance with TR-03161 has been mandatory for all DiGAs and DiPAs in accordance with Section 139e SGB V. Certificates are currently required from all DiGAs seeking new inclusion in the register. A valid BSI certificate must also be submitted for formal completeness.  <\/p>\n<p>DiGAs already in the register do not have a fixed transition period, but should complete the procedure as quickly as possible and report to the <a href=\"https:\/\/www.bfarm.de\/EN\/Home\/_node.html\" target=\"_blank\" rel=\"noopener noreferrer\">BfArM <\/a>.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-2 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:calc( 70vw + );margin-left: calc(- \/ 2 );margin-right: calc(- \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-margin-bottom-large:20px;--awb-width-medium:100%;--awb-order-medium:0;--awb-width-small:100%;--awb-order-small:0;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-2 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:0px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:39;line-height:var(--awb-typography1-line-height);\"><h2>Time-critical implementation<\/h2><\/h2><\/div><div class=\"fusion-text fusion-text-3\"><p>The average certification process takes 8-12 weeks, whereby the preparation time depends heavily on the initial situation. In addition, there is a backlog at the <a href=\"https:\/\/www.bsi.bund.de\/EN\/Themen\/Unternehmen-und-Organisationen\/Standards-und-Zertifizierung\/Zertifizierung-und-Anerkennung\/Listen\/Liste-TR-Pruefstellen\/liste-tr-pruefstellen_node.html\" target=\"_blank\" rel=\"noopener noreferrer\">accredited test centers<\/a> (currently T\u00dcV IT, Secuvera and PWC) due to the large number of DiGAs in the BfArM portal and in the application process. <\/p>\n<p>The testing body discusses the conformity of the product with TR 03161 in accordance with the guidelines and delivers a test report to the BSI. The BSI in turn allows itself an average of 3 weeks for testing &#8211; a test should be planned accordingly and budgeted with sufficient time. <\/p>\n<\/div><div class=\"fusion-image-element \" style=\"--awb-margin-bottom:20px;--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\" style=\"border-radius:10px;\"><img decoding=\"async\" width=\"1000\" height=\"667\" alt=\"BAYOOMED - DiGA-Pr\u00fcfung auf TR-03161\" title=\"BAYOOMED &#8211; DiGA-Pr\u00fcfung auf TR-03161\" src=\"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-TR-03161.jpg\" class=\"img-responsive wp-image-5826\" srcset=\"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-TR-03161-200x133.jpg 200w, https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-TR-03161-400x267.jpg 400w, https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-TR-03161-600x400.jpg 600w, https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-TR-03161-800x534.jpg 800w, https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-TR-03161.jpg 1000w\" sizes=\"(max-width: 1100px) 100vw, 1000px\" \/><\/span><\/div><div class=\"fusion-title title fusion-title-3 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:0px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:39;line-height:var(--awb-typography1-line-height);\"><h2>The three-part structure of the directive<\/h2><\/h2><\/div><div class=\"fusion-text fusion-text-4\"><p>The directive is divided into three documents:<\/p>\n<\/div><ul style=\"--awb-line-height:30.6px;--awb-icon-width:30.6px;--awb-icon-height:30.6px;--awb-icon-margin:12.6px;--awb-content-margin:43.2px;--awb-circlecolor:var(--awb-color4);--awb-circle-yes-font-size:15.84px;\" class=\"fusion-checklist fusion-checklist-1 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-mobile-alt fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\">\n\n<strong>Mobile applications:<\/strong>\nFocused on security requirements for smartphone and tablet apps\n\n<\/div>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-desktop fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\">\n\n<strong>Web applications:<\/strong>\nCovers web-based interfaces and portals\n\n<\/div>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-server fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\">\n\n<strong>Background systems:<\/strong>\nCovers backend infrastructures, servers and cloud services\n\n<\/div>\n<\/div><\/li><\/ul><div class=\"fusion-text fusion-text-5\"><p>Some of these documents list far-reaching requirements for source code, architecture, <a href=\"https:\/\/www.bayoomed.com\/en\/begleitprozesse\/cybersecurity\/\">security <\/a>and infrastructure. They contain a large number of test aspects that are assigned to the requirements and must be implemented by the DiGA manufacturers. <\/p>\n<p>TR-03161 integrates international standards such as OWASP ASVS, MASVS and WSTG to ensure a high level of security.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-3 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:calc( 70vw + );margin-left: calc(- \/ 2 );margin-right: calc(- \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-margin-bottom-large:20px;--awb-width-medium:100%;--awb-order-medium:0;--awb-width-small:100%;--awb-order-small:0;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-4 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:0px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:39;line-height:var(--awb-typography1-line-height);\"><h2>Test aspects and test procedures in detail<\/h2><\/h2><\/div><div class=\"fusion-text fusion-text-6\"><p>TR-03161 structures its security specifications into technical requirements and associated test aspects. While the requirements represent concrete technical specifications for implementation, the test aspects define specific criteria for checking fulfillment of the requirements. <\/p>\n<p>The key audit aspect categories include:<\/p>\n<ul>\n<li>Architecture and design of the application<\/li>\n<li>Cryptographic implementation and key management<\/li>\n<li>Secure network communication<\/li>\n<li>Authentication and authorization<\/li>\n<li>Data protection, data security and data integrity<\/li>\n<li>System availability and reliability<\/li>\n<\/ul>\n<p class=\"ai-optimize-67\">The technical implementation of these requirements is tested using the following test procedures, among others:<\/p>\n<\/div><ul style=\"--awb-line-height:30.6px;--awb-icon-width:30.6px;--awb-icon-height:30.6px;--awb-icon-margin:12.6px;--awb-content-margin:43.2px;--awb-circlecolor:var(--awb-color4);--awb-circle-yes-font-size:15.84px;\" class=\"fusion-checklist fusion-checklist-2 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-angle-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\">\n\n<strong>Penetration tests:<\/strong>\nSimulated attacks to identify vulnerabilities\n\n<\/div>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-angle-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\">\n\n<strong>Source code analyses:<\/strong>\nStatic and dynamic code checks\n\n<\/div>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-angle-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\"><strong>Document reviews:<\/strong>\nEvaluation of security concepts and <a href=\"https:\/\/www.bayoomed.com\/en\/begleitprozesse\/risk-management\/\">risk management<\/a><\/div>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-angle-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\">\n\n<strong>Vulnerability analyses:\n<\/strong> Systematic identification of potential security risks\n\n<\/div>\n<\/div><\/li><\/ul><div class=\"fusion-image-element \" style=\"--awb-margin-bottom:20px;--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-2 hover-type-none\" style=\"border-radius:10px;\"><img decoding=\"async\" width=\"1200\" height=\"800\" alt=\"BAYOOMED - Best Practices f\u00fcr Post-Market Cybersecurity\" title=\"BAYOOMED &#8211; Best Practices f\u00fcr Post-Market Cybersecurity\" src=\"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/02\/BAYOOMED-Best-Practices-fuer-Post-Market-Cybersecurity.jpg\" class=\"img-responsive wp-image-5313\" srcset=\"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/02\/BAYOOMED-Best-Practices-fuer-Post-Market-Cybersecurity-200x133.jpg 200w, https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/02\/BAYOOMED-Best-Practices-fuer-Post-Market-Cybersecurity-400x267.jpg 400w, https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/02\/BAYOOMED-Best-Practices-fuer-Post-Market-Cybersecurity-600x400.jpg 600w, https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/02\/BAYOOMED-Best-Practices-fuer-Post-Market-Cybersecurity-800x533.jpg 800w, https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/02\/BAYOOMED-Best-Practices-fuer-Post-Market-Cybersecurity.jpg 1200w\" sizes=\"(max-width: 1100px) 100vw, 1200px\" \/><\/span><\/div><div class=\"fusion-text fusion-text-7\"><p>The certification process is carried out by accredited test centers such as T\u00dcV IT and results in a BSI certificate that is valid for 5 years. Nevertheless, as things stand at present, every change to the product must be reported to the BSI, which checks whether this could lead to security changes, whereupon a gap or recertification could become necessary. <\/p>\n<p>Vendor associations are already criticizing this approach due to the lack of flexibility in the agile software development process &#8211; the BSI has not yet issued a final statement. In addition, a C5 type 2 certificate is required for cloud hosting. <\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-4 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:calc( 70vw + );margin-left: calc(- \/ 2 );margin-right: calc(- \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-3 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-margin-bottom-large:20px;--awb-width-medium:100%;--awb-order-medium:0;--awb-width-small:100%;--awb-order-small:0;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-5 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:0px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:39;line-height:var(--awb-typography1-line-height);\"><h2>Holistic approach for maximum safety<\/h2><\/h2><\/div><div class=\"fusion-text fusion-text-8\"><p>TR-03161 takes a holistic approach to testing that encompasses all components of the DiGA. Depending on the architecture of your application, different parts of the directive must be implemented: <\/p>\n<ul>\n<li>Need mobile apps with backend part 1 and part 3<\/li>\n<li>Hybrid solutions with web components require all three parts<\/li>\n<li>Implementing pure web applications part 2 and part 3<\/li>\n<\/ul>\n<p>Thanks to our expertise in all three areas, we offer end-to-end support from the initial analysis to successful certification &#8211; so that your DiGA is not only compliant, but also sustainably secure.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-5 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:calc( 70vw + );margin-left: calc(- \/ 2 );margin-right: calc(- \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-4 fusion_builder_column_1_5 1_5 fusion-flex-column fusion-flex-align-self-stretch\" style=\"--awb-bg-size:cover;--awb-width-large:20%;--awb-margin-top-large:0px;--awb-margin-bottom-large:20px;--awb-spacing-left-large:calc( 0 * calc( 100% - ) );--awb-width-medium:20%;--awb-order-medium:0;--awb-spacing-left-medium:calc( 0 * calc( 100% - ) );--awb-width-small:100%;--awb-order-small:0;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><i class=\"fb-icon-element-1 fb-icon-element fontawesome-icon fa-shield-alt fas circle-yes\" style=\"--awb-circlebordersize:0px;--awb-font-size:70.4px;--awb-width:140.8px;--awb-height:140.8px;--awb-line-height:140.8px;--awb-margin-top:0;--awb-margin-right:0;--awb-margin-bottom:0;--awb-margin-left:0;--awb-align-self:center;\"><\/i><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-5 fusion_builder_column_4_5 4_5 fusion-flex-column\" style=\"--awb-padding-top:60px;--awb-padding-right:60px;--awb-padding-bottom:60px;--awb-padding-left:60px;--awb-overflow:hidden;--awb-bg-color:var(--awb-color7);--awb-bg-color-hover:var(--awb-color7);--awb-bg-size:cover;--awb-border-radius:60px 60px 60px 60px;--awb-width-large:80%;--awb-margin-top-large:0px;--awb-spacing-right-large:calc( 0 * calc( 100% - ) );--awb-margin-bottom-large:20px;--awb-spacing-left-large:calc( 0 * calc( 100% - ) );--awb-width-medium:80%;--awb-order-medium:0;--awb-spacing-right-medium:calc( 0 * calc( 100% - ) );--awb-spacing-left-medium:calc( 0 * calc( 100% - ) );--awb-width-small:100%;--awb-order-small:0;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-6 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color1);--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:0px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:39;line-height:var(--awb-typography1-line-height);\"><h2>Our support for your DiGA compliance<\/h2><\/h2><\/div><div class=\"fusion-text fusion-text-9\" style=\"--awb-text-color:var(--awb-color1);\"><p>We have practical experience with TR-03161-compliant applications and have already developed a DiGA project entirely according to these standards. This expertise enables us to support you with in-depth know-how and identify typical challenges in advance. <\/p>\n<p>In order to ensure the conformity of your DiGA, we provide support after an introduction to TR-03161 (if necessary) in the area of requirements management, in the creation of a gap analysis, in project planning and in the implementation and closure of existing gaps to TR-03161.<\/p>\n<\/div><div ><a class=\"fusion-button button-flat fusion-button-default-size button-default fusion-button-default button-1 fusion-button-default-span fusion-button-default-type\" style=\"--button-border-radius-top-left:30px;--button-border-radius-top-right:30px;--button-border-radius-bottom-right:30px;--button-border-radius-bottom-left:30px;\" target=\"_self\" href=\"https:\/\/www.bayoomed.com\/en\/#contact\"><span class=\"fusion-button-text awb-button__text awb-button__text--default\">Get in touch now<\/span><\/a><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-6 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:calc( 70vw + );margin-left: calc(- \/ 2 );margin-right: calc(- \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-6 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-margin-bottom-large:20px;--awb-width-medium:100%;--awb-order-medium:0;--awb-width-small:100%;--awb-order-small:0;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-7 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:0px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:39;line-height:var(--awb-typography1-line-height);\"><h2>Gap analysis<\/h2><\/h2><\/div><div class=\"fusion-text fusion-text-10\"><p>DiGA manufacturers must recognize at an early stage which of these requirements are already fulfilled and where there is still a need for action. With a systematic and detailed analysis of existing security measures, data processing procedures and user interactions, we provide the basis for effective and efficient adaptation to TR-03161. <\/p>\n<\/div><div ><a class=\"fusion-button button-flat fusion-button-default-size button-default fusion-button-default button-2 fusion-button-default-span fusion-button-default-type\" style=\"--awb-margin-bottom:40px;--button-border-radius-top-left:30px;--button-border-radius-top-right:30px;--button-border-radius-bottom-right:30px;--button-border-radius-bottom-left:30px;\" target=\"_self\" href=\"https:\/\/www.bayoomed.com\/en\/begleitprozesse\/bsi-tr-03161-certificate\/\"><span class=\"fusion-button-text awb-button__text awb-button__text--default\">Learn more<\/span><\/a><\/div><div class=\"fusion-title title fusion-title-8 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:0px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:39;line-height:var(--awb-typography1-line-height);\"><h2>Close gaps<\/h2><\/h2><\/div><div class=\"fusion-text fusion-text-11\"><p>We draw on our experience in implementing TR-03161 to close identified weaknesses and meet the test criteria. Our structured approach to closing gaps includes: <\/p>\n<\/div><ul style=\"--awb-line-height:30.6px;--awb-icon-width:30.6px;--awb-icon-height:30.6px;--awb-icon-margin:12.6px;--awb-content-margin:43.2px;--awb-circlecolor:var(--awb-color4);--awb-circle-yes-font-size:15.84px;\" class=\"fusion-checklist fusion-checklist-3 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-angle-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\">\n\n<strong>Requirements management:<\/strong>\nEffective and agile requirements management is crucial for the successful implementation of TR-03161. This should include structured recording and documentation, integration into the development cycle and a concept for the traceability of requirements.\nWe support you in establishing TR-03161-compliant requirements management that integrates seamlessly into your existing processes while meeting compliance requirements. Furthermore, active requirements management makes it easier for both manufacturers and auditors to assess implementation.  \n\n<\/div>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-angle-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\">\n\n<strong>Technical implementation:<\/strong>\nWe provide support in the concrete implementation of missing security measures, from the implementation of secure authentication procedures and the establishment of cryptographic standards to securing the cloud infrastructure in accordance with C5 requirements.\nOur experience from the development of an already compliant system enables us to directly transfer proven implementation approaches and architecture patterns.\n\n<\/div>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-angle-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"iconlist_content_wrap\">\n\n<strong>Documentation and verification:<\/strong>\nComplete documentation is essential for successful certification. We work with you to create the necessary security concepts, risk analyses and technical documentation that meet the BSI requirements. Thanks to our practical experience in preparing for certification, we can provide tried-and-tested documentation approaches and structured procedures.  \n\n<\/div>\n<\/div><\/li><\/ul><\/div><\/div><\/div><\/div><!-- \/wp:post-content -->","protected":false},"author":5,"featured_media":5824,"template":"","categories":[82,74,45],"class_list":["post-5828","news","type-news","status-publish","has-post-thumbnail","hentry","category-cybersecurity-en","category-diga-en","category-news-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u201cClose the Gap\u201d - Everything about BSI TR-03161 - BAYOOMED<\/title>\n<meta name=\"description\" content=\"With TR-03161, the BSI is implementing a comprehensive guideline for increasing the security standards and data integrity of DiGA &amp; DiPA.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u201cClose the Gap\u201d - Everything about BSI TR-03161\" \/>\n<meta property=\"og:description\" content=\"With TR-03161, the BSI is implementing a comprehensive guideline for increasing the security standards and data integrity of DiGA &amp; DiPA.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/\" \/>\n<meta property=\"og:site_name\" content=\"BAYOOMED\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-Technische-Richtlinie-03161-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"1202\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"29 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.bayoomed.com\\\/en\\\/news\\\/close-the-gap-everything-about-bsi-tr-03161\\\/\",\"url\":\"https:\\\/\\\/www.bayoomed.com\\\/en\\\/news\\\/close-the-gap-everything-about-bsi-tr-03161\\\/\",\"name\":\"\u201cClose the Gap\u201d - Everything about BSI TR-03161 - BAYOOMED\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.bayoomed.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.bayoomed.com\\\/en\\\/news\\\/close-the-gap-everything-about-bsi-tr-03161\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.bayoomed.com\\\/en\\\/news\\\/close-the-gap-everything-about-bsi-tr-03161\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.bayoomed.com\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2025\\\/06\\\/BAYOOMED-DiGA-Pruefung-auf-Technische-Richtlinie-03161-1.jpg\",\"datePublished\":\"2025-06-11T14:47:23+00:00\",\"description\":\"With TR-03161, the BSI is implementing a comprehensive guideline for increasing the security standards and data integrity of DiGA & DiPA.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.bayoomed.com\\\/en\\\/news\\\/close-the-gap-everything-about-bsi-tr-03161\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.bayoomed.com\\\/en\\\/news\\\/close-the-gap-everything-about-bsi-tr-03161\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.bayoomed.com\\\/en\\\/news\\\/close-the-gap-everything-about-bsi-tr-03161\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.bayoomed.com\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2025\\\/06\\\/BAYOOMED-DiGA-Pruefung-auf-Technische-Richtlinie-03161-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.bayoomed.com\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2025\\\/06\\\/BAYOOMED-DiGA-Pruefung-auf-Technische-Richtlinie-03161-1.jpg\",\"width\":1800,\"height\":1202,\"caption\":\"BAYOOMED - DiGA-Pr\u00fcfung auf Technische Richtlinie 03161\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.bayoomed.com\\\/en\\\/news\\\/close-the-gap-everything-about-bsi-tr-03161\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/www.bayoomed.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"News\",\"item\":\"https:\\\/\\\/www.bayoomed.com\\\/news\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"\u201cClose the Gap\u201d &#8211; Everything about BSI TR-03161\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.bayoomed.com\\\/#website\",\"url\":\"https:\\\/\\\/www.bayoomed.com\\\/\",\"name\":\"BAYOOMED\",\"description\":\"We engineer medical software\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.bayoomed.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u201cClose the Gap\u201d - Everything about BSI TR-03161 - BAYOOMED","description":"With TR-03161, the BSI is implementing a comprehensive guideline for increasing the security standards and data integrity of DiGA & DiPA.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/","og_locale":"en_US","og_type":"article","og_title":"\u201cClose the Gap\u201d - Everything about BSI TR-03161","og_description":"With TR-03161, the BSI is implementing a comprehensive guideline for increasing the security standards and data integrity of DiGA & DiPA.","og_url":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/","og_site_name":"BAYOOMED","og_image":[{"width":1800,"height":1202,"url":"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-Technische-Richtlinie-03161-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"29 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/","url":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/","name":"\u201cClose the Gap\u201d - Everything about BSI TR-03161 - BAYOOMED","isPartOf":{"@id":"https:\/\/www.bayoomed.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/#primaryimage"},"image":{"@id":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/#primaryimage"},"thumbnailUrl":"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-Technische-Richtlinie-03161-1.jpg","datePublished":"2025-06-11T14:47:23+00:00","description":"With TR-03161, the BSI is implementing a comprehensive guideline for increasing the security standards and data integrity of DiGA & DiPA.","breadcrumb":{"@id":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/#primaryimage","url":"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-Technische-Richtlinie-03161-1.jpg","contentUrl":"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/06\/BAYOOMED-DiGA-Pruefung-auf-Technische-Richtlinie-03161-1.jpg","width":1800,"height":1202,"caption":"BAYOOMED - DiGA-Pr\u00fcfung auf Technische Richtlinie 03161"},{"@type":"BreadcrumbList","@id":"https:\/\/www.bayoomed.com\/en\/news\/close-the-gap-everything-about-bsi-tr-03161\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.bayoomed.com\/en\/"},{"@type":"ListItem","position":2,"name":"News","item":"https:\/\/www.bayoomed.com\/news\/"},{"@type":"ListItem","position":3,"name":"\u201cClose the Gap\u201d &#8211; Everything about BSI TR-03161"}]},{"@type":"WebSite","@id":"https:\/\/www.bayoomed.com\/#website","url":"https:\/\/www.bayoomed.com\/","name":"BAYOOMED","description":"We engineer medical software","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bayoomed.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"acf":[],"_links":{"self":[{"href":"https:\/\/www.bayoomed.com\/en\/wp-json\/wp\/v2\/news\/5828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bayoomed.com\/en\/wp-json\/wp\/v2\/news"}],"about":[{"href":"https:\/\/www.bayoomed.com\/en\/wp-json\/wp\/v2\/types\/news"}],"author":[{"embeddable":true,"href":"https:\/\/www.bayoomed.com\/en\/wp-json\/wp\/v2\/users\/5"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bayoomed.com\/en\/wp-json\/wp\/v2\/media\/5824"}],"wp:attachment":[{"href":"https:\/\/www.bayoomed.com\/en\/wp-json\/wp\/v2\/media?parent=5828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bayoomed.com\/en\/wp-json\/wp\/v2\/categories?post=5828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}