CMMI Cyber Security Assessment for Munich Re HealthTech

In our commitment to constant improvement, we prioritize cybersecurity by regularly assessing both our infrastructure and products for vulnerabilities. These assessments are vital for proactively identifying and addressing potential threats, ensuring the continued security of our systems and your data.
Recently, a cybersecurity assessment in MRHT was conducted by IT Security Office for Non-IT Mandated members of MR Group.

Our last cybersecurity assessment, designed specifically for non-IT mandated entities within Munich Re Group, shows the current cybersecurity maturity of Munich Re HealthTech and it utilized the industry-standard Cybersecurity Maturity Model Index (CMMI) developed by ISACA (Information Systems Audit and Control Association).

Similar to the CMMI model used for software development, this framework acts as a benchmarking tool. The assessment evaluated our practices across crucial areas like asset management, development processes, governance structures, identity and access controls, security operations, and system security. This comprehensive review, conducted through document analysis and interviews, assigned a maturity level based on the five-point scale established by the CMMI model (1 - Ad Hoc, 2 - Repeatable, 3 - Defined, 4 - Managed, 5 - Optimizing).

We are pleased to announce an impressive score which falls within the "Managed" category. This indicates that the majority of our company's sub-processes are significantly contributing to our overall cybersecurity performance. Even more impressive, our score exceeded the suggested target,  highlighting a higher level of security maturity than initially anticipated.

We are committed to continuous improvement and will leverage these insights to enhance our security practices across the organization.