Fakultät Kommissionen Ethics Committee IT and Information…

IT and Information Security

The buzzword “digitalization” has been under discussion for quite some time now. Nevertheless, many ethics committees and other public institutions are still primarily paper-based in their work. On the other hand, the Ethics Committee of the Heidelberg Medical Faculty already made the switch to a purely electronic mode of working in the year 2012. Many benefits for applicants and sponsors are associated with this transition. 

The Ethics Committee is aware of the special responsibility that it has for the secure and reliable processing and storage of the data entrusted to it. To meet this requirement, the Ethics Committee works with an IT security concept according to DIN EN ISO 27001. As a separate organizational unit (OU) it is autonomous in many areas with respect to IT management and operates, for example, an internal database system. At the same time, it continues to use parts of the IT infrastructure of the University Hospital, for example, email or an integration into the domains of the hospital. 

The responsibility for the internal IT systems of the Ethics Committee is divided between two especially trained employees who continuously deepen their knowledge in the area of IT through regular further training measures.

Email Security

All employees of the Heidelberg Ethics Committee have a personal S/MIME certificate. This certificate serves as proof of the identity of the employees and may also be used to encrypt emails if necessary. 

Proof of identity

All emails from employees of the Heidelberg Ethics Committee are digitally signed by a personal S/MIME certificate. Based on this digital signature, recipients can comprehend that an email actually comes from the respective employee. In this way, phishing attempts can be prevented. A digitally signed email can be recognized in Outlook, e.g., by a little seal next to the name of the sender. In Thunderbird this is indicated by a sealed envelope. 


For encrypted communication with the Ethics Committee via email, the sender must also use S/MIME and have set this up in the sender’s mail program. To communicate using encryption the certificate of the respective employee of the Ethics Committee must be imported into the mail program. At Thunderbird, the import is automatic once an email is opened as a rule. At Outlook the certificate is imported once the contact has been added to Outlook. If the certificate has been imported, the email will be encrypted when drafted to the respective employee of the Ethics Committee.  If you desire an encryption with your S/MIME certificate, please let us know.