Strengthening Security Maturity Across 260+ Critical Healthcare Services

Business Need

CompuGroup Medical (CGM), a global leader in healthcare software with over 1.6 million users across 56 countries, was rapidly expanding its portfolio of digital services. With more than 260 web, desktop, and API-based offerings, CGM needed a comprehensive security audit to ensure a strong, scalable application security posture.

Solution

Over a six-month engagement, Sigma Software expert team conducted a multi-stage assessment:

• We evaluated approximately 260 services, tackling the most critical 60 first, then auditing the rest through structured stakeholder interviews and evidence gathering.
• Adopting OWASP frameworks (including SAMM, DSOMM, and ASVS) we tailored audits to each service’s development stage and risk profile.
• We delivered a detailed maturity assessment report, listing prioritized enhancements and a roadmap for security improvements.
• To sustain visibility, we built a custom real-time monitoring solution using a Power BI dashboard for metrics tracking and a Power App for ongoing service updates.

Outcome

• CGM gained a unified overview of its security posture and a concrete, prioritized roadmap to close gaps across services.
• The real-time monitoring tooling now keeps security metrics transparent and actionable, helping CGM proactively manage information risk across its global offering.

The Client’s Voice

“Despite the tight timeline, Sigma Software managed the project perfectly from both technical and organizational perspectives. The improvements identified will help us further strengthen our security posture and protect our customers’ data.”
— Jochen Klein, CISO, CGM