The Graduate

When Rolf Lorenz took up his position as specialist manager for management systems at the Swissmint mint in Bern in the summer of 2015, he was initially a little uncomfortable in one area: "I looked at electronic quality management, saw the version of IQSoft from Zofingen-based IQS AG at the time and thought, Oh dear, an Access database! »

Increasing security awareness

It's been a long time; IQSoft now runs with SQL at Swissmint, and this year IQS AG and the Bernese mint are celebrating 20 years of successful cooperation: "The whole thing developed positively. I am someone who wants to know why something works the way it does. I understood that very well with IQSoft."

Two decades of electronic quality assistance at Swissmint also show up as an exciting reflection of the evolving security thinking at the federal level. Hans-Peter Kost, Chairman of the Board of IQS AG: "When we were allowed to implement IQSoft at Swissmint in 2000, no one outside the mint was interested. We also made regular updates. At some point, the Federal Office of Information Technology (BIT) became aware of our tool. From then on we reported: There is a release change, and the office approved it. That was also uncomplicated.

Unexpected hurdle

In 2016, Rolf Lorenz came back from a workshop at IQS in Zofingen and was quite enthusiastic about the web-based solution that had just been launched: "It was my goal that our people should query all documents electronically. We decided to introduce this web application."

Marius Haldimann, Swissmint's managing director, recalls: "No sooner had the release been registered with the FOITT than the federal office demanded a radical stress test." The reason: The new, web-based IQSoft version became a potential point of attack for hackers due to its browser capability and connection to the web.

Simulated attack

The test was performed with WebInspect. This tool from Microfocus simulates hacker attacks and reports the results in detail. WebInspect bombards all input fields of the target program with special routines to see what the operating system is doing.

Excessive caution?

Not at all. Swissmint, together with the Central Compensation Office ZAS (responsible for AHV/IV/EO), belongs to the Federal Finance Administration FFA. Rolf Lorenz: "Our IQSoft content is rather small compared to larger departments or companies. But of course we didn't want to be a digital gateway with the program."

Marius Haldimann adds: "The FOITT operates the servers of the federal administration. It was examined whether it would be possible to access the level of the federal computers via a backdoor using command line fields."

vulnerability threat

Mind you, the test with WebInspect was never about the functionality of the quality management software. IQSoft works at Swissmint just as it does at many hundreds of other Swiss SMEs and institutions - error-free. The document management as well as the modules operating resources, test resources, audit and the module opportunities for improvement are currently used.

So there were security breaches? Yes, there were. WebInspect generated an error log several hundred pages long. Rolf Lorenz sent it to IQS AG with the comment, "We need to get over this hurdle. Look at this."

roll up one's sleeves

Lorenz was worried. He saw the danger that IQS AG could throw in the towel. Swissmint would then literally have been left with its trouser legs sawn off as far as electronic quality management was concerned. The opposite happened: IQS AG rolled up its sleeves.

Hans-Peter Kost: "Of course, we were quite amazed at how many attack options there are. We optimized intensively and it got drastically better. It had to. We know and like Swissmint very much as a partner, and we only had three attempts from the BIT to reach the desired level in terms of security."

Maturity test passed "It was an enormously exciting experience lasting several months. IQSoft's functionality is now backed up everywhere in the deepest command range. Every field that can be worked on in some way has been tested. That moved us forward a lot professionally." According to Kost, they naturally took the results into account when developing the current version, IQSoft 7.9. From this perspective, he often wonders how other software providers ensure security: "Their tools are hardly ever subjected to such a severe stress test.

In Zofingen, the company is convinced that the large community of IQSoft users (of which more than 100 are in strictly regulated areas) will benefit "unbelievably" from this development: "What we can offer with IQSoft at this security level for every browser - someone has to do that first."

Quality and safety management from a single source

Swissmint and IQS AG, as long-standing partners and under the watchful eye of the FOITT, have set a qualitative milestone that is a credit to all parties involved. Hans-Peter Kost is pleased with this collaboration: "We have always preferred to develop IQSoft in cooperation with the customers."

Quality manager Lorenz likes to benefit from the agility of the Zofingen IT specialists: "I come with a change request. IQS AG offers a solution. I also never have to ask. You send your request and then a mail comes: 'It's done'." Business manager Haldimann's conclusion is similar: "IQSoft is a tool behind which there is enormous commitment." IQSoft is, says Haldimann, "likeable, Swiss, independent." With which he - probably unconsciously - also describes 'his' company exactly. After all (it really doesn't get more Swiss and independent than this), the 10-Räppler has been minted since 1879 and is now the oldest coin in the world that is still in use unchanged.

Tested by the BIT and found to be good

The Bernese mint and the Zofingen software house: they know each other, appreciate each other and are expanding their cooperation in a targeted manner. No wonder. After all, since their joint effort for hacker-proof quality management, Swissmint and IQS AG can justifiably claim: "We are BIT-approved.