In 2008, the German Federal Office for Information Security issued the common criteria protection profile for Online Voting Products (PP-0037). Accordingly, we evaluated the Polyas electronic voting system, which is used for legally binding elections in several international organizations (German Gesellschaft for Informatik, GI, among others), for compliance with the common criteria protection profile and worked toward fulfilling the given requirements. In this article we present the findings of the process of creating a compliant security target, necessary restrictions and assumptions to the system design as well as the workings of the committee, and architectural and procedural changes made necessary.