The BSI C5 (Cloud Computing Compliance Criteria Catalogue) is a criteria catalogue from Germany's Federal Office for Information Security that defines minimum requirements for secure cloud services. Providers demonstrate fulfilment through an attestation.
The Cloud Computing Compliance Criteria Catalogue (C5) is an audit standard from Germany's Federal Office for Information Security (BSI). It defines minimum requirements for the information security of cloud services and is an important reference in Germany for selecting trustworthy providers.
The catalogue covers criteria in areas such as the organisation of information security, physical security, operations, identity and rights management, encryption and the handling of security incidents. In addition, C5 requires transparency about framework conditions such as jurisdiction and data location.
With the BSI C5, fulfilment of the criteria is confirmed by an independent auditor. The result is an attestation (Testat), not a certification. It is therefore correct to speak of BSI C5-attested rather than certified.
A C5 attestation gives companies and public bodies an audited basis for assessing the security of a cloud service without having to audit every provider comprehensively themselves.
SecureCloud is BSI C5-attested. Together with the ISO 27001 certification and hosting in Germany, this forms the basis for a demonstrably secure, GDPR-compliant service.
No. With the BSI C5, an independent auditor confirms fulfilment of the criteria in the form of an attestation. The correct wording is therefore BSI C5-attested.
The criteria catalogue was published by Germany's Federal Office for Information Security (BSI).
ISO 27001 is an international standard for information security management systems. The BSI C5 is tailored specifically to cloud services and is widely used in Germany.
Unsere Experten beantworten Ihnen gerne alle Fragen.