It is the most important certification in the area of public cloud computing: The C5 catalogue of requirements from the Federal Office for Information Security (BSI) certifies that cloud providers offer the maximum level of security. The Open Telekom Cloud fulfills all the requirements of this catalogue, according to the most recent certificate.
BSI C5 certifies security, transparency and data protection
The requirements include the so-called environmental parameters: "They provide information on the data location, provision of services, place of jurisdiction, certifications and duties of investigation and disclosure towards government agencies and contain a system description," the BSI writes on its website. "The resulting transparency makes it possible for potential cloud customers to decide whether legal regulations (such as data protection), the customers’ own guidelines or also the threat scenario regarding industrial espionage make the use of the respective cloud service appear appropriate.”
The BSI C5 is regarded as the de facto standard in the cloud industry. Many companies wishing to use public cloud services will make a BSI C5 certification a requirement when choosing their provider. To obtain the certificate, the Open Telekom Cloud had to provide evidence in 17 thematic areas ranging from the organization of information security to physical security.
Open Telekom Cloud meets SOC 2 Type 1 requirements
In addition, with the certificate for BSI C5, the Open Telekom Cloud has also fulfilled the requirements of the US test protocol SOC 2. SOC stands for Service Organization Control. The certificate complies with the requirements of the American Institute of Certified Public Accountants (AICPA). It assesses service providers with regard to security, availability, processes, integrity, confidentiality and data protection.
The Open Telekom Cloud currently meets the SOC 2 Type 1 requirements, which means that auditors have checked the platform for its design by means of guidelines or process descriptions. Next, Deutsche Telekom will strive for Type 2 certification. Cloud providers who receive a Type 2 certificate for their offer have demonstrated that the design of their product is efficiently and effectively implemented.
Proof of certification must be provided every 12 months
"Cloud providers that have been tested accordingly cannot rest on their laurels: Providers are only considered compliant with both the BSI C5 requirements catalogue and SOC 2 if they renew the corresponding proof at least every 12 months," says Daniel Fussy, IT security & privacy consultant at T-Systems. "We are proud that we have now reached BSI C5 and SOC 2 Type 1 certification with the Open Telekom Cloud. Now we are working hard to also attain SOC 2 Type 2 as soon as possible."
Do you have questions?
We answer your questions about testing, booking and use - free of charge and individually. Try it! Hotline: 24 hours a day, 7 days a week
0800 33 04477 from Germany / 00800 44 556 600 from abroad