C5 Type 2 certificate: STACKIT receives confirmation of the highest security standards for cloud services

Neckarsulm, 22.08.2024

C5 Type 2 certificate: STACKIT receives confirmation of the highest security standards for cloud services

  • The C5 certificate from the German Federal Office for Information Security (BSI) is the most demanding certification for the cyber security of cloud services and a recognized security standard for SaaS solutions.
  • The passed effectiveness test with type 2 confirms the highest security level of STACKIT according to the strict criteria of the BSI.
  • The certificate provides for a semi-annual or annual audit by an independent third party.
  • For the current BSI C5:2020 scope, an IT-Grundschutz certification from the BSI is also in progress.

Neckarsulm, 21. August 2024 – STACKIT, the data-sovereign German cloud from Schwarz Digits, received the C5 Type 1 certificate for the infrastructure stack at the end of 2023 in accordance with the "Cloud Computing Compliance Criteria Catalogue" (C5) of the German Federal Office for Information Security (BSI). The criteria catalog defines more than 120 security measures, which are reviewed by independent third parties. The effectiveness audit of the C5 type 2 certificate has now confirmed that STACKIT complies with the established criteria for secure cloud computing. The audit is repeated at regular intervals by independent auditors every six or twelve months in order to keep the confirmation of compliance with the catalog of requirements up to date.

"The Cloud Computing C5 criteria catalog is the basis for one of the most demanding audits for cloud service providers and certifies compliance with the highest standards in IT security," emphasizes Walter Wolf, CEO of Schwarz Digits. "We prove our status by continuously testing our products and services in accordance with the BSI's catalog of requirements. With our secure, data-sovereign cloud services, we provide the basis for an independent, digitized Europe. This means that organizations from the healthcare sector or public administration, which have to comply with particularly strict data protection regulations, can also use our cloud services without any problems."

The C5 criteria catalog specifies requirements for secure cloud computing and is primarily aimed at professional cloud providers, their auditors and customers. The appropriateness of the cloud criteria was tested for STACKIT IaaS (STACKIT Compute Engine, STACKIT Network & Security, STACKIT Block Storage, STACKIT Object Storage) as part of type 2. For the current BSI C5:2020 scope, a so-called "ISO27001 based on IT-Grundschutz certification" is also in progress. The audit for the BSI's IT baseline protection follows the same logic as for the ISO27001 certificate, which STACKIT has already held for several years. Customers have the option of requesting the audit report directly from STACKIT.