News

C5 attestation: safety in the cloud – a practical guide for businesses

A hospital is looking to modernise its data management, while a health insurer plans to move its internal processes into the cloud. Both are soon faced with the same basic question: is sensitive health or social data even allowed to be processed in the cloud – and if so, how can this be done securely?

The answer is ‘yes’ – but the cloud provider must have a C5 attestation from the German BSI.

What is the C5 attestation?

The Cloud Computing Compliance Criteria Catalogue – C5 for short – is a standard for information security in the cloud that was developed by the German Federal Office for Information Security (BSI).

By obtaining a C5 attestation, cloud providers prove they fulfil a specific set of security requirements, including physical/logical access controls, data encryption, business continuity management and compliance processes.

Following the entry into force of the German Digital Act (DigiG), businesses who process health or social data now face increasing regulatory pressure to use cloud services with higher security standards – such as a C5 attestation. Increasingly, C5 is therefore becoming a key component of IT and compliance strategies.

Why C5 is also important for your business

Even if your company does not process sensitive data at present, this situation could change very quickly. Customers, business partners and public-sector clients are increasingly asking cloud service providers for proof of C5 before entrusting them with their data.
Implications:

  1. Those who are quick to get onboard with the requirements will secure a key competitive advantage.
  2. Prompt action now also minimises the risks of later, expensive changeovers completed under time pressure.

Our C5 attestation journey

We have completed the full C5 certification process, which runs from planning to audit preparation and culminates in a successful certification. We learned a lot on this journey:

  1. Which steps are especially time-consuming
  2. Where pitfalls can trap the unwary
  3. How to approach realistic time and HR resource planning

Most important of all:
Completing this journey is a challenging but achievable goal – if properly prepared for.

Our practical guide: a first-hand perspective on the essentials

To help you get up to speed with the topic, we have compiled all of our key insights into a compact, practical guide: ‘Your Journey to a C5 Attestation’.

What the guide includes:

  1. An overview of BSI requirements
  2. A practical roadmap for your C5 project
  3. Tips for internal preparation
  4. Hints on typical stumbling blocks and how to avoid them

Fill out the form now to receive the practical guide with all the important tips.

Summary: act now to pave the way towards secure cloud usage

Far from being just another piece of red tape, C5 attestation forms the cornerstone of establishing trust and security in the cloud. Companies who are early C5 adopters will secure key benefits:

  1. Faster approval processes
  2. Greater customer confidence
  3. Improved data security – especially for sensitive health and social data

Take your first steps with the help of our guide and gain a decisive competitive edge for your organisation.

Stay informed

Formcentric is available in three different products. We will answer your questions about the product at any time.

Contact
TÜV Nord logo with the reference to ISO/IEC 27001, which states that we are ISO 27001 certified.
The 'Software Made in Germany' logo features color accents in black, red and gold, giving it an official look.
The 'Software Made in Germany' logo features color accents in black, red and gold, giving it an official look.