Successful attestation according to SOC 2 / BSI C5

Information security audits provide transparency and reassurance to our customers and partners. We are therefore very pleased to have successfully demonstrated compliance with the SOC 2 Type 1 audit criteria of the AICPA (American Institute of Certified Public Accountants) and the Cloud Computing Compliance Criteria Catalogue (C5) of the BSI (German Federal Office for Information Security) in a combined audit at the beginning of October. These certifications have become a requirement in many tenders and are also checked during vendor audits.

With the SOC 2 certificate, we prove that our KISTERScloud services meet the requirements of the five Trust Services Criteria (TSC): security, availability, processing integrity, confidentiality and data protection. This means, among other things, that as a service provider we take comprehensive and appropriate measures to control data security, to protect customer data from unauthorised access, to detect anomalies and security events and, last but not least, to ensure the required availability of our systems.

At the same time, we were able to demonstrate that we meet the BSI’s minimum requirements for cloud service providers (C5). This ensures, among other things, that operational processes are controlled and monitored, that the IT infrastructure of KISTERScloud Services is appropriately secured, and that customer data is reliably available and usable.

The independent certification of the criteria catalogues according to SOC 2 and C5 complements our certification according to the international standard ISO 27001, which has been in place since 2017, and represents another important step in the continuous improvement of our information security.