C5-GERMANY
German BSI cloud compliance catalogue.
Definition
C5 v2020 contains 110+ criteria for security, organisation, data protection, supply chain. C5 Type 1: point-in-time ; C5 Type 2: over 6-12 months. Audit by external auditor (KPMG, EY, BDO, Datev). C5-attested CSPs: AWS (Frankfurt + Frankfurt zone), Azure (Germany West Central), Google Cloud europe-west3.
Origin
Published by BSI in 2016 ; v2020 revision in 2020.
Example in context
A German federal administration requires C5 Type 2 for its cloud HR SaaS.
Related terms
- ENS Spain — Spain equivalent.