With immediate effect, TÜV Informationstechnik GmbH (TÜViT) and FIDES Treuhand GmbH & Co. KG Wirtschaftsprüfungsgesellschaft (FIDES) will collaborate in conducting audits in accordance with the C5 catalog of the BSI. This partnership combines the auditing procedure model of the renowned auditing company FIDES with the know-how of TÜViT, which is accredited in the ISMS sector. As the C5 catalog covers different ISMS standards, the certified IT security service provider will be able to provide the company with optimum support when conducting audits in the future.
The Cloud Computing Compliance Controls Catalog, C5 for short, combines, among other things, the auditing requirements from the international auditing standard ISAE 3000 and the national standard PS 951 of the Institut der Wirtschaftsprüfer in Deutschland e.V. with the technical requirements from e.g. DIN/EN ISO 27001 and the BSI - IT Baseline Protection. According to the requirements of the Federal Office for Information Security (BSI), the implementation and certification of cloud solutions according to the C5 should be performed by an auditor such as FIDES.
First published in 2016, the C5 catalog has meanwhile established itself as the national and international security standard for the Cloud industry. The criteria catalog is used by cloud computing providers to implement and evaluate their own structures. In this context, it defines a security level for cloud services which, according to the BSI, represents the minimum level of IT security required. At the same time it offers C5 users the opportunity to evaluate and select from the cloud services on offer. The result of the audit is a C5 certificate for the security and monitoring measures of the provider, which confirms their adequacy and effectiveness. The C5 catalog is now available in the current 2020 version, which includes requirements derived from the EU Cybersecurity Act.
Federal agencies, among others, also benefit from an audit, as they can prove that they suitably fulfill the basic requirements of C5 when using external cloud services. However, other cloud users can also receive an objective assessment by an independent third party in the form of a C5 audit. As a result, audits carried out in accordance with the C5 catalog establish a high level of overall trust in the cloud computing provider and help to ensure greater transparency.
Interested parties can now have the relevant audits carried out by the expert team consisting of FIDES and TÜViT.
About FIDES
FIDES is one of the leading auditing and consulting firms in Germany. In addition to its headquarters in Bremen, founded in 1919, the company has branches in Hamburg, Hanover, Bremerhaven, Osnabrück, Rostock and Berlin. 35 partners serve medium-sized companies, groups of companies, companies of public interest and public enterprises as well as non-profit organizations throughout Germany. FIDES operates with an interdisciplinary approach in the fields of auditing, tax law, IT and business consulting. FIDES works in cooperation with the law firm Nölle und Stoevesandt. Currently more than 300 employees, including over 100 auditors, tax advisors, lawyers and IT consultants, work for FIDES.
About TÜVIT
TÜV Informationstechnik GmbH focuses solely on security in information technology and, as an independent testing service provider for IT security, is an international leader. Numerous corporations already benefit from the TÜVIT-tested security. Its portfolio includes cyber security, software and hardware evaluation, IoT/Industry 4.0, data protection, ISMS, Smart Energy, mobile security, automotive security, eID and identity verification services as well as the testing and certification of data centers for physical security and high availability. TÜV Informationstechnik, founded in 1995 and headquartered in Essen, Germany, is a member of the TÜV NORD GROUP, one of the world's largest technology service providers with over 10,000 employees and business activities in 70 countries worldwide.