C5

Demonstrate secure cloud infrastructure with C5 attestation 

A commonly recognized compliance standard for cloud service providers (CSPs) is the Cloud Computing Compliance Criteria Catalogue or C5. Achieving C5 attestation is essential for security-conscious CSPs operating in Germany that want to demonstrate their commitment to security to clients and customers.  

By embracing C5, organizations trading in the German market can establish a foundation for secure cloud services, improve their security posture, and gain a competitive edge in the market.

Contact A-LIGN to learn more about C5 attestation. 

Badge C5 Dark Background 1 0

Processing health data using cloud computing?

In the context of the new German regulations for processing health data using cloud computing, cloud service providers must obtain a C5 certificate to demonstrate they meet these stringent security standards. 

This ensures that health data is processed securely, aligning with the new legal requirements to protect sensitive information. 

Benefits of C5 attestation: 

  • By complying with the C5 requirements, CSPs can demonstrate a high level of security maturity and gain a competitive advantage in the market. 
  • Provides a comprehensive framework of standard security controls for CSPs providing cloud services. 
  • Increased trust with customers through meeting C5’s high security standards. 

C5 offerings tailored to your specific needs

C5 attestation
SOC 2 + C5 readiness assessment
SOC 2 + C5 attestation with ISAE 3000 integration

C5 attestation provides a comprehensive framework of standard security controls for CSPs. A-LIGN is permitted to issue C5 attestation via the AT-C 105 and 205 attestation standard, which is approved by the German Government. Particularly, A-LIGN uses the SOC 2 framework to collect/review evidence and conduct testing.

SOC 2 + C5 readiness assessment

There’s over 80% overlap in the requirements to obtain a SOC 2 attestation and a C5 attestation. A-LIGN can help you understand the requirements, assess your current status, and identify potential gaps. This is a good place to start, if you’re looking to obtain both a SOC 2 and C5 attestation. After the readiness assessment is completed, your team will have a roadmap to follow that can make the final examination easier for all parties involved.

SOC 2 + C5 attestation with ISAE 3000 integration

Whether a readiness assessment is needed or not, full compliance should be achieved via a SOC 2 plus C5 attestation with the ISAE 3000 integration. The engagement can be completed as a Type 1, attesting to the design of the C5 control set, or a Type 2, testing the design, implementation, and operating effectiveness of the organization’s controls as they meet the SOC 2 and C5 criteria. 

 

Screenshot 2024 10 10 at 4.36.05 PM

Why perform a SOC 2 assessment?

The SOC 2 framework provides a clear roadmap to achieving C5 compliance, with over 80% overlap between SOC 2 and C5. Furthermore, SOC 2 is an internationally recognized standard that helps demonstrate to both regulators and customers that your organization has a robust cybersecurity posture, validated by a trusted third party.

An ISAE 3000 integration further extends your international reach without significant extra work. 

CONTACT US

Why A-LIGN

17.5k+ SOC assessments completed
96% client satisfaction rating
5.7k+ global clients
400+ global auditors

It’s one thing to claim that we’re secure, but validation from a third-party independent certification body like A-LIGN really showcases that we’re serious about security and that it’s important to us.”

Erika Fry

Director of IT at Boomi

We struck gold by choosing to work with A-LIGN and I plan to continue for the next 10+ years. Working with A-LIGN is a no brainer and my first choice for every type of audit they offer!”

Scott Stuart

Director of Information Security at LinenMaster

A-LIGN did a phenomenal job and I was incredibly impressed with the auditing process. Their auditors made it easy for us and Solera has become A-LIGN’s biggest fan!”

Bruce Hoffman

Chief Compliance Officer at Solera Health

Having an assessor like A-LIGN, who can crosswalk multiple frameworks, has been a huge time saver for us. Utilizing evidence across various audits has been phenomenal as we continue to add requirements to our stack.”

Bridget Wilson

SVP of Governance, Risk & Compliance at Network Coverage

As a fast-growing technology company, we take security extremely seriously. It’s in our minds every day to build a secure software.”

Matti Lehmus

CTO at IDR
A lign Convergence background

Get started with A-LIGN

Are you ready to start your compliance journey? A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.