This website uses cookies to make the content more user-friendly and effective. By using this website, you agree to the use of cookies. You can find additonal information about the use of cookies and the possibility of objecting to the use of cookies here.

8 - 10 October 2019 // Nuremberg

Supporting Programme 2018

back to day overview
I10 - Forum International in hall 10.1

it-sa insights: BSI C5: The Game Changer in Cloud Compliance Attestation Vortragssprache Englisch

This it-sa insight provides an overview of the Cloud Computing Compliance Controls Catalogue (C5). The C5 has been developed by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) with support of PwC Germany in 2016. The presentation will outline the benefits for cloud providers which adopt the C5, elaborate on the C5’s objectives as well as its criteria and depict the adoption approach. Furthermore, it will be shown which prerequisites cloud providers have to meet and how a C5 attestation seamlessly integrates with other compliance audits, such as AICPA SOC 2.

German authorities are required to only use public cloud services which hold a C5 attestation. Cloud providers of any size adopted the C5 and also cloud users picked it up, rapidly. Hence, the C5 has paved its way into the private sector as for cloud users it is an ideal instrument which supports cloud provider selections by providing insights into the control over operation processes. The fulfilment of the C5 criteria is tested by a third party (audit firms) and creates a high level of both assurance and transparency. In addition, many Internal Audit units apply the C5 in internal assessments and perform supplier audits along its criteria.

The C5 integrates several, internationally established compliance schemes such as CSA CCM, IAASB ISAE 3402 and AICPA SOC 2 or ISO/IEC 27001 etc. It is structured into 17 domains containing 114 basic and 52 optional criteria to which the cloud provider’s technical and organisational safeguards (controls) are matched. Furthermore, 4 innovative parameters for transparency require additional information on e.g. location of data storage and processing, jurisdiction or investigatory powers of and data disclosure duties towards government agencies.

--- Date: 11.10.2018 Time: 10:00 AM - 10:20 AM Location: Forum I10 - International

Main speaker


Andreas Schippling

Senior Consultant/Risk Assurance Solutions / PwC...


The selected entry has been placed in your favourites!

If you register you can save your favourites permanently and access all entries even when underway – via laptop or tablet.

You can register an account here to save your settings in the Exhibitors and Products Database and as well as in the Supporting Programme.The registration is not for the TicketShop and ExhibitorShop.

Register now

Your advantages at a glance:

  • Advantage Save your favourites permanently. Use the instant access – mobile too, anytime and anywhere – incl. memo function.
  • Advantage The optional newsletter gives you regular up-to-date information about new exhibitors and products – matched to your interests.
  • Advantage Call up your favourites mobile too! Simply log in and access them at anytime.