What is BSI C5?

C5 is an attestation scheme whose cloud computing compliance criteria catalogue (C5) defines a baseline security level for cloud computing initially introduced by The Federal Office for Information Security in Germany (BSI Germany) in 2016.

BSI C5 evalutation are based on a criteria catalogue setting a baseline security level for cloud services. It aims at illustrating information security in a transparent way based on a standardized examination and report.

A C5 attestation report provides information about the security of a cloud service, which is based on a standardized examination and report. The C5 criteria are designed for cloud services that are not specifically regulated. The attestation report is only one part of the risk assessment. Customers evaluate such reports within their own risk analysis. The C5 report is used by cloud service providers, customers and auditors. All three share the responsibility for establishing and maintaining information security. It is not a legal requirement for cloud customers to use a cloud service provider with a C5 attestation.


Who created C5?

The BSI - Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security), the technical authority for Germany and a centre of excellence for IT security in the field of cyber and information security.

Download additional compliance reports from the Exoscale compliance center.


Contact our Compliance Team

A doubt? Unsure if we comply to a specific regulation not listed here?

Contact our Compliance Team and let us know your requirements. It may be covered by other certifications or regulations we comply to.