<h1 class="heading-style-h1"><span class="text-color-secondary">C5 </span>Compliance with Zero Effort</h1>

C5 is the standard that proves your cloud is secure enough for regulated German and European workloads. With Kertos, you implement and monitor the C5 criteria efficiently and reach your attestation faster — with expert auditors and automation working side by side.

All Quiet
AskUI
Augmented Industries
Blacklane
Bugshell
Cert Hub
Contract Hero
Deeploi
Emidat
Finmid
Enpal
Gaia
Flink

COO

C5 for cloud service providers

C5 (Cloud Computing Compliance Criteria Catalogue) was published by Germany's Federal Office for Information Security (BSI) and defines the minimum requirements for secure cloud computing. For providers selling to the public sector, finance, and healthcare, a C5 attestation is increasingly the precondition for doing business in Germany.

Meet the security baseline German enterprises and regulators expect from cloud providers

Cover both technical and organizational requirements across 17 areas

Win regulated workloads — including health data — that require a C5 Type 2 attestation

Featured Image

COO

Automated, audit-ready C5 compliance

The Kertos platform streamlines the road to your C5 attestation through automation. Identify relevant assets, run your risk management, and collect evidence continuously — while certified experts guide you from preparation through to the auditor's report.

Automated asset inventory and data discovery across your cloud environment

Structured risk management aligned to the C5 requirement areas

Continuous evidence collection that keeps you ready for Type 2 testing

Featured Image
Integrations

Over 100 integrations for seamless data transfer

VMware Cloud
Hibob
Darwinbox
Re:amaze
Deel
ChartHop
Intercom
UKG Pro
Microsoft Outlook
Gusto
Zoho People
Gladly
Altera Payroll
Hexnode
ManageEngine
TESTIMONIALS

What our customers say

Compliance that convinces: Whether B2C, B2B, startup, or scaleup, Kertos is the right solution for companies looking to grow quickly.

Adrian Kapsalis
Adrian Kapsalis
CEO of Kyon Energy

“Adapts to our changing needs”

Kertos adapts to our changing needs so we can focus on growing our business.

Claudio Kusnitzoff
Claudio Kusnitzoff
Teamlead Online Product, Wellster Healthtech

“Reclaim valuable time”

With Kertos' access management solution, we can efficiently automate the tracking and documentation of access to our protected systems. This gives us valuable time that we can invest in developing our own product.

Dr. Lukas Pfahlsberger
Dr. Lukas Pfahlsberger
Co-Founder & CEO
No items found.

"Compliance as a Competitive Advantage"

Using Kertos is a major advantage for us in the sales process because it allows us to be faster. Critical questions regarding IT security, compliance, and GDPR are essentially pre-empted by referring to our Kertos Trust Center. This boost in customer confidence has paid dividends so far.

Ferdinand Schmidt-Thomé
Ferdinand Schmidt-Thomé
Co-Founder, Aware

“Flexible and scalable solution for GDPR compliance”

As a health-tech company that deals with sensitive customer data, we have found a flexible and scalable solution to comply with the GDPR in Kertos. It strengthens the trust of our customers, sets new standards through automation, and the support team is consistently responsive and reliable when it comes to urgent concerns — Kertos is therefore the all-in-one solution that really pays off for us.

Florian Fesch
Florian Fesch
Co-Founder, Tech & Product

“Sustainably optimizing internal processes”

Kertos enabled us to significantly accelerate the complex ISO 27001 certification process and sustainably improve our internal workflows. The intuitive platform, combined with extensive automation, provided substantial relief—truly a game-changer for growing companies with high security requirements.

<h2 class="heading-style-h2">Ready to make your<span class="text-color-secondary"> cloud C5 attestation-ready</span>?</h2>

CTA Image
KNOWledge

Discover our resources

Find useful whitepapers, videos, and practical tools that help you efficiently achieve your compliance goals.

No items found.
FAQ

Frequently asked questions

Information about the Kertos compliance platform

What is C5 and why is it important?

C5 (Cloud Computing Compliance Criteria Catalogue) is a security standard published by Germany's Federal Office for Information Security (BSI). It defines the minimum requirements for secure cloud computing and has become the reference point German enterprises and regulators use to evaluate cloud providers.

Is C5 a certification?

No. C5 results in an attestation, not a certificate. An independent auditor examines your controls against the C5 criteria and issues a report under the ISAE 3000 / IDW PS 860 standard — comparable in form to a SOC 2 report.

What is the difference between a C5 Type 1 and Type 2 attestation?

A Type 1 attestation confirms your controls are appropriately designed at a single point in time. A Type 2 attestation goes further and tests whether those controls operated effectively over a period of typically 6 to 12 months. Type 2 is what regulated customers usually expect.

What does C5 cover?

C5:2020 comprises 121 criteria across 17 requirement areas — from information security management, HR and physical security to cryptography, identity and access management, incident and change management, business continuity, and supply chain security.

How does C5 relate to ISO 27001 and SOC 2?

C5 overlaps substantially with both. Many providers maintain combined reports, and controls you already run for ISO 27001 or SOC 2 can be reused for C5 — which is exactly what the Kertos platform does for you.

How does Kertos help me prepare for a C5 attestation?

Kertos maps the 121 C5 criteria to your existing controls, automates evidence collection and monitoring, and pairs you with certified experts who guide you from preparation through to the auditor's report.

Do you have any more questions?

Our team is happy to assist you with any questions regarding our platform, different frameworks, and your compliance.

Ask now

📅 Schedule Your 5min Compliance Check

Please enter your business email to continue. We require a company email address to ensure we can best serve your organization.

📞 5min Compliance Check