Proving cloud security to German customers and regulators
C5, short for Cloud Computing Compliance Criteria Catalogue, is a framework developed by the German Federal Office for Information Security (BSI). It sets out clear, audit-ready requirements for cloud service providers and customers, focusing on transparency, data security, and legal compliance. C5 has become a key expectation for doing business in Germany, especially in regulated sectors like finance, healthcare, and government services.
While ISO 27001 forms a strong foundation, C5 takes things a step further by demanding more specific controls around cloud transparency, data location, logging, and government access. That is why Instant 27001 offers a dedicated C5 add-on. It builds on your existing ISMS and ensures that you meet the C5 requirements without duplicating effort or managing separate frameworks.
This add-on is designed for cloud-focused companies looking to earn trust in the German market and beyond. It helps you align with customer expectations, prepare for C5 audits, and demonstrate a strong cloud security posture.
Benefits
The C5 add-on maps the C5 criteria to ISO 27001 and Annex A controls.
- Contains 1 mapping table for the 6 general conditions
- Contains 17 mapping tables for the 121 criteria
- Each mapping table contains active hyperlinks to the relevant pages in Instant 27001
Pricing
€ 1 495
All prices are excluding applicable taxes and subscription fees for Confluence, Microsoft 365 or ISOPlanner.