Proving cloud security to German customers and regulators
What it is
C5 is a cloud assurance framework developed by the German Federal Office for Information Security (BSI) used to demonstrate how cloud services are secured, governed, and operated. While ISO 27001 provides an excellent security foundation, C5 takes compliance a step further by demanding strict transparency regarding data location, system logging, and government data-access protocols.
When to use it
Use this add-on when enterprise customers, rigorous regulators, or European buyers expect cloud-specific security assurance beyond a standard ISO 27001 certificate. It has become a mandatory expectation for doing business in Germany and the wider DACH region, particularly within highly regulated sectors like finance, healthcare, and public services.
What it adds
It seamlessly connects the demanding BSI criteria directly to your ISO 27001-based ISMS, allowing you to manage premium cloud assurance without building or maintaining a separate compliance silo. This add-on upgrades your Instant 27001 system to be completely audit-ready by providing:
- One unified mapping table covering the 6 core general conditions of the C5 framework.
- 17 comprehensive mapping tables that link all 121 individual C5 compliance criteria straight to your existing ISO controls.
- Full digital integration featuring active hyperlinks within every mapping table that connect directly to the corresponding policy and control pages inside your Instant 27001 environment.
Relevant for
- Cloud service providers
- Hosting providers
- SaaS companies serving regulated customers
- Organizations that need cloud-specific trust assurance
Pricing
€ 1 495
All prices are excluding applicable taxes and subscription fees for Confluence, Microsoft 365 or ISOPlanner.