In response to the ever-growing need to consider information security in the cloud computing world, the C5 Attestation or Cloud Computing Compliance Criteria Catalogue, was published. The program is a baseline of security controls that was developed by the Federal Office for Information Security in Germany, BSI.
With the C5 security controls baseline cloud service providers (CSPs) are able to better develop transparent and trusted relationships between themselves and their cloud customers. The catalogue of controls pulls from internationally recognized standards such as International Organization for Standardization (ISO) 27001, ISO 27002, and ISO 27017, as well as the Cloud Control Matrix (CCM) of the Cloud Security Alliance (CSA).
This combination of standards is what makes Schellman a turnkey solution to achieving your C5 attestation with our depth of experience within the ISO standards as well as our work with the CSA.
Schellman performs a “Type 1” C5 examination when management requires a report on the fairness of presentation of the CSP’s system and the suitability of the design of controls as of a specified date.
A “Type 2” C5 examination is performed when management requires a report on the fairness of presentation of the CSP’s system and the suitability of the design and operating effectiveness of controls over a period of time.
Schellman was founded solely to meet an untapped need in performing high-quality attestation examinations. Our personnel meet the qualifications outlined by BSI that include: