SOC 2 Type 2, BSI C5 Type 2 prove IT security efficiency

Confirmation of effective information security measures

For transparency and confidence of customers and partners, KISTERS undergoes information security audits. In particular the company has sought to earn attestations such as System and Organisation Controls 2 (SOC 2) Type 2 from the American Institute of Certified Public Accountants and the Chartered Institute of Management Accountants ((AICPA-CIMA) and conformity with the Cloud Computing Compliance Criteria Catalogue (C5) from Bundesamt für Sicherheit in der Informationstechnik (BSI), which is the German Federal Office for Information Security. These independent assessments are becoming increasingly significant for companies that offer cloud services.

As a IT services supplier to the energy and water industries, KISTERS successfully demonstrated compliance with both the SOC 2 Type 2 and BSI C5 Type 2 criteria for KISTERScloud services in a combined audit.

The SOC2 “Type 2” designation means KISTERS fulfilled the Type 1 criteria at a certain point in time. Moreover, the company has consistently implemented the measures for information security and data protection for an entire year.

“Independent testing of criteria according to SOC 2 and C5 complements our ISO 27001 certification, which has been in place since 2017. They represent another important step in the continuous improvement of our information security,” explains Dr. Heinz-Josef Schlebusch, Chief Information Security Officer of the KISTERS Group. “The Type 2 attestation confirms the effectiveness of our measures.”

Klaus Kisters, CEO of the KISTERS Group elaborates, “IT security and data protection are our top priorities. Third-party attestations and certifications in accordance with internationally recognised regulations make our cost-intensive security measures tangible for our customers. They strengthen trust in KISTERS as their IT service provider. At the same time they help them to fulfil their own regulatory requirements for information security.”

Strict IT security criteria fulfilled

The SOC 2 attestation proves that KISTERScloud services fulfil the requirements of the five Trust Services Criteria (TSC): security, availability, processing integrity, confidentiality, and data protection. Extensive and appropriate measures are being taken to control data security, to protect customer data from unauthorised access, to detect anomalies and security incidents, and to uphold the availability of the IT systems to the required extent. Compliance with the German federal offices’ minimum requirements for cloud service providers proves that operational processes are checked and monitored, appropriate security precautions are in place for the IT infrastructure, and customer-owned data are reliably available and usable.