SOC 2 Type 2, BSI C5 Type 2 prove IT security efficiency

Confirmation of effective information security measures

For customer transparency and confidence, KISTERS undergoes information security audits. The company seeks attestation such as System and Organisation Controls 2 (SOC 2) Type 2 from the American Institute of Certified Public Accountants, Chartered Institute of Management Accountants (AICPA-CIMA). It also seeks conformity with Cloud Computing Compliance Criteria Catalogue (C5) from Bundesamt für Sicherheit in der Informationstechnik (BSI), the German Federal Office for Information Security.

Independent assessments are increasingly significant for companies offering cloud services. As a IT services supplier to energy and water industries, KISTERS successfully demonstrates compliance with SOC 2 Type 2 and BSI C5 Type 2 criteria for KISTERScloud services in a combined audit.

KISTERS fulfilled SOC 2 Type 1 criteria at a certain point in time. Type 2 designation means the firm has consistently implemented measures for information security and data protection for an entire year.

“Independent testing according to SOC 2 and C5 complements our ISO 27001 certification, in place since 2017. This represents continuous improvement of our information security,” explains Dr. Heinz-Josef Schlebusch, Chief Information Security Officer of the KISTERS Group. “Type 2 attestation confirms the effectiveness of our measures.”

Klaus Kisters, CEO of the KISTERS Group elaborates, “IT security and data protection are our top priorities. Third-party attestations and certifications in accordance with internationally recognised regulations make our cost-intensive security measures tangible for our customers. They strengthen trust in KISTERS as their IT service provider. At the same time they help fulfil (customers’) regulatory requirements.”

Strict IT security criteria fulfilled

The SOC 2 attestation proves KISTERScloud services fulfill Trust Services Criteria (TSC): security, availability, processing integrity, confidentiality, and data protection. The company takes extensive and appropriate measures to control data security, protect customer data from unauthorized access, detect anomalies and security incidents, and uphold availability of IT systems to the required extent.

Compliance with BSI minimum requirements for cloud service providers proves that operational processes are checked and monitored, appropriate security precautions are in place for the IT infrastructure, and customer-owned data are reliably available and usable.