Genesys Cloud certified according to BSI Cloud C5
The Criteria Catalogue C5 (Cloud Computing Compliance Criteria Catalogue) specifies minimum requirements for secure cloud computing and is primarily aimed at professional cloud providers, their auditors and customers.
The C5 criteria catalog was published for the first time in 2016 by the German Federal Office for Information Security (C5:2016) and has successfully established itself on the market in recent years: To the BSI's knowledge, more than a dozen test certificates have already been issued for national, European and global cloud providers as well as a wide range of cloud services. In the meantime, there are also medium-sized and smaller providers using the catalog. The C5 provides cloud customers with important guidance for selecting a provider. It forms the basis for being able to carry out a customer's own risk management.
In 2019, the C5 was fundamentally revised to address current developments and further enhance quality (C5:2020).
In addition to countless updates and improvements, the following key points were added:
- The new C5 implements the general requirements of the EU Cybersecurity Act (EUCA). The European regulation describes requirements for IT products and services that are certified according to an EUCA-compliant procedure. These requirements have been incorporated into the C5:2020 and summarized in the new domain Product Security.
- In the secure use of cloud services, the interface between cloud provider and cloud user plays an important role. The C5:2020 introduces "corresponding criteria" that the cloud customer has to fulfill at the interface to the cloud service in order to play its part in the shared responsibility for security.